Security Specialist - Infrastructure Security

• Work experience - 5+ Years
• Proactively lead and support incident response team during an incident.
• Experience in advance investigation, triaging, analysis and escalation of security incidents with recommendations
• Hands-on basic experience with configurations and management of SIEM tools(Qradar) including log source integrations, custom parser built, fine tuning and optimizing the correlation rules and use cases recommendations Is MUST.
• Proven Experience on any of the Security information and event management (SIEM) tools using Qradar
• Data-driven threat hunting using SIEM, EDR and XDR tools
• Basic Experience is SOAR tools such as Qradar Resilient, PaloAlto XSOAR
• Identify quick defence techniques till permanent resolution.
• Recognize successful intrusions and compromises through review and analysis of relevant event detail information.
• Review incidents escalated by Level 1 analysts.
• Launch and track investigations to resolution. Recognize attacks based on their signatures, differentiates false positives from true intrusion attempts.
• Actively investigates the latest in security vulnerabilities, advisories, incidents, and penetration techniques and notifies end users when appropriate.
• Identify the gaps in security environment & suggest the gap closure
• Drive & Support Change Management
• Performs and reviews tasks as identified in a daily task list.
• Report Generation and Trend Analysis. Participate in the Weekly and Monthly governance calls to support the SOC metrics reporting
• Good to have hands on experience with managing SIEM solutions on public/private clouds like Amazon AWS, Microsoft Azure, etc.
• Willing to work in 24x7 rotational shift model including night shift.

• Identify & investigate the security incidents
• Identify the security gaps and drive for closure through Change Mgmt
• Monitor the security logs /alerts from various devices and escalate/investigate the incident
• To explore different security technologies available in the market
• Install Build, Test, and Configure SIEM related systems
• Maintain security dashboards
• Coordination with internal customers for their security related problems and providing solutions.
• Create and manage the SOPs, runbooks and Asset inventory with risk classification
• Handle L2 and above level technical escalations from L1 Operations team and resolve within SLA.
• Work closely with L1 team members to provide quick support & escalation.
• Train other analysts in their role and responsibilities

• You’ll have access to all the technical and management training courses you need to become the expert you want to be.
• Our team leads love to mentor in case of technical difficulty.
• You have the opportunity to work in many different areas to figure out what really excites you

• Hands-on experience required in Qradar SIEM and SOAR.
• Desired experience in Threat hunting, Threat intelligence.
• Worked on tools belongs to Qradar, UEBA, UAX.
• Must have desire to learn or cross skill with new technologies.
• Must be able to work in morning, evening, and night shifts (24*7) - Mandatory.
• Bachelor’s degree in engineering/information security, or a related field.
• Relevant certifications such as CEH, CISSP, CISM, CompTIA CASP+, or equivalent.
• Proven experience to work in a SOC environment.
• Deep technical knowledge of security technologies and advanced threat landscapes.
• Proven experience in managing and responding to complex security incidents.
• Strong analytical and problem-solving skills.
• Excellent communication and collaboration abilities.
• Ability to work in a fast-paced, dynamic environment.

• None

IBM