SIEM Administrator(Job No 997)

• Deploy, configure, maintain, and troubleshoot Splunk and QRadar instances.
• Manage log ingestion from diverse sources: firewalls, EDR, NDR, applications, cloud, and endpoint systems.
• Develop and maintain log parsing rules, custom parsers (QRadar DSMs), and field extractions (Splunk).
• Ensure log integrity, completeness, normalization, and compliance with retention policies.
• Monitor SIEM performance, storage, EPS (Events per Second), and health metrics.
• Tune correlation rules, alerts, and saved searches to reduce false positives.
• Maintain data lifecycle management—cold/hot/warm storage (Splunk) and retention buckets (QRadar).
• Work with SOC analysts and threat hunters to implement and test detection use cases.
• Enable custom dashboards and visualizations to support proactive threat detection.
• Support integration with SOAR platforms and ticketing tools (e.g., FortiSOAR, Remedy).
• Manage version upgrades and patching of Splunk/QRadar platforms and supporting components.
• Perform regular system backups and contribute to disaster recovery (DR) planning and testing.
• Maintain architecture diagrams, deployment documentation, and configuration baselines.
• Assist in generating compliance and audit reports (e.g., DESC, ISO 27001, NESA).

Requirements:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 3–5 years of experience as a SIEM Administrator or SIEM Engineer.
• Proven hands-on experience with both Splunk and QRadar in enterprise or SOC environments.
• Strong knowledge of syslog, regex, JSON/XML, APIs, and log formats.
• Familiarity with Splunk components (Indexer, Search Head, Heavy Forwarder, UF, ES) and QRadar components (Console, Event Collector, Event Processor).
• Experience with Windows/Linux systems, scripting (Python, Bash, PowerShell), and networking fundamentals.
• Understanding of MITRE ATT&CK, threat detection principles, and cyber kill chain.
• Splunk Certified Admin / Architect
• IBM QRadar Certified Deployment Professional
• CompTIA Security+, GSEC, or other relevant certs