IBM provides unmatched global coverage and security awareness, with thousands of experts who provide security services every day for clients. IBM has 10 security research centres, 10 security operations centres and 14 security development laboratories worldwide. We also have more than 1,000 security patents. Additionally, we manage tens of thousands of security devices for thousands of clients worldwide. Our systems monitor 15 billion network events for our clients each day across 133 countries.
The managed SIEM team is responsible for the installation, configuration, management and ongoing tuning of SIEM platforms, predominantly IBM's Qradar platform, across multiple IBM client environments.
As a SIEM engineer you will be responsible for all technical aspects of administering SIEM systems for our clients including all associated software support and first touch hardware support on SIEM appliances. You will not be required to monitor or respond to the security or reporting output of the SIEM systems as this is managed by a separate 24 x 7 SIEM analyst team. You will work with internal folks plus directly with IBM customers to provide continual correlation rule tuning, incident classification and prioritization recommendations then create, modify and tune the system to the required specifications. This will include reporting and compliance requirements.
To be successful in this role you need excellent problem solving skills, excellent written and oral communication skills, good attention to detail. A solid foundation of IT skills. Plus, experience with at least one of the major vendor SIEM products listed in Gartner's SIEM leaders magic quadrant. Obviously, we will give strong preference to candidates with IBM Qradar experience, also preference will be given to candidates with Splunk experience. Finally, a strong background in UNIX/Linux administration will be given preference also.
Required Technical and Professional Expertise
- 2 years working experience with a major vendor SIEM product either as a SOC Analyst or as a SIEM Admin.
- 3 years working in IT security role of any kind.
- Solid foundation in networking (TCP/IP and OSI layers, network routing & switching protocols).
- At least 3 years support experience with at least 2 of the following:
- Intrusion Detection/Prevention
- Operating Systems, LINUX, UNIX, Microsoft etc.
- Direct Customer Service
Preferred Tech and Prof Experience
- At least 2 years SIEM administration experience in an enterprise environment.
- Strong IBM Qradar and / or Splunk skills.
- Strong understanding of security postures/policies.
- Strong knowledge of Security terminologies.
- Experience automating tasks using commonly used scripting languages for UNIX/Linux platforms.
- Strong IT configuration and policy management experience on any platform.
- Able to create high quality Security Analysis reports pertaining to event data.
- High degree of analytical ability and creativity.
- Demonstrated ability to work under pressure.
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
Back to top