SOC Admin Qradar

Job Description

SIEM Admin -

Exp Range : 3 -5 yrs

Roles & Responsibilities:

1. Develop and implement new correlation rules, detection
logic, and alerts based on client -specific security requirements and emerging
threat intelligence.

2. Continuously fine -tune existing rules to reduce false
positives, improve detection accuracy, and align with evolving business and
compliance needs.

3. Configure and maintain SIEM data ingestion pipelines,
ensuring accurate parsing and normalization of logs from diverse sources.

4. Manage and update device configurations, data source
settings, and field mappings to ensure consistent and reliable log ingestion.

5. Perform daily, weekly, and monthly health checks of the
SIEM infrastructure, including log ingestion status, storage utilization, and
system performance.

6. Create and maintain Standard Operating Procedures (SOPs)
for SIEM administration, ensuring operational consistency and faster issue
resolution.

7. Apply software patches, updates, and version upgrades for
QRadar and Microsoft Sentinel in accordance with vendor guidelines and change
management policies.

8. Conduct periodic configuration reviews and cleanup to
maintain system efficiency and performance.

9. Design, develop, and deploy custom parsers to handle
non -standard or proprietary log formats.

10. Test and validate custom parsers to ensure proper field
extraction, normalization, and mapping for accurate analysis.

11. Work closely with SOC analysts, threat hunters, and
incident response teams to enhance detection capabilities.