6 Event Correlation Jobs

About the Role We are seeking a skilled SIEM Administrator to manage and optimize different SIEM solutions. The ideal candidate will be responsible for system administration, log integration, troubleshooting, Deployment, Implementation and maintaining security posture for the organization. Key Responsibilities SIEM Administration: Install, configure, maintain, and upgrade SIEM components. (IBM Qradar SIEM, DNIF, Splunk & Securonix). Log Management: Onboard, parse, and normalize logs from various data sources (firewalls, servers, databases, applications, etc.) Custom log source integration and parser development. System Monitoring & Troubleshooting: Ensure SIEM tools are functioning optimally. Monitor & regular health check perform for SIEM tools. troubleshoot system errors and resolve performance issues. Conduct regular performance tuning and capacity planning Perform root cause analysis for system failures & performance issues. Optimize system performance and storage management for SIEM Integration & Automation : Integrate third-party security tools (firewalls, EDR, threat intelligence feeds) with SIEM. Compliance & Audits: Ensure log retention policies comply with regulatory standards. Develop & enforce SIEM access controls & user roles/permissions. Documentation & Training: Document system configurations, SOP’s & troubleshooting documents. Prepare monthly/ weekly reports and PPT, onboarding documentation as per business/ client requirement. Dashboard & Report Development: Create & maintain custom dashboards & reports Optimize searches & reports for performance and efficiency. Other Knowledge Base: Hands on experience with Linux OS & Windows OS Basic to mediator level knowledge in networking skills Should be familiar with Azure, AWS or GCP products Required Skills & Qualifications: B.E/B.Tech degree in computer science, Cybersecurity, or related field (preferred). 1-3 years experience as Soc Admin Strong knowledge of SIEM architecture, log sources, and event correlation. Proficiency in log management, regular expressions, and network security concepts. Experience integrating SIEM with various security tools (firewalls, IDS/IPS, antivirus, etc.). Scripting knowledge (Python, Bash, or PowerShell) is a plus. Training or Certificate on Splunk or IBM Qradar Preferred. Soft Skills: Strong analytical and problem-solving skills. Excellent communication and documentation abilities. Ability to work independently and in a team. Must Have Skills: Hands-on experience with SIEM tools like IBM QRadar, Splunk, Securonix, LogRhythm, Microsoft Sentinel, DNIF etc. Proficiency in IBM Qradar & Splunk administration Configuring, maintaining, and troubleshooting SIEM solutions. Log source integration, parsing, and normalization. Strong knowledge of TCP/IP, DNS, HTTP, SMTP, FTP, VPNs, proxies, and firewall rules. Familiarity with Linux and Windows system administration.

IBM Consulting Overview In this role, you'll work in one of IBM Consulting Client Innovation Centers (Delivery Centers), where deep technical and industry expertise is delivered to a wide range of public and private sector clients globally. These delivery centers offer locally based skills and technical expertise to drive innovation and new technology adoption. Your Role and Responsibilities As a Senior SOC Analyst, you will be part of the 24/7 Cyber Fusion Center (CFC), responsible for monitoring, triaging, analyzing, and escalating incidents in a dynamic technology environment. Your role includes: Evaluating data collected from cyber operations tools (SIEM, IDS/IPS, firewalls, network traffic logs, cloud platforms, and SOAR solutions). Detecting and mitigating threats in both structured and unstructured situations. Conducting log, identity, cloud, network, and root cause analysis to improve security posture. Required Education Bachelor's Degree Preferred Education Master's Degree Required Technical and Professional Expertise Expertise in email security, system events, network events, and log analysis. Strong knowledge of TCP/IP network security, OS security, and modern attack techniques. Event analysis experience in AWS and Azure environments. Ability to characterize and analyze alerts to assess potential threats. Perform event correlation by gathering information from various sources to understand and determine attack patterns. Preferred Technical and Professional Experience Document and escalate events/incidents with potential impact on environments. Provide daily summary reports of cyber operations events and activity. Perform cyber operations trend analysis and reporting. Conduct high-quality triage and analysis for all alerts. Demonstrate effective written and verbal communication skills, engaging in team chats, calls, and in-person discussions. Constantly contribute to SOC runbooks/playbooks. Recommend improvements to automation, alert fidelity, and security controls. Experience with CyberArk, Azure SSO, and enterprise security technologies.

Key Responsibilities: As Tools SME Tools in SolarWinds Splunk Dynatrace Devpops tool will work on Design Setup and Configuration of Observability Platforms with Correlation Anomaly Detection Visualization and Dashboards AI ops Devops Tool Integration Collaborate with DevOps architects development teams and operations teams to understand their tool requirements and identify opportunities for optimizing the DevOps toolchain Evaluate and recommend new tools and technologies that can enhance our DevOps capabilities context considering factors like cost integration and local support Lead the implementation configuration and integration of various DevOps tools including CI CD platforms e g Jenkins GitLab CI Azure DevOps infrastructure as code IaC tools e g Terraform Ansible containerization and orchestration tools e g Docker Kubernetes monitoring and logging tools e g Prometheus Grafana ELK stack and testing framework Establish standards and best practices for the usage and management of the DevOps toolset Ensure the availability performance and stability of the DevOps toolchain Perform regular maintenance tasks including upgrades patching and backups of the DevOps tools Provide technical support and troubleshooting assistance to development and operations teams regarding the usage of the DevOps tools Monitor the health and performance of the toolset and implement proactive measures to prevent issues Design and implement integrations between different tools in the DevOps pipeline to create seamless and automated workflows Develop automation scripts and utilities to streamline tool provisioning configuration and management within the environment Work with development teams to integrate testing and security tools into the CI CD pipeline Technical Requirements: At least 6 years of experience in Solarwinds or Splunk or Dynatrace or Devlops Toolset Proven experience with several key DevOps tools including CI CD platforms e g Jenkins GitLab CI Azure DevOps IaC tools e g Terraform Ansible containerization Docker Kubernetes and monitoring tools e g Prometheus Grafana ELK stack Good level knowledge of Linux environment Good working knowledge on YAML and Python Good working knowledge in Event correlation and Observability Good Communication skills Good analytical and problem solving skills Additional Responsibilities: Besides the professional qualifications of the candidates we place great importance in addition to various forms personality profile These include High analytical skills A high degree of initiative and flexibility High customer orientation High quality awareness Excellent verbal and written communication skills Preferred Skills: Technology->Dynatrace->Digital Performance Management Tool,Technology->Infra_ToolAdministration-Others->Solarwinds,Technology->Infra_ToolAdministration-Others->Splunk Admin,Technology->DevOps->DevOps Architecture Consultancy

Introduction In this role, youll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology. In this role, youll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology. Your role and responsibilities Senior SOC Analyst works within the 24/7 Cyber Fusion Center (CFC). The role is responsible for monitoring, triaging, analyzing and escalating incidents and events in the technology environment. This Senior SOC Analyst will evaluate data collected from a variety of cyber operations tools (e.g., SIEM, IDS/IPS, Firewalls, network traffic logs, cloud platforms, and SOAR solutions to analyze events that occur within the environments for the purposes of detecting and mitigating threats in both structured and unstructured situations. Individuals in this role are proactive and well-versed in log, identity, cloud, network, and root cause analysis Required education Bachelors Degree Preferred education Masters Degree Required technical and professional expertise Senior SOC Analyst must have skills in email security, system event, network event, log analysis. Knowledge of common IT and security technology concepts with emphasis on TCP/IP network security, operating system security, modern attack and exploitation techniques is important. Experience conducting event analysis in AWS and Azure environments. Characterize and analyse alerts to understand potential and active threats. Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the nature and characteristics of events that could be an observed attack Preferred technical and professional experience Document and escalate events/incidents that may cause adverse impact to the environment. Provide daily summary reports of events and activity relevant to cyber operations. Perform Cyber Operations trend analysis and reporting. Perform high-quality triage and thorough analysis for all alerts. Demonstrate effective communication skills both written and verbal. Actively engage in team chats, calls, and face to face settings. Constantly contribute to SOC runbooks/playbooks Recommend improvements to automations, alert fidelity, and security controls. Preferred Experience: Experience / Knowledge in CyberArk, Azure SSO. Knowledge of enterprise web technologies, security, and cutting-edge infrastructures

About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. About the Role We are seeking a skilled SIEM Administrator to manage and optimize different SIEM solutions. The ideal candidate will be responsible for system administration, log integration, troubleshooting, Deployment, Implementation and maintaining security posture for the organization. Key Responsibilities SIEM Administration: Install, configure, maintain, and upgrade SIEM components. (IBM Qradar SIEM, DNIF, Splunk & Securonix). Log Management: Onboard, parse, and normalize logs from various data sources (firewalls, servers, databases, applications, etc.) Custom log source integration and parser development. System Monitoring & Troubleshooting: Ensure SIEM tools are functioning optimally. Monitor & regular health check perform for SIEM tools. troubleshoot system errors and resolve performance issues. Conduct regular performance tuning and capacity planning Perform root cause analysis for system failures & performance issues. Optimize system performance and storage management for SIEM Integration & Automation : Integrate third-party security tools (firewalls, EDR, threat intelligence feeds) with SIEM. Compliance & Audits: Ensure log retention policies comply with regulatory standards. Develop & enforce SIEM access controls & user roles/permissions. Documentation & Training: Document system configurations, SOP s & troubleshooting documents. Prepare monthly/ weekly reports and PPT, onboarding documentation as per business/ client requirement. Dashboard & Report Development: Create & maintain custom dashboards & reports Optimize searches & reports for performance and efficiency. Other Knowledge Base: Hands on experience with Linux OS & Windows OS Basic to mediator level knowledge in networking skills Should be familiar with Azure, AWS or GCP products Required Skills & Qualifications: B.E/B.Tech degree in computer science, Cybersecurity, or related field (preferred). 1-3 years experience as Soc Admin Strong knowledge of SIEM architecture, log sources, and event correlation. Proficiency in log management, regular expressions, and network security concepts. Experience integrating SIEM with various security tools (firewalls, IDS/IPS, antivirus, etc.). Scripting knowledge (Python, Bash, or PowerShell) is a plus. Training or Certificate on Splunk or IBM Qradar Preferred. Soft Skills: Strong analytical and problem-solving skills. Excellent communication and documentation abilities. Ability to work independently and in a team. Must Have Skills: Hands-on experience with SIEM tools like IBM QRadar, Splunk, Securonix, LogRhythm, Microsoft Sentinel, DNIF etc. Proficiency in IBM Qradar & Splunk administration Configuring, maintaining, and troubleshooting SIEM solutions. Log source integration, parsing, and normalization. Strong knowledge of TCP/IP, DNS, HTTP, SMTP, FTP, VPNs, proxies, and firewall rules. Familiarity with Linux and Windows system administration. Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you re passionate about technology and eager to make an impact, we d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation. AtAHEAD, we prioritize creating a culture of belonging,where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD. We are an equal opportunity employer,anddo not discriminatebased onan individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, maritalstatus,or any other protected characteristic under applicable law, whether actual or perceived. We embraceall candidatesthatwillcontribute to the diversification and enrichment of ideas andperspectives atAHEAD. The Event Manager is responsible for managing and optimizing event monitoring processes, focusing on alert tuning and correlation to enhance the efficiency and effectiveness of IT operations. This role plays a key part in ensuring that alerts are actionable, reducing noise, and improving response times. The Event Manager collaborates closely with IT teams, clients, and stakeholders to refine monitoring strategies and ensure alignment with business priorities. The ideal candidate has a strong background in IT event management, monitoring tools, and automation, with a keen focus on continuous improvement to drive operational excellence. Responsibilities: Strategic Planning Develop and implement strategies for alert tuning and event correlation to monitor new technologies, improve monitoring effectiveness and reduce unnecessary noise. Collaborate with clients to understand business requirements and ensure event management aligns with operational goals. Continuously evaluate and refine event management processes to improve response times and incident resolution. Optimization and Analysis Analyze client environments and monitoring data to identify patterns, redundancies, and inefficiencies in alerts. Optimize alert thresholds, rules, and correlation logic to ensure alerts are actionable and relevant. Partner with clients and internal teams to implement best practices for event management and monitoring. Leverage automation to improve event correlation and reduce manual intervention. Collaboration and Communication Work closely with IT service delivery teams to ensure proper integration and alignment of event management processes with broader IT operations. Act as a liaison between clients, monitoring teams, and leadership to communicate event management improvements and outcomes. Provide recommendations and updates to stakeholders on event optimization initiatives and their impact on service delivery. Operational Excellence Oversee the configuration and maintenance of monitoring tools to ensure optimal performance and alignment with client needs. Ensure adherence to ITIL principles and other relevant frameworks in event management processes. Develop and maintain documentation for event management workflows, alert tuning processes, and correlation strategies. Track and report on event management performance metrics, including alert volumes, false positives, and response times. Training and Enablement Provide training and guidance to internal teams and clients on event management best practices, tools, and processes. Foster a culture of continuous improvement and learning within the event management function. Desired Skills and Experience: 5+ years of experience in IT operations, event management, or monitoring systems, with a focus on optimizing alerts and event correlation. Strong understanding of monitoring tools, with experience in Elastic, LogicMonitor, or ServiceNow preferred . Experience with alert tuning, event correlation, and automation to optimize IT operations. Familiarity with ITIL and Service Management processes (e.g., incident, problem, change management). Strong analytical skills, with the ability to assess data and identify opportunities for improvement. Excellent communication and collaboration skills, with the ability to work effectively with clients and cross-functional teams. Experience with scripting or automation frameworks (e.g., Python, PowerShell) is a plus. Organizational skills, attention to detail, and the ability to manage multiple priorities simultaneously. A proactive mindset focused on problem-solving and driving continuous improvement. Why AHEAD: Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between. We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning. USA Employment Benefits include - Medical, Dental, and Vision Insurance - 401(k) - Paid company holidays - Paid time off - Paid parental and caregiver leave - Plus more! See benefits https://www.aheadbenefits.com/ for additional details. The compensation range indicated in this posting reflects the On-Target Earnings (OTE) for this role, which includes a base salary and any applicable target bonus amount. This OTE range may vary based on the candidates relevant experience, qualifications, and geographic location.