17 Ibm Qradar Jobs

SOC Analyst / Security Engineer - Vacancies for FRESHERS (Level-1 / Those who completed the courses or learnt on their own) & EXPERIENCED (Level-1 & Level-2 / Those who have experienced in Cyber Security Domain only) SOC Analyst / Security Engineer who is familiar or interested to work with Windows, Linux, and cloud environments technical skills. Any courses/certification like CompTIA Security+, GSEC, EC-Council Certified SOC Analyst (CSA), Microsoft SC-200(Security Operations Analyst Associate), Cisco Cyber Ops Associate, Splunk Core Certified User / Analyst are preferable. Responsibilities Capable of understanding the training & Nature of works on Job Responsibilities. Monitor and assess alerts generated by security monitoring systems such as SIEMs and EDR platforms. Analyze logs, network activity, and endpoint behavior to detect suspicious or malicious activity. Execute initial incident triage and escalate complex threats to senior teams as needed. Collaborate with internal teams on containment, eradication, and recovery processes. Maintain detailed records of security events and actions taken in internal tracking systems. Continuously fine-tune detection rules and alert thresholds to improve incident accuracy. Stay informed on the latest tactics, techniques, and procedures (TTPs) used by threat actors. Support proactive initiatives like threat hunting and vulnerability assessments. Contribute to red/blue team simulations and post-incident reviews. Help develop and refine operational playbooks and standard response workflows. Capable for Rotational shifts (Morning / Forenoon / Evening / Night) as its 24 X 7 organization & Adoptable for the working environment & Night Shifts. Maintain the System Security, identify threats and install / configure Software. Solid grasp of network protocols, endpoint defenses, and common attack vectors. Familiar with one or more SIEM solutions (e.g., Splunk, Sentinel, QRadar). Comfortable navigating both Windows and Linux environment. knowledge of cloud platforms & Malware analysis is a plus. Understanding of TCP/IP, DNS, HTTP, and common attack vectors Understanding of cybersecurity frameworks such as MITRE ATT&CK or NIST. Strong Interpersonal and Oral/Non-Oral English Communication skills to Handle Chats & Mails if needed. 1 to 3 years of experience in a SOC or technical security role is an added advantage. To be Sincere and Honest towards the Job Responsibilities. Perks and Benefits Other Allowances Negotiable Based on Availability & Experience. For clarification Contact - HR +91 87543 01002 jobs@oryon.in

Managed Services SOC Manager Job Summary: The Security Operations Center (SOC) Security L-2 Analyst serves in a SOC team, is responsible for conducting information security investigations as a result of security incidents identified by the Level-1 security analysts who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone). The L2 SOC Security Analyst is expected to have a solid understanding of information security and computer systems concepts and should be ready to work in shifts. An engineer in this position act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Job Description : Responsible for conducting information security investigations as a result of security incidents identified by the Level 1 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone), Act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Should have experience in Developing new correlation rules & Parser writing Experience in Log source integration Act as the lead coordinator to individual information security incidents. Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Center. Document incidents from initial detection through final resolution. Participate in security incident management and vulnerability management processes. Coordinate with IT teams on escalations, tracking, performance issues, and outages. Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats. Communicate effectively with customers, teammates, and management. Prepare Monthly Executive Summary Reports for managed clients and continuously improve their content and presentation. Provide recommendations in tuning and optimization of security systems, SOC security process, procedures and policies. Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures. Follow ITIL practices regarding incident, problem and change management. Staying up-to-date with emerging security threats including applicable regulatory security requirements. Maintain an inventory of the procedures used by the SOC and regularly evaluate the SOC procedures and add, remove, and update the procedures as appropriate Publish weekly reports to applicable teams Generate monthly reports on SOC activity Secondary skills like AV, HIPS, DCS, VA/ PT desirable Required Technical Expertise Must have experience in SIEM Management tool (QRADAR) Should have certifications like, ITIL, CCNA, CEH, VA (Product) Certification, CISM Process and Procedure adherence General network knowledge and TCP/IP Troubleshooting Ability to trace down an endpoint on the network, based on ticket information Familiarity with system log information and what it means Understanding of common network services (web, mail, DNS, authentication) Knowledge of host based firewalls, Anti-Malware, HIDS General Desktop OS and Server OS knowledge TCP/IP, Internet Routing, UNIX / LINUX & Windows NT

1. SIEM Administration and Engineering Oversee the installation, configuration, and maintenance of IBM Qradar. Develop and implement SIEM architecture and engineering strategies. 2. Rule & Use Case Development Design, implement, and optimize custom rules, searches and dashboards. Develop and maintain advanced use cases for threat detection and incident response 3 . Incident Response and Forensics Lead the investigation of complex security incidents escalated by L1 & L2 analyst. Perform deep-dive analysis of security events and conduct forensic investigations 4. Performance and Optimization Monitor and manage the performance QRadar environment. Conduct regular health checks and audits to ensure optimal SIEM Performance. 5. Collaboration and Mentoring Work closely with SOC analysts, IT, and security teams to enhance detection capabilities. Providing training and mentorship to L1 & L2 analysts on QRadar functionalities and best practices. 6. Documentation and Reporting Develop and maintain comprehensive documentation for SIEM configurations, procedures, and incident responses. Generate detailed reports and metrics on SIEM performance and security incidents. 7. Continuous Improvement Stay updated with the latest security trends, vulnerabilities, and technologies. Contribute to the development of security policies, standards, and guidelines. Preferred Mumbai/Pune based candidates ONLY.

Network Security Engineer L3: JD: Must have : 8+ years of 24*7 Production support experience in managing complex network infrastructure across different hardware platforms supporting global customers. 8+ years of Exp in Firewalls (Palo Alto, FortiGate, WAF) 6+ Years of Exp in Routing & Switching (Cisco, HPE) 4+ years of Exp in Load balancers Radware/ F5 4+ years of Exp in Cisco ACI 2+ years of Exp in Wireless Network (Aruba) 2+ years of Exp in DNS Proxy/SASE (Zscaler/Cisco/Netskope/Forti) Handson experience on Forti Manager, Forti Analyzer, Forti Authenticator Implementation and configuration experience on WAF Configure and Troubleshoot skills on Cisco ISE Able to Handle BCP Drills, experience in Designing Networks for New sites and Network Migrations Good to have: Understanding on Cloud Networks -AWS, Azure. IBM QRadar SIEM Knowledge on SOC Tools used for VA and PT Personal Attributes Self-starter - highly motivated and able to work productively with minimal guidance Strong team player with ability to deal with pre-defined timelines Should be able to prioritize tasks Should have the ability to deliver high quality services under aggressive release schedules. Role & responsibilities: Responsible to understand the customer expectations & need, then define the network & security requirements 24x7 rotational on-call support, including escalation to Emergency Response Team (ERT), driving Root Cause Analysis (RCA), Preventative action follow-through, and participation in weekly operations reviews. Will be a part of the Project execution team & Network Operations team Provide Quick resolution during Major Issues Responsible for Network & Security Evaluation & Proposals Analyse network and recommends upgrades/changes; assesses organization's current and future network need Preparing the Project Schedule for network activity. Participation in all on-going Network infrastructure initiatives including: Firmware/IOS upgrades, Hardware Technology Refreshes, Security hardening and Enterprise Monitoring process improvements. Implement Network security policies and procedures, in line with Clients objectives. Create and Maintain detailed up to date technical documentation (e.g. standards, process, Run Books) Candidates matching above requirement, can share CVs at sandhya.dhand@kfintech.com

Job Description: 5+ years of experience in Security Operations Center and Threat Hunting. Develop and refine threat hunting techniques and tools. Experience in monitoring and alert handling in QRadar SIEM. In-depth knowledge of advanced persistent threats (APTs) and attack vectors. Collaborate with threat intelligence teams to integrate new threat data into hunting processes. Security incident handling and reporting. Experienced in EDR alert analysis, preferably Sentinel One. Preferred candidate profile Bachelor's degree in computer science, Information Security, or related field. Should be flexible to work in 24/7 rotational shifts. Should possess good communication skills.

About the Role We are seeking a skilled SIEM Administrator to manage and optimize different SIEM solutions. The ideal candidate will be responsible for system administration, log integration, troubleshooting, Deployment, Implementation and maintaining security posture for the organization. Key Responsibilities SIEM Administration: Install, configure, maintain, and upgrade SIEM components. (IBM Qradar SIEM, DNIF, Splunk & Securonix). Log Management: Onboard, parse, and normalize logs from various data sources (firewalls, servers, databases, applications, etc.) Custom log source integration and parser development. System Monitoring & Troubleshooting: Ensure SIEM tools are functioning optimally. Monitor & regular health check perform for SIEM tools. troubleshoot system errors and resolve performance issues. Conduct regular performance tuning and capacity planning Perform root cause analysis for system failures & performance issues. Optimize system performance and storage management for SIEM Integration & Automation : Integrate third-party security tools (firewalls, EDR, threat intelligence feeds) with SIEM. Compliance & Audits: Ensure log retention policies comply with regulatory standards. Develop & enforce SIEM access controls & user roles/permissions. Documentation & Training: Document system configurations, SOP’s & troubleshooting documents. Prepare monthly/ weekly reports and PPT, onboarding documentation as per business/ client requirement. Dashboard & Report Development: Create & maintain custom dashboards & reports Optimize searches & reports for performance and efficiency. Other Knowledge Base: Hands on experience with Linux OS & Windows OS Basic to mediator level knowledge in networking skills Should be familiar with Azure, AWS or GCP products Required Skills & Qualifications: B.E/B.Tech degree in computer science, Cybersecurity, or related field (preferred). 1-3 years experience as Soc Admin Strong knowledge of SIEM architecture, log sources, and event correlation. Proficiency in log management, regular expressions, and network security concepts. Experience integrating SIEM with various security tools (firewalls, IDS/IPS, antivirus, etc.). Scripting knowledge (Python, Bash, or PowerShell) is a plus. Training or Certificate on Splunk or IBM Qradar Preferred. Soft Skills: Strong analytical and problem-solving skills. Excellent communication and documentation abilities. Ability to work independently and in a team. Must Have Skills: Hands-on experience with SIEM tools like IBM QRadar, Splunk, Securonix, LogRhythm, Microsoft Sentinel, DNIF etc. Proficiency in IBM Qradar & Splunk administration Configuring, maintaining, and troubleshooting SIEM solutions. Log source integration, parsing, and normalization. Strong knowledge of TCP/IP, DNS, HTTP, SMTP, FTP, VPNs, proxies, and firewall rules. Familiarity with Linux and Windows system administration.

Candidate will be part of the Cyber Defence Group responsible for Implementing and maintaining SIEM for our customers. Candidate will be responsible for understanding the customer requirement, design, Develop and implement scalable SOC management solution (SIEM) for the customer Collaborate with customer team to define and establish logging standards to address specific customer mandated requirements Collaborate with key stakeholders at customer side as well as the SOC team to develop use cases to address specific business needs Lead Log onboarding from customer applications into the SIEM platform Develop connectors / parsers to index and normalize raw logs in the SIEM solution Implement and configure SOAR platform Create reporting templates to meet the requirements of our customers Who are we looking for? This is a technical role in our group and hence we are looking for someone who has 5+ years of experience in implementing and maintaining either PaloAlto Cortex XSIAM or IBM Qradar SIEM Solution. Should have hands on experience in cloud based integration and deployment. You should know any scripting language, preferably Python. Experience deploying and managing a large SIEM deployment in an enterprise or managing a MSSP platform for multiple customers. You should have strong understanding of security concepts, network protocols, application logging models You should have advanced knowledge on use case creation, parser development You should have in-depth understanding of events alerts reported by various data sources such as Windows/Unix systems, applications, databases, and network devices. You should at the minimum possess Vendor specific SIEM certification. You should have at least any of the following certification: RHCE or CCNA or CEH or MCSE If you are interested, please share your updated resume to asampta.zephrin1_ext@ltts.com

Hiring for SOC Analyst in one of our Top Banking company @ Chennai & Hyderabad location Job Title: SOC Analyst Experience : 6 - 9 Years Department: Cybersecurity / Information Security Location: Chennai & Hyderabad Employment Type: Hybrid Mode - 3 days WFO and 2 days WFH . Job Summary: We are seeking a skilled and detail-oriented Security Operations Center (SOC) Analyst to join our cybersecurity team. The SOC Analyst will be responsible for monitoring, detecting, analyzing, and responding to cybersecurity incidents using a variety of tools and techniques. This role is critical to maintaining and improving our organization's security posture by ensuring real-time threat detection and incident response. Key Responsibilities: Monitor security alerts and events from SIEM tools (e.g., Splunk, QRadar, Microsoft Sentinel). Analyze and triage events to determine impact and severity. Investigate security incidents and provide incident reports with detailed analysis. Escalate validated threats and vulnerabilities to the appropriate teams and assist in mitigation efforts. Coordinate with IT teams to ensure containment, eradication, and recovery actions are taken for confirmed incidents. Perform threat intelligence analysis to support proactive detection and defense. Document incident handling procedures and maintain an incident knowledge base. Participate in continuous improvement of SOC operations, including playbooks and automation. Stay current on the latest cybersecurity trends, threats, and tools. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field; or equivalent work experience. 13 years of experience in a SOC or information security role. Experience with SIEM platforms, IDS/IPS, firewalls, and endpoint protection tools. Understanding of TCP/IP, DNS, HTTP, VPN, and network protocols. Knowledge of common threat vectors, MITRE ATT&CK framework, and kill chain. Strong analytical and problem-solving skills. Excellent communication skills and ability to work under pressure. Preferred Qualifications: Certifications such as CompTIA Security+, CEH, GCIA, GCIH, or Splunk Certified Analyst. Experience with scripting (e.g., Python, PowerShell) for automation. Familiarity with cloud security monitoring (e.g., AWS GuardDuty, Azure Defender). Exposure to incident response frameworks and forensic tools. Work Schedule: [24x7 shift-based / Regular business hours / On-call rotation as applicable]

We are seeking a talented and highly motivated Microsoft Sentinel SIEM Engineer to join our Dedicated Defense group. As a key member of our team, you will be responsible for deploying and maintaining Microsoft Security technologies to enhance threat detection, response, and overall security posture. This is an exciting opportunity for an individual with expertise in major SIEM technologies, aiming to help safeguard critical systems and data from evolving cyber threats. Responsibilities: Architect, deploy, and maintain Microsoft Sentinel for SIEM use cases including log ingestion, data normalization, and incident correlation. Manage and optimize Microsoft Defender for Endpoint, Identity, Cloud, Office 365, and other Defender tools to maximize protection and visibility. Develop custom queries,detection rules, workbooks, and automation playbooks to improve threat detection and response efficiency. Lead the design and implementation of security monitoring, including data connectors, analytics rules, and incident automation. Collaborate with threat analysts and incident response teams to triage, investigate, and respond to security alerts and incidents. Provide technical guidance in security best practices, incident response procedures, and threat hunting using Microsoft security tools. Continuously assess the security landscape and recommend improvements to policies, tools, and configurations. In addition to strong technical acumen, the ideal candidate will bring excellent communication and client-facing skills to collaborate directly with customers, understand their security needs, and deliver tailored solutions that align with their risk posture and compliance requirements. Outcomes: Integration & Optimization: Integrate and optimize Microsoft Sentinel to improve visibility and automate threat detection workflows Threat Detection: Utilize Microsoft Sentinel AI-powered analytics to dashboard reports and automate critical reporting functions Automation & Playbook Development: Develop automated detection and response playbooks based on Microsoft data feeds, streamlining incident management and reducing time to resolution. Collaboration & Knowledge Sharing: Work closely with other security and IT teams to share threat intelligence, optimize SIEM use, and contribute to security strategy development. Reporting & Documentation: Develop and maintain dashboards, reports, and documentation related to Microsoft Sentinel deployment, performance, and incident metrics. Continuous Improvement: Continuously evaluate Microsoft Sentinel capabilities and other relevant security tools to recommend improvements and refine detection capabilities. Required Qualifications: 5 years of SIEM experience in Splunk, Qradar, Microsoft, and comparable SIEMS Hands-on experience with other SIEM platforms (Splunk, IBM QRadar, Microsoft Sentinel, etc.) and integrating them with endpoint security tools. Strong understanding of cybersecurity principles, threat detection, and SIEM management. Experience working with Sentinel One Core EDR technology Proficiency in scripting and automation (Python, PowerShell, etc.). Experience with cloud security (AWS, Azure, GCP) and cloud-native SIEM solutions is a plus. Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience). Preferred Qualifications: 5 years of experience in cybersecurity in a SOC or security engineering capacity. Proven hands-on expertise with Microsoft Sentinel and Microsoft Defender suite. Deep knowledge of Kusto Query Language (KQL) and building custom analytics rules and workbooks in Sentinel. Strong experience in customer-facing roles. Experience with incident response, threat detection, and threat hunting techniques. Strong understanding of cloud security, especially in Azure environments. Familiarity with MITRE ATT&CK, NIST, and other security frameworks. Experience integrating Sentinel with third-party solutions (e.g., threat intel feeds, ticketing systems).

Job Description: Were searching for Senior Security Engineer to assist our 247 managed security operations center. This role is in Integration Department, responsible for the strategic, technical, and operational direction of the Integration Team Responsibilities: • IBM QRadar/ Sentinel / Datadog , Integration and content management, Event Collector deployment/upgradation. • Troubleshooting skills at all layers of OSI Model. • Onboard all standard devices to QRadar, such as Windows Security Events, Firewalls, Antivirus, Proxy etc. • Onboard non-standard devices by researching the product and coordinating with different teams. Such as application onboarding or onboarding new security products. • Developing and Deploying connectors and scripts for log collection for cloud-based solutions. • Detailed validation of parsing and normalization of logs before handing over to SOC team will be day to day Job. • Coordinate between customer and internal teams for issues related to log collection. • The engineer needs to make sure that various team have completed their tasks, such as log validation, Log Source Not Reporting (LSNR Automation), Content Management before the Log Source is in production. • Troubleshooting API based log sources. • Documentation of integrations and versioning Essential Skills: • Prior SIEM administration and integration experience ( QRadar , Splunk , Datadog , Azure Sentinel) • Network and Endpoint Device integration and administration . • Knowledge of Device Integration : Log , Flows collection • Knowledge of Regular Expression and scripting language (ex: Bash , Python , PowerShell ), API implementation and development. • Knowledge of Parser creation and maintenance . • Knowledge of Cloud technologies and implementation . • Excellent in verbal and written communication . • Hands on experience in Networking , Security Solutions and Endpoint Administration and operations. Additional Desired Skills: • Excel, formulation • Documentation and presentation • Quick response on issues and mail with prioritization • Ready to work in 24x7 environment Education Requirements & Experience: • BE/B.Tech, BCA • Experience Level: 3+Year

Diverse Lynx is looking for SOC Lead to join our dynamic team and embark on a rewarding career journey. Lead the SOC team and manage the organization's security operations Ensure that the SOC is staffed with skilled analysts and that the SOC team is executing their tasks efficiently and effectively Monitor and respond to security events and alerts to detect potential security incidents Manage security incidents and provide guidance on remediation Develop and maintain incident response plans and playbooks Collaborate with cross-functional teams to ensure security technologies, policies, and procedures align with business needs Develop and maintain security policies, standards, and procedures Conduct security awareness training for employees and contractors Experience with security information and event management (SIEM) tools such as Splunk or QRadar Excellent problem-solving and analytical skills Strong communication and interpersonal skills

Roles & Responsibilities: We are seeking an experienced Vulnerability Management Engineer to join our Security Operations team. The ideal candidate will be responsible for identifying, tracking, and remediating vulnerabilities across cloud and on-premises environments, while also supporting broader security operations initiatives. Vulnerability Remediation & Patch Management: Work with InfoSec and IT teams to coordinate and track the remediation of vulnerabilities across the organization. Provide hands-on support in implementing and verifying patches for critical vulnerabilities on Windows, Linux, and cloud systems. Coordinate with infrastructure and application teams to validate patch readiness, test deployments, and confirm successful remediation. Ensure timely resolution of high and critical vulnerabilities in line with internal SLAs. Reporting & Compliance: Create and maintain weekly remediation reports outlining prioritization, risk classification, remediation status, and compliance metrics. Develop dashboards, trackers, and compliance summaries using internal tools (e.g., Excel, Power BI, or ServiceNow). Track patch management lifecycle from detection to closure with detailed documentation and metrics. Security Operations Support: Continuously monitor security alerts and events via tools like QRadar SIEM, Palo Alto Cortex XDR, and others to identify indicators of compromise. Investigate and respond to security incidents, including endpoint and email threats, escalating as needed. Tune SIEM rules and threat detection logic to reduce false positives and improve response efficiency. Stay updated on emerging threats, vulnerability disclosures, and zero-day advisories to support proactive mitigation. Policy & Documentation: Maintain detailed documentation of vulnerability management procedures, remediation efforts, patch testing results, and lessons learned. Support compliance initiatives (e.g., ISO 27001, HIPAA, GDPR) by ensuring vulnerability data and remediation timelines meet audit requirements. Qualifications: Experience : 6+ years in a Security Operations or Vulnerability Management role. Education : Bachelor's degree in Computer Science, Information Security, or a related field. Certifications (preferred): CISSP, CEH, CISM, CompTIA Security+, or equivalent. Technical Skills : Experience with tools like IBM QRadar, Palo Alto Cortex XDR, Qualys/Tenable/Nessus. Familiarity with cloud security in Azure and Microsoft 365. Strong understanding of patch management, CVSS scoring, and vulnerability lifecycle. Soft Skills : Strong analytical and communication skills. Ability to work cross-functionally with IT and infrastructure teams. Adaptability to changing threat environments and security priorities. Nice to Have: Experience building Power BI dashboards or using reporting tools to visualize patch status. Familiarity with ServiceNow or other ITSM platforms for tracking remediation tasks.

Roles and responsibilities: Design & Implementation: Understand the customer requirement, Architect, Design and implement scalable SIEM solutions. Develop Design documentations HLD and LLD SIEM components Installation Configure SIEM platform as per best practices. SIEM Operations: Lead Log source onboarding activities Develop / tune parsers to normalize raw logs sent to SIEM solution Create reporting templates to meet customer requirements Configuration management User management activities Build integrations with upstream and downstream applications for Orchestration and automation of Security responses Platform troubleshooting activities / Work with OEM to fix product level issues Health Monitoring Use case Management: Collaborate with key stakeholders at customer side as well as the SOC team to develop use cases to detect cyber threats. Develop Rules / parsers / reference data / analytics to implement the use cases in SIEM platform. Continues Use case development, testing and tuning to ensure detection logic is relevant and false positive rate is reduced. Preferred Qualifications 6+ years of experience deploying and managing large SIEM deployment for enterprise customers or managing MSSP platforms. Preferred SIEM experience: Microsoft Sentinel & IBM QRadar Experience working in SOC analysis / Incident response teams. Strong understanding of cybersecurity technologies, protocols, and applications Strong knowledge in MITRE attack framework and expertise in developing detections based on the framework. QRadar administration / deployment professional certifications, Microsoft Sentinel certifications

About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. About the Role We are seeking a skilled SIEM Administrator to manage and optimize different SIEM solutions. The ideal candidate will be responsible for system administration, log integration, troubleshooting, Deployment, Implementation and maintaining security posture for the organization. Key Responsibilities SIEM Administration: Install, configure, maintain, and upgrade SIEM components. (IBM Qradar SIEM, DNIF, Splunk & Securonix). Log Management: Onboard, parse, and normalize logs from various data sources (firewalls, servers, databases, applications, etc.) Custom log source integration and parser development. System Monitoring & Troubleshooting: Ensure SIEM tools are functioning optimally. Monitor & regular health check perform for SIEM tools. troubleshoot system errors and resolve performance issues. Conduct regular performance tuning and capacity planning Perform root cause analysis for system failures & performance issues. Optimize system performance and storage management for SIEM Integration & Automation : Integrate third-party security tools (firewalls, EDR, threat intelligence feeds) with SIEM. Compliance & Audits: Ensure log retention policies comply with regulatory standards. Develop & enforce SIEM access controls & user roles/permissions. Documentation & Training: Document system configurations, SOP s & troubleshooting documents. Prepare monthly/ weekly reports and PPT, onboarding documentation as per business/ client requirement. Dashboard & Report Development: Create & maintain custom dashboards & reports Optimize searches & reports for performance and efficiency. Other Knowledge Base: Hands on experience with Linux OS & Windows OS Basic to mediator level knowledge in networking skills Should be familiar with Azure, AWS or GCP products Required Skills & Qualifications: B.E/B.Tech degree in computer science, Cybersecurity, or related field (preferred). 1-3 years experience as Soc Admin Strong knowledge of SIEM architecture, log sources, and event correlation. Proficiency in log management, regular expressions, and network security concepts. Experience integrating SIEM with various security tools (firewalls, IDS/IPS, antivirus, etc.). Scripting knowledge (Python, Bash, or PowerShell) is a plus. Training or Certificate on Splunk or IBM Qradar Preferred. Soft Skills: Strong analytical and problem-solving skills. Excellent communication and documentation abilities. Ability to work independently and in a team. Must Have Skills: Hands-on experience with SIEM tools like IBM QRadar, Splunk, Securonix, LogRhythm, Microsoft Sentinel, DNIF etc. Proficiency in IBM Qradar & Splunk administration Configuring, maintaining, and troubleshooting SIEM solutions. Log source integration, parsing, and normalization. Strong knowledge of TCP/IP, DNS, HTTP, SMTP, FTP, VPNs, proxies, and firewall rules. Familiarity with Linux and Windows system administration. Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you re passionate about technology and eager to make an impact, we d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.

Job Description: Candidate will be part of the Cyber Defense Group responsible for Implementing and maintaining SIEM for our customers. SME with sound knowledge in SIEM Engineering and SOC operations to provide governance support for customer from SOC perspective. Candidate will be responsible for understanding the customer requirement, design, develop and implement scalable SOC management solution (SIEM) for the customer. Collaborate with customer team to define and establish logging standards to address specific customer mandated requirements. Collaborate with key stakeholders at customer side as well as the SOC team to develop use cases to address specific business needs. Lead cloud-based SIEM deployments and onboarding cloud data sources. Develop connectors / parsers to index and normalize raw logs in the SIEM solution. Who are we looking for? This is a technical role in our group and hence we are looking for someone who has 5+ years of experience in implementing and maintaining either PaloAlto Cortex XSIAM or IBM Qradar SIEM Solution. Should have hands-on experience in cloud-based integration and deployment. Experience deploying and managing a large SIEM deployment in an enterprise or managing a MSSP platform for multiple customers. You should have strong understanding of security concepts, network protocols, application logging models. You should have advanced knowledge on use case creation, parser development. You should have in-depth understanding of events alerts reported by various data sources such as Windows/Unix systems, applications, databases, and network devices. You should at the minimum possess Vendor specific SIEM certification. You should have at least any of the following certification: RHCE or CCNA or CEH or MCSE

Managed Services SOC Manager Job Summary: The Security Operations Center (SOC) Security L-2 Analyst serves in a SOC team, is responsible for conducting information security investigations as a result of security incidents identified by the Level-1 security analysts who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone). The L2 SOC Security Analyst is expected to have a solid understanding of information security and computer systems concepts and should be ready to work in shifts. An engineer in this position act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Job Description : Responsible for conducting information security investigations as a result of security incidents identified by the Level 1 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone), Act as a point of escalation for Level-1 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques. Should have experience in Developing new correlation rules & Parser writing Experience in Log source integration Act as the lead coordinator to individual information security incidents. Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Center. Document incidents from initial detection through final resolution. Participate in security incident management and vulnerability management processes. Coordinate with IT teams on escalations, tracking, performance issues, and outages. Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats. Communicate effectively with customers, teammates, and management. Prepare Monthly Executive Summary Reports for managed clients and continuously improve their content and presentation. Provide recommendations in tuning and optimization of security systems, SOC security process, procedures and policies. Define, create and maintain SIEM correlation rules, customer build documents, security process and procedures. Follow ITIL practices regarding incident, problem and change management. Staying up-to-date with emerging security threats including applicable regulatory security requirements. Maintain an inventory of the procedures used by the SOC and regularly evaluate the SOC procedures and add, remove, and update the procedures as appropriate Publish weekly reports to applicable teams Generate monthly reports on SOC activity Secondary skills like AV, HIPS, DCS, VA/ PT desirable Required Technical Expertise Must have experience in SIEM Management tool (QRADAR) Should have certifications like, ITIL, CCNA, CEH, VA (Product) Certification, CISM Process and Procedure adherence General network knowledge and TCP/IP Troubleshooting Ability to trace down an endpoint on the network, based on ticket information Familiarity with system log information and what it means Understanding of common network services (web, mail, DNS, authentication) Knowledge of host based firewalls, Anti-Malware, HIDS General Desktop OS and Server OS knowledge TCP/IP, Internet Routing, UNIX / LINUX & Windows NT

Role & responsibil Key Responsibilities: SIEM Administration: Install, configure, maintain, and upgrade SIEM components. (IBM Qradar SIEM, DNIF, Splunk & Securonix) Log Management: Onboard, parse, and normalize logs from various data sources (firewalls, servers, databases, applications, etc.) Custom log source integration and parser development. System Monitoring & Troubleshooting: Ensure SIEM tools are functioning optimally. Monitor & regular health check perform for SIEM tools. troubleshoot system errors and resolve performance issues. Conduct regular performance tuning and capacity planning Perform root cause analysis for system failures & performance issues. Optimize system performance and storage management for SIEM Integration & Automation : Integrate third-party security tools (firewalls, EDR, threat intelligence feeds) with SIEM. Compliance & Audits: Ensure log retention policies comply with regulatory standards. Develop & enforce SIEM access controls & user roles/permissions. Documentation & Training: Document system configurations, SOPs & troubleshooting documents. Prepare monthly/ weekly reports and PPT, onboarding documentation as per business/ client requirement. Dashboard & Report Development: Create & maintain custom dashboards & reports Optimize searches & reports for performance and efficiency. Other Knowledge Base: Hands on experience with Linux OS & Windows OS Basic to mediator level knowledge in networking skills Should be familiar with Azure, AWS or GCP products Required Skills & Qualifications: Bachelors degree in computer science, Cybersecurity, or related field (preferred). Strong knowledge of SIEM architecture, log sources, and event correlation. Proficiency in log management, regular expressions, and network security concepts. Experience integrating SIEM with various security tools (firewalls, IDS/IPS, antivirus, etc.). Scripting knowledge (Python, Bash, or PowerShell) is a plus. Training or Certificate on Splunk or IBM Qradar Preferred. Soft Skills: Strong analytical and problem-solving skills. Excellent communication and documentation abilities. Ability to work independently and in a team. Must Have Skills: Hands-on experience with SIEM tools like IBM QRadar, Splunk, Securonix, LogRhythm, Microsoft Sentinel, DNIF etc. Proficiency in IBM Qradar & Splunk administration Configuring, maintaining, and troubleshooting SIEM solutions. Log source integration, parsing, and normalization. Strong knowledge of TCP/IP, DNS, HTTP, SMTP, FTP, VPNs, proxies, and firewall rules. Familiarity with Linux and Windows system administration.