SOC ADMIN C2H POSITION IN IBM

Job Description

Payroll-IT SOURCECLIENT-IBMPROJECT CLIENT-HDFCLOCATION-MUMBAIC2H POSITIONHIRING FOR SOC ADMIN - Q RADAR ADMIN AND Q RADAR ARCHITECTURECSOC Roles & ResponsibilitiesSOC System Administration1Service RequirementAdministration and maintenance of SOC Infra/Systems deployed in the Bank.The Systems include1) QRadar Devices/Servers ~ 25 Physical Machines + 43 VMs. (Required till phasing-out)2) Securonix Devices/Servers ~ 70 nos.3) Threat Intelligence Platform (TIP) Devices/Servers ~ 26 VMs.1.1Coverage
• Coverage for SOC System Administration : 24x7x365 on-site Coverage.
1.2Qualifications
• Resource Qualifications: B. Tech / B.E. or equivalent Degree or above in the field of CS/IT
• Resource Experience: Min 3 Years in SIEM implementation and administration/management.
1.3Roles & Responsibilities
1. Daily Checklist/Dashboard for SOC Systems/Infra Health Monitoring. i.e. (CPU Utilization, Memory Utilization and HDD Space, TI feeds status etc.)
2. Publish SIEM EPS Consumption Dashboard (Weekly). Also suggest best practices for reduction of EPS consumption, wherever possible.
3. Perform Health and Availability monitoring and notification of the Systems and resolve notification/Errors.
4. Perform Validation of successful configuration backup and log archival based on Bank policies.
5. Notify Banks senior stakeholders in case of any critical essential feed, process or service goes down from CSOC perspective.
6. Work on automation requirements through APIs. (Integrate SIEM, CA Service Desk, XSOAR, TIP etc.).
7. Rules management (Development, testing and change management) and baseline review for SIEM log sources.
8. Integrate supported/unsupported log sources in SIEM, in coordination with application team/ server team. Develop custom parsers for new custom applications & security devices to collect & analyse the logs, which are by default not supported by the SIEM.
9. Update Content / Reference sets on daily basis, depending on receiving the same from the authorized TI sources.
10. Integration of new Threat Intelligence Feed Sources.
11. Perform SIEM version & patch upgrades and perform required prechecks before initiating.
12. Performance Optimization i.e. Reduce Stored/Unknown events, Log Baseline review of high EPS log sources, Index Management for frequently search attributes, Review QID Mapping for custom parsers, Review and improve incomplete accumulations, Custom Event Properties Optimization, Custom Rules Tuning, Wincollect Profile Fine Tuning.
13. Troubleshooting of non-logging cases & coordination with relevant stake-holders for resolution.
14. Deletion / Clean-up/ Disabling unused integrated devices after duly approved CR/ Call ID.
15. Provide Audit evidences whenever required, after taking approval from Bank team.
16. Run vulnerability scanner (using QVM) and collect Vulnerability info for Bank Assets & Run Discovery scan to find rogue assets.
17. Follow approved Change/Release process to do changes in the infrastructure. Prepare Plan of action & roll-back for all the activities.
18. Periodic health checks (Quarterly) & prepare report along with remediation for all the findings.
19. User Access Management Activity (Monthly)/ User dormancy report creation.
20. Preparation of MBSS Document (Yearly).
21. Preparation of Capacity Management Document (Quarterly).
22. Prepare Non-logging bucketing report (Quarterly).
23. Network Hierarchy updating (bi-annually).
24. Preparation & Review of SOC infrastructure diagram (biannually) and update SOC Infra server inventory (Biannually).
25. Raise Ticket with respective OEM for issues observed in SOC infrastructure (Hardware & Software), Provide all the details of the issue, Upload logs requested by the support team and Follow-up with Support Team for closure of the tickets.
26. Manage/Track/Respond to Call IDs raised by various team for Troubleshooting Incident, Reference Set Update, Informational, Integration etc. and make sure they are closed without SLA breach.

Keyskills :
qradarqradar architecture