The preferred location for this position is an IBM office in one of the following areas, however, we may consider working remotely:
San Jose, CA
Research Triangle Park, NC
IBM Cloud Operations Services (SOS) team is looking for additional team members to assist in our growing demand for services across multiple IBM offerings. Candidate should be a motivated team player with strong desire for standardization and automation. The SOS team is designed to solve the most common security and availability requirements of Cloud applications. SOS helps teams standardize on a common set of tools, providing efficiency of costs and capabilities. Our services are developed to support a diverse set of delivery environments of varying sizes including cloud, co-locations, and managed service deployments. The goal of SOS is to provide a common view across IBM Cloud offeringsQRadar Systems Administrators assist users in finding the proper balance between security and controls vs. business risk, keeping in mind the relation to the users organization, culture and ecosystem.Typical examples of the deliverables include:
Log source classification
Network hierarchy identification and creation
Security Information and Event Management (SIEM) rule creation and refinement
Asset classification models
Risk analysis reports
Information security policies
Security solution scenarios
Security effectiveness evaluation reports
Security awareness workshops
Owning installation and management of QRadar infrastructure (Red Hat Enterprise Linux (RHEL) images for QRadar SIEM).
Sizing of QRadar event collector images at offering sites (bare metals and/or virtuals).
Management of "QRadar Appliance" builds.
Co-ordinate extensively with networking teams to maintain and establish communication to remote QRadar Collectors/Processors.
Work with business units to ensure they know what and how to feed data into QRadar.
Work with business units to create network hierarchy, building blocks, classify Log Sources within the QRadar SIEM.
Work with teams tuning the QRadar application to suppress or alert on false positive security events.
Closely work with offering teams on implementation and growth planning for installations of event processors/collectors.
Break-fix triage, resolution and restoration of service for QRadar application and event collector images.
At least 2 years Proficiency with Q1 QRadar SIEM in a role that had similar key responsibilities as above
At least 3 years’ experience Linux Operating System (OS) Administration
At least 3 years’ experience Transmission Control Protocol / Internet Protocol (TCP/IP) - possesses fundamentals such as the various Open System Interconnection (OSI) layers)
Routing protocols and technologies
Security technologies and best practices
Scripting and automation skills (Bash, Perl, etc.)