IBM QRadar SIEM - Systems Administrator in Raleigh, North Carolina

The preferred location for this position is an IBM office in one of the following areas, however, we may consider working remotely:

  • San Jose, CA

  • Littleton, MA

  • Rochester, MN

  • Research Triangle Park, NC

  • Austin, TX

  • Dallas, TX

IBM Cloud Operations Services (SOS) team is looking for additional team members to assist in our growing demand for services across multiple IBM offerings. Candidate should be a motivated team player with strong desire for standardization and automation. The SOS team is designed to solve the most common security and availability requirements of Cloud applications. SOS helps teams standardize on a common set of tools, providing efficiency of costs and capabilities. Our services are developed to support a diverse set of delivery environments of varying sizes including cloud, co-locations, and managed service deployments. The goal of SOS is to provide a common view across IBM Cloud offeringsQRadar Systems Administrators assist users in finding the proper balance between security and controls vs. business risk, keeping in mind the relation to the users organization, culture and ecosystem.Typical examples of the deliverables include:

  • Log source classification

  • Network hierarchy identification and creation

  • Security Information and Event Management (SIEM) rule creation and refinement

  • Asset classification models

  • Risk analysis reports

  • Information security policies

  • Security solution scenarios

  • Implementation plans

  • Security services

  • Organization models

  • Procedures

  • Security services

  • Security effectiveness evaluation reports

  • Security awareness workshops

Key Responsibilities:

  • Owning installation and management of QRadar infrastructure (Red Hat Enterprise Linux (RHEL) images for QRadar SIEM).

  • Sizing of QRadar event collector images at offering sites (bare metals and/or virtuals).

  • Management of "QRadar Appliance" builds.

  • Co-ordinate extensively with networking teams to maintain and establish communication to remote QRadar Collectors/Processors.

  • Work with business units to ensure they know what and how to feed data into QRadar.

  • Work with business units to create network hierarchy, building blocks, classify Log Sources within the QRadar SIEM.

  • Work with teams tuning the QRadar application to suppress or alert on false positive security events.

  • Closely work with offering teams on implementation and growth planning for installations of event processors/collectors.

  • Break-fix triage, resolution and restoration of service for QRadar application and event collector images.


  • The schedule for this position is flexible to be either 1st shift or 2nd shift (4:00/6:00PM to 12:00/2:00AM)


  • At least 2 years Proficiency with Q1 QRadar SIEM in a role that had similar key responsibilities as above

  • At least 3 years’ experience Linux Operating System (OS) Administration

  • At least 3 years’ experience Transmission Control Protocol / Internet Protocol (TCP/IP) - possesses fundamentals such as the various Open System Interconnection (OSI) layers)

  • Routing protocols and technologies

  • Security technologies and best practices

  • Windows/Unix-specific networking

  • Scripting and automation skills (Bash, Perl, etc.)

Cloud Development