IBM Security Information and Event Management (SIEM) Correlation Engineer in United States

Job Description

IBM Security is focused on developing top talent and industry leading skills. IBM believes in career growth and flexibility.

Engage with the biggest companies, go up against the most sophisticated security challenges and connect with talented and creative minds. What makes security so exciting is that it's never static. Techniques that worked last year no longer work, which makes a role with IBM Security essential, fast paced and exciting.

IBM Security Business Unit in Nordic is looking for a SIEM Correlation Engineer to support a variety of exciting projects across all industry sectors. The SIEM Engineer role calls for a proven record in the industry with experience in one or more areas of SIEM Tools. The SIEM Engineer will act as subject matter expert in the area of SIEM and is responsible for hands on implementation of the QRadar SIEM solution.

The SIEM Engineer has following responsibilities:

  • creates, modifies and tunes the system rules to adjust the specifications of alerts and incidents.

  • creates scheduled reports, integration of the SIEM with multiple systems and on-boarding of the log sources,

  • ensures conversion and configuration of the use cases to SIEM rules.

  • performs maintenance and administration (software updates, troubleshoot issues etc.) of the SIEM components

  • contributes in reqiurement gathering, PoCs during sales process

The SIEM Engineer will work with customer's or IBM's designated personnel to provide continual correlation rule tuning, prioritization recommendations, report query adjustments, and various other configuration activities in order to help customer fully optimize the SIEM system capabilities.

Projects are based across the Nordic countries, often on client premises, so the ability and willingness to travel is an essential requirement.

Work placement: on of the Nordic countries. Ideally you are fluent in the language of the country in which you are located.

Are you our next Security colleague? Apply now with your CV and cover letter!

Required Technical and Professional Expertise

  • Has at least 4-5 years of experience in supporting security technologies of which 1-2 years of SIEM related experience

  • Has in depth knowledge of SIEM and its ability to integrate and absorb data form associated security technologies and it's role in a Security Operations Center.

  • Has in depth knowledge of TCP/IP communication and flow (netflow) technologies

  • Has demonstrated hands on experience on QRadar SIEM deployment, configuration and maintenance is highly desired.

  • Has experience of integrating the SIEM with other systems (Vulnerability scanner, AD, etc.)

  • Has experience of on-boarding of the log sources

  • Has experience and capability of translating business driven Use case to SIEM rules on the QRadar

  • Has knowledge to create High Level Design and Low Level Design for SIEM solutions

  • Has working knowledge of the Unix and Windows platforms

Preferred Tech and Prof Experience

  • SIEM (QRadar) certification is preferred

  • Experise in Security Operations Center environment covering people, process & technology components

  • Knowledge and work experience using ITIL

  • Good documentation, communication and presentation skills

  • Work experience in complying to regulatory requirements

EO Statement

IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.