2,293 Siem jobs in India

"Essential Job Functions:-
Individuals at this job are responsible for managing SIEM infrastructure like Microsoft Azure Sentinel and / or other SIEMs
Working knowledge of Microsoft Azure cloud platform, log analytics workspaces.
Excellent knowledge of KQL (Kusto Query Language).
Writing SIEM rules (Cross device and complex correlation) to implement detection in Microsoft Azure Sentinel and / or other SIEM.
Creating playbooks to implement SOAR in Microsoft Azure Sentinel.
Integration of log sources with Azure Sentinel and ArcSight.
Excellent knowledge of Logstash, ELK.
Creating and implementing logic apps in Azure Sentinel.
Creating workbooks to implement dashboards and apps.
Read coded scripts and modify and debug programs.
Develop custom parsers to parse logs from different sources including firewalls, operating systems, applications, etc.
Work on various operating systems and platforms."

Talent Worx is seeking an experienced SIEM Manager to oversee our Security Information and Event Management (SIEM) solutions and ensure the protection of our organization's information systems. In this role, you will be responsible for managing and enhancing the SIEM infrastructure, analyzing security events, and coordinating incident response efforts.

Your expertise will be crucial in developing strategies to detect, analyze, and respond to security threats and vulnerabilities. You will work closely with various teams to implement best practices in security monitoring and incident management.

Requirements

Key Responsibilities:

• Manage and optimize the SIEM environment to ensure effective monitoring and analysis of security events.
• Develop and implement security intelligence strategies to identify and respond to threats in real-time.
• Oversee incident response activities, including investigation, analysis, and remediation of security incidents.
• Collaborate with IT and security teams to establish security policies, procedures, and best practices.
• Conduct security assessments and audits to identify vulnerabilities and recommend improvements.
• Provide training and guidance to team members on SIEM operations and incident response.
• Prepare and present reports on security incidents and trends to management.

Required Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 5+ years of experience in security operations, with a focus on SIEM management.
• Strong knowledge of SIEM tools and technologies (e.g., Splunk, ArcSight, QRadar).
• Experience in incident response and threat intelligence.
• Familiarity with regulatory compliance standards (e.g., PCI-DSS, HIPAA, GDPR).
• Excellent analytical, problem-solving, and communication skills.
• Relevant certifications (e.g., CEH, CISSP, CISM) are a plus.

Benefits

Work with one of the Big 4's in India

Healthy work Environment

Work Life Balance

Hyderabad, Andhra Pradesh, India

Job Description:

1. Should have strong knowledge in Microsoft Sentinel SIEM engineering activities.
2. Should have performed SIEM engineering role more than 5 years.
3. Should have expertise in building custom analytical rules, tuning of analytical rules, building automation through logic apps, management of entire product feature, end to end configuration/administration.
4. Should have expertise in forming KQL queries and functions for complex detection and monitoring requirements.
5. Should have strong knowledge in MITRE attack framework and expertise in developing detections across framework.
6. Should have expertise in log management, retention configurations, maintenance of logs at low cost, performing access management, developing new custom dashboard based on different requirements.
7. Should have proven record of implementing Sentinel advanced features, efficient log collection mechanisms, deployment and maintenance of log forwarders, maintenance of local agents.
8. Should have expertise in integrating data sources which are not supported by Sentinel tool OOB. Custom parser development and ability to solve technical issues in Sentinel.
9. Should have ability to prepare and maintain policy and procedure documentations around SIEM technology, document life cycle management skill is required.
10. Should have expertise in consuming contents from content hub and management of log analytics workspace and ability to handle issues in MMA and AMA agents. (Hands-on in migrating agents from MMA to AMA will be added advantage)
11. Should have knowledge and experience in data transformation rules and data collection rules concepts in Sentinel.
12. Should have proven record of participation in customer or client reviews or global certifications regarding security controls in SIEM. Compliance and regulatory requirements understandings are good to have.
13. Should have ability to work with stakeholders to solve technical issues and must support and deliver complex business, security, and operational requirements.
14. Should have ability to work with vendor technical support group and driving issues towards effective and permanent closure.
15. Preference should be given for candidates completed expert training and certifications in Sentinel and Defender products of Microsoft.
16. Good to have strong knowledge in Microsoft Sentinel pricing, Microsoft defender products, Microsoft Cloud services and Azure Arc.

OTHER  

QUALIFICATIONS, EXPERIENCE AND SKILLS

Knowledge and Experience

Soft Skills

Technical Skills 

#LI-MP1

Role – Senior. SIEM Administrator - ELK

Responsibilities:

·    Configure, and maintain the SIEM platform (ELK)

·   Develop and fine-tune correlation rules, alerts, and dashboards to support SOC use cases. Onboard log sources from various platforms (Windows, Linux, cloud, network devices, applications).

·   Perform health checks, upgrades, and patch management of SIEM components.

·   Work closely with SOC analysts to improve detection capabilities and reduce false positives.

·   Collaborate with threat intel and incident response teams to create advanced detection logic.

·   Automate log ingestion and alert tuning using scripting (Python, PowerShell, etc.).

·   Develop and maintain documentation, runbooks, and standard operating procedures (SOPs).

Beneficial:

·   Good Documentation skills

·   Good at Incident Management.

Personal Characteristics:

·   Strong communication skills, ability to work comfortably with different regions

·   Actively participate within internal project community  

·   Good team player, ability to work on a local, regional and global basis and as part of joint cross location initiative.

·   Self-motivated, able to work independently and with a team.

Inspira Enterprise India is seeking a highly skilled and experienced QRadar SIEM Administrator to join our dedicated cybersecurity team. The ideal candidate will possess proven expertise in the deployment, configuration, and administration of IBM QRadar SIEM environments . This role is crucial for ensuring robust log collection, system health, and optimizing security use cases to enhance threat detection and incident response capabilities for our clients.

• Deploy, configure, and administer IBM QRadar SIEM environments , ensuring optimal performance, scalability, and high availability.
• Perform comprehensive data source onboarding and integration , ensuring successful and accurate log collection from diverse systems such as Windows servers, Linux machines, firewalls, network devices (routers, switches), and other security tools.
• Continuously monitor system health and performance of QRadar components, ensuring proper event flow, data parsing, and correlation.
• Work closely with Security Operations Center (SOC) teams to develop, test, and optimize security use cases, rules, and correlation logic for enhanced threat detection.
• Provide expert support and troubleshooting for all QRadar-related issues and incidents, ensuring rapid resolution and minimal disruption.
• Collaborate effectively with clients and internal stakeholders to understand their security requirements and deliver appropriate, tailored SIEM solutions.
• Meticulously document deployment steps, configurations, and standard operating procedures (SOPs) for QRadar operations and incident response.
• Continuously assess and improve SIEM configurations and rule tuning for enhanced detection capabilities, reducing false positives and improving alert fidelity.
• Maintain up-to-date knowledge of SIEM technologies, emerging security trends, and the evolving threat landscape to proactively enhance QRadar capabilities.

• QRadar Expertise: Proven experience in QRadar SIEM administration and deployment , demonstrating hands-on proficiency with the platform's features and functionalities.
• SIEM Fundamentals: Strong knowledge of SIEM fundamentals (e.g., event collection, normalization, correlation, reporting) and practical experience with security operations workflows and incident lifecycle.
• Operating Systems: Hands-on experience with both Linux and Windows operating systems for log management, agent deployment, and basic troubleshooting.
• Data Integration: Proficiency in data source integration and log ingestion techniques from various technologies and platforms.
• Security Operations: Good understanding of SOC use cases, incident response methodologies, and threat detection strategies .
• Analytical Skills: Strong analytical and problem-solving skills to diagnose complex technical issues and optimize SIEM performance.
• Communication & Stakeholder Management: Excellent customer communication and stakeholder management skills, with the ability to convey technical information clearly and build strong relationships.
• Documentation: Demonstrated ability to create detailed, clear, and concise technical documentation for configurations, procedures, and troubleshooting guides.