Experience Required: Minimum 5+ years of hands-on experience in IBM QRadar SIEM implementation, integration, administration, support, and use case development.

Job Type: 3 months, Full time Onsite - Location Qatar 15-18k QAR

Job Summary:

We are seeking an expert-level IBM QRadar SIEM Consultant to deliver comprehensive implementation and support services. The ideal candidate will work closely with enterprise clients to deploy QRadar SIEM, integrate critical log sources, fine-tune detection capabilities, perform root cause analyses, and provide continuous support aligned with industry best practices and compliance mandates.

Primary Responsibilities:

1. Implementation & Deployment:

- Design enterprise-grade QRadar architectures, including distributed deployments with Event Collectors, Event Processors, and Flow Collectors.

- Execute fresh installations, HA pairings, and data node configurations.

- Perform architecture reviews and enhancements for existing QRadar deployments.

- Develop custom log source parsers (LSX/DSM) using regex and Log Source Protocol Configuration (LSPC).

- Integrate critical infrastructure: EDR (CrowdStrike, Defender, SentinelOne), Firewalls (Palo Alto, Fortinet, Checkpoint), IDS/IPS, WAF, Proxy, Email Security, AD/LDAP, and cloud platforms (AWS, Azure, GCP).

- Configure external threat feeds (STIX/TAXII) and integrate MITRE ATT&CK mappings.

2. Log Management and Data Onboarding:

- Assess log requirements for compliance (PCI-DSS, ISO 27001, NESA, NIST) and threat detection.

- Define retention and storage policies and optimize EPS/FPS for scalability.

- Ensure reliable onboarding using syslog, TLS, JDBC, and Universal Cloud Rest API connectors.

- Perform normalization, categorization, and relevance tagging using custom DSMs and properties.

3. Correlation & Use Case Development:

- Design and implement correlation rules using CRE with time window, sequence-based logic, and behavioral patterns.

- Use AQL for advanced rule logic and create reference sets, maps, and dynamic lists.

- Develop comprehensive use case frameworks (MITRE ATT&CK-aligned).

- Simulate attack scenarios to validate use cases and correlation rule behavior.

- Configure tuning strategies to reduce false positives using building blocks and rule thresholds.

4. Offense and Alert Management:

- Fine-tune offense rules, categories, and prioritization schemes based on asset criticality.

- Define escalation paths and configure offense assignment automation.

- Integrate with SOAR platforms (IBM Resilient, ServiceNow SecOps, TheHive).

- Create offense dashboards and KPI-driven reporting for SOC.

5. Reporting, Dashboards, and Compliance:

- Build custom dashboards, reports, and saved searches for technical and executive users.

- Align reporting with compliance requirements (SOC2, GDPR, HIPAA, etc.).

- Automate report distribution and log archival for audits.

6. System Administration & Maintenance:

- Monitor system health via System Notifications, Ariel Query latency, and ECS logs.

- Apply updates, patch management, and fix packs (manual and automatic methods).

- Conduct backup & restore, configuration migration, and license renewals.

- Optimize storage using retention buckets and data aging policies.

7. Support & Troubleshooting:

- Troubleshoot log collection failures, ECS-EC issues, Ariel DB performance, rule engine behavior, and tuning conflicts.

- Coordinate with IBM Support for PMRs, bug fixes, and RFEs.

- Conduct root cause analyses (RCAs) and develop knowledge base articles.

8. Client Management & Documentation:

- Conduct technical workshops, requirement gathering sessions, and environment assessments.

- Create HLDs, LLDs, Implementation Runbooks, and SOPs.

- Provide client-facing presentations, training sessions, and run KT programs.

- Support transition from implementation to SOC operations with detailed handover documentation.

Qualifications & Skills:

- Bachelor’s or Master’s in Computer Science, Information Security, or related fields.

- IBM Certified Deployment Professional – QRadar SIEM (Mandatory).

- 5+ years of implementation/support experience with QRadar.

- Strong understanding of TCP/IP, Windows/Linux systems, and enterprise security products.

- Expertise in QRadar components (ECS, AQL, CRE, DSM, QFlow, QRadar Network Insights).

- Deep knowledge of threat detection, SOC operations, and incident response workflows.

- Familiarity with DevSecOps, Agile, and ITIL environments.

- Scripting: Python, Bash, or PowerShell (for parser customization and automation).

Desirable Skills:

- QRadar SOAR, UBA, and QROC experience.

- Familiarity with QRadar Apps (Threat Intelligence, Log Source Management, Pulse, etc.).

- Exposure to QRadar on Cloud and hybrid log management.

- Understanding of SIEM migration projects (e.g., Splunk to QRadar).

- Knowledge of asset and vulnerability management integration.

Deliverables (For Professional Services Engagement):

- High-Level and Low-Level Design Documentation.

- Implementation Plan and Acceptance Criteria.

- Configured QRadar solution with required use cases.

- Validated log source integrations with parsing verification.

- Offense rules with MITRE ATT&CK correlation and tuning guide.

- User training manual and knowledge transfer session recordings.

- Support runbook with troubleshooting steps and escalation matrix.

Why Join Us / About the Company:

Intrinsic is a cybersecurity-focused organization with global clientele and specialized expertise in threat detection, SIEM/SOAR implementation, and managed SOC services. We pride ourselves on our technical depth, customer-centric approach, and delivering mission-critical security solutions.

Application Instructions:

Please submit your updated resume to [email protected] referencing the job title in the subject line.

Note: The role may require security clearance depending on the client's compliance requirements. Onsite travel might be expected based on project needs.

Keywords: QRadar, SIEM Consultant, IBM QRadar Deployment, Use Case Engineering, SOC Support, Security Information & Event Management, Threat Detection, AQL, Log Source Integration, MITRE ATT&CK, SOAR Integration