Role Objective

The QRadar Administrator - Senior Engineer is a design and architecture-focused role, responsible for building, scaling, and integrating QRadar SIEM into the broader enterprise or MSSP environment.

This role defines how the platform evolves - from onboarding new data sources to developing correlation rules and integrating with SOAR and threat intelligence systems.

Roles and Responsibilities

Architecture & Deployment

- Design, implement, and optimize QRadar architecture across on-prem, cloud, and hybrid environments.

- Plan and execute new deployments, expansions, and clustering based on business growth and data volume.

- Lead log source onboarding strategy - including DSM mapping, parsing customization, and new integrations.

- Develop custom DSMs, property extractions, and event categories for unsupported sources.

- Implement and manage data retention, storage scaling, and license optimization strategies.

Engineering & Integration

- Build and fine-tune correlation rules, building blocks, and reference sets to enhance detection accuracy.

- Develop custom dashboards, reports, and analytics for SOC and compliance requirements.

- Integrate QRadar with SOAR platforms (IBM Resilient, ServiceNow, Splunk Phantom) to automate alert triage and response.

- Leverage APIs, scripts, and integrations to connect QRadar with other tools - EDRs, vulnerability scanners, CMDBs.

- Collaborate with detection engineering teams to align use cases with MITRE ATT&CK mapping.

Optimization & Leadership :

- Conduct performance tuning and EPS optimization for large or multi-tenant environments.

- Lead architecture review sessions and advise on best practices for scaling and hardening.

- Prepare high-level and low-level design documents, data flow diagrams, and deployment guides.

- Mentor platform and support engineers on architecture, onboarding workflows, and parser design.

- Participate in proof-of-concept (PoC) initiatives for new integrations and technologies.

Mandatory Skills Required :

- Proven experience in end-to-end QRadar architecture design, deployment, and configuration.

- Expertise in DSM customization, parser development, and event normalization.

- Deep understanding of QRadar correlation rules, building blocks, and reference sets.

- Proficiency in Linux administration, networking protocols, and security event analysis.

- Hands-on experience with SOAR integration and automation scripting (Python/Bash/REST API).

- Knowledge of compliance frameworks (ISO 27001, PCI DSS, NIST) and reporting automation.

Educational Requirements :

- Bachelor's or Master's degree in Information Security, Computer Science, or related field.

- MBA or specialization in Security Architecture or IT Infrastructure (preferred).

Certifications (Mandatory / Preferred) :

- IBM Certified Administrator - QRadar SIEM (mandatory).

- IBM SOAR (Resilient) Certified Engineer (preferred).

- CISSP / CISM / CEH / CySA+ or equivalent cybersecurity certification (preferred).

- Cloud platform certifications (AWS/Azure/GCP) (advantage)