XSIAM Admin na IBM

Introduction

A career in IBM Consulting is built on long-term client relationships and close collaboration worldwide. You’ll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you’ll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting, curiosity fuels success. You’ll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences.

Your role and responsibilities

As a Security Consultant specializing in Intelligence & Operations, you play a crucial role in helping Client IT understand and address key security issues, exposures, and vulnerabilities. Your expertise in security intelligence and operations enables you to articulate effective security strategies and mitigation measures. Your primary responsibilities will include: • Develop Security Strategies: Apply security principles, counter-threat intelligence, and knowledge of security intelligence and operations to develop and recommend effective security strategies, programs, plans, and mitigation measures. • Enhance Security Posture: Utilize proactive threat hunting and intelligence-driven defense strategies to enhance Client IT's security posture. • Articulate IBM's SIOC and SIEM: Clearly communicate IBM's Security Intelligence and Operations Center (SIOC) and Security Information and Event Management (SIEM) points of view, including financial implications. • Leverage Threat Intelligence: Apply hands-on experience with tools like QRadar to analyze and mitigate various cyber threats. • Collaborate with Clients: Work closely with Client IT to understand their security needs and deliver tailored security solutions.

Required technical and professional expertise

• Security Intelligence Knowledge: Exposure to security intelligence and operations, including security principles and counter-threat intelligence, to develop effective security strategies and mitigation measures. • Threat Analysis Experience: Hands-on experience with tools like QRadar to analyze and mitigate various cyber threats. • Security Strategy Development: Experience working with security strategies, programs, plans, and mitigation measures to address key security issues and vulnerabilities. • Security Posture Enhancement: Exposure to proactive threat hunting and intelligence-driven defense strategies to enhance security posture. • Security Solution Delivery: Experience working with clients to understand their security needs and deliver tailored security solutions.

Managing the XSIAM platform lifecycle

Ensuring data ingestion, normalization, and availability

Supporting SOC teams with a stable, optimized, and scalable environment

Maintaining integrations, automation, and system health

Configure and maintain:

XSIAM tenant settings

User roles & RBAC (Role-Based Access Control)

Data retention policies

Manage:

Multi-tenant setups (if applicable)

Data privacy and access controls

Onboard and integrate log sources:

Firewalls (Palo Alto NGFW)

Endpoints (Cortex XDR Agents)

Cloud platforms (AWS, Azure, GCP)

Identity providers (Azure AD)

Ensure:

Proper log parsing & normalization

Schema mapping (XSIAM data models)

Troubleshoot:

Missing logs

Parsing errors

Data delays or ingestion failures

Monitor and optimize:

Data ingestion pipelines

Storage utilization

Query performance

Tune data to:

Reduce noise

Improve signal-to-noise ratio

Manage:

Hot/cold storage tiers (if applicable)

Deploy and maintain:

Detection rules

Correlation policies

Assist SOC / Detection Engineers in:

Testing detection logic

Troubleshooting rule performance

Reduce:

False positives / false negatives

Configure and maintain:

Cortex XSIAM playbooks (SOAR capabilities)

Integrate:

APIs with third-party tools (ticketing, EDR, IAM)

Ensure:

Playbooks execute reliably

Automation reduces manual effort

Create and manage:

User accounts

Roles and permissions

Enforce:

Least privilege access

Secure authentication (SSO, MFA)

Continuously monitor:

Platform performance

Integration status

Agent health (XDR agents)

Identify and resolve:

Connectivity issues

System errors

Perform:

Routine health checks and audits

Preferred technical and professional experience

• Hands-on QRadar Experience: Exposure to utilizing QRadar for analyzing and mitigating various cyber threats, enhancing security posture through proactive threat hunting and intelligence-driven defense strategies. • Cyber Threat Knowledge: Familiarity with various cyber threats, including understanding of security intelligence and operations to develop effective security strategies and mitigation measures. • Financial Implication Understanding: Exposure to articulating financial implications of security strategies, programs, plans, and mitigation measures, including IBM's SIOC and SIEM points of view.

IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.