Remote work opportunity with IMRI
IMRI is looking for a Cybersecurity Project Manager with 5-7 years of experience working with SIEM, particularly QRadar, to lead the integration and upgrade project. Here's a breakdown of the scope of work:
Integration of Log Sources: Configure the SIEM system (QRadar) to ingest logs from various security tools including Microsoft Defender Suite (Identity, Cloud Apps, Office, and Endpoint), Tanium Threat Response, CrowdStrike, and Microsoft IoT Defender.
Alert Generation: Ensure that the SIEM system is configured to generate actionable alerts for the Security Operations Center (SOC) analysts based on detections from the integrated security tools. Collaboration with the Cybersecurity Operations Center Team Manager is essential to develop SIEM use cases and run books.
Threat Response Management: Oversee the configuration and management of threat response mechanisms within the SIEM environment to effectively respond to security incidents.
SOAR Integration: Manage the integration of Security Orchestration, Automation, and Response (SOAR) capabilities into the SIEM system to automate and orchestrate response actions.
UEBA Implementation: Implement User and Entity Behavior Analytics (UEBA) capabilities to enhance anomaly detection and insider threat analysis within the SIEM environment.
Scalability and Performance Analysis: Conduct thorough analysis of current and future Event Per Second (EPS) needs to ensure scalability and performance of the SIEM system.
Project Management: Manage the project under Information Technology Project Management Office (PMO) guidelines to ensure successful delivery within scope, budget, and timeline.
Deliverables:
-
Configured and fully operational upgraded SIEM system (QRadar).
-
Integration of specified log sources.
-
Functional alerting mechanisms for SOC analysts.
-
Integrated SOAR and UEBA capabilities.
-
Report on EPS analysis to ensure scalability and performance of the SIEM system.
This project requires project management skills, technical expertise in SIEM (QRadar), and experience with cybersecurity operations and tools integration. Additionally, effective collaboration with SOC teams and adherence to IT PMO guidelines are crucial for project success.
EQUAL EMPLOYMENT OPPORTUNITY
EEO/Affirmative Action Statement and Non-Discrimination Policy IMRI is an Equal Employment Opportunity employer committed to maintaining a non-discriminatory, diverse work environment. In accordance with Title VII of the Civil Rights Act of 1964, Section 503 of the Rehabilitation Act of 1973, Vietnam Era Veteran's Readjustment Assistance Act of 1974 (VEVRAA), Americans with Disabilities) (ADA), and other federal, state, and local anti-discrimination laws, IMRI does not unlawfully discriminate against any person on the basis of race, color, religion, sex, national origin, ancestry, genetic information, age, marital status, sexual orientation, physical or mental disability, or status as a special disabled veteran or other veteran. IMRI will take affirmative action to assure equal opportunity for employment is provided with regard to all personnel actions. This is including but not limited to: recruitment, selection, compensation, benefits, training, promotion, demotion, layoff, termination and all other terms and conditions of employment.