Role Objective
The QRadar Administrator Senior Engineer is a design and architecture-focused role, responsible for building, scaling, and integrating QRadar SIEM into the broader enterprise or MSSP environment.
This role defines how the platform evolves from onboarding new data sources to developing correlation rules and integrating with SOAR and threat intelligence systems.
Roles And Responsibilities
Architecture & Deployment
- Design, implement, and optimize QRadar architecture across on-prem, cloud, and hybrid environments.
- Plan and execute new deployments, expansions, and clustering based on business growth and data volume.
- Lead log source onboarding strategy including DSM mapping, parsing customization, and new integrations.
- Develop custom DSMs, property extractions, and event categories for unsupported sources.
- Implement and manage data retention, storage scaling, and license optimization strategies.
Engineering & Integration
- Build and fine-tune correlation rules, building blocks, and reference sets to enhance detection accuracy.
- Develop custom dashboards, reports, and analytics for SOC and compliance requirements.
- Integrate QRadar with SOAR platforms (IBM Resilient, ServiceNow, Splunk Phantom) to automate alert triage and response.
- Leverage APIs, scripts, and integrations to connect QRadar with other tools EDRs, vulnerability scanners, CMDBs.
- Collaborate with detection engineering teams to align use cases with MITRE ATT&CK mapping.
Optimization & Leadership
- Conduct performance tuning and EPS optimization for large or multi-tenant environments.
- Lead architecture review sessions and advise on best practices for scaling and hardening.
- Prepare high-level and low-level design documents, data flow diagrams, and deployment guides.
- Mentor platform and support engineers on architecture, onboarding workflows, and parser design.
- Participate in proof-of-concept (PoC) initiatives for new integrations and technologies.
Mandatory Skills Required
- Proven experience in end-to-end QRadar architecture design, deployment, and configuration.
- Expertise in DSM customization, parser development, and event normalization.
- Deep understanding of QRadar correlation rules, building blocks, and reference sets.
- Proficiency in Linux administration, networking protocols, and security event analysis.
- Hands-on experience with SOAR integration and automation scripting (Python/Bash/REST API).
- Knowledge of compliance frameworks (ISO 27001, PCI DSS, NIST) and reporting automation.
Educational Requirements
- Bachelor's or Master's degree in Information Security, Computer Science, or related field.
- MBA or specialization in Security Architecture or IT Infrastructure (preferred).
Certifications (Mandatory / Preferred)
- IBM Certified Administrator QRadar SIEM (mandatory).
- IBM SOAR (Resilient) Certified Engineer (preferred).
- CISSP / CISM / CEH / CySA+ or equivalent cybersecurity certification (preferred).
- Cloud platform certifications (AWS/Azure/GCP) (advantage)
