Innova ESI
Website:
innovaesi.com
Job details:
Role: L3 SOC (QRADAR ADMIN)
Location : Mumbai
Experience : 8 Year+
Roles & Responsibilities:
L3 SOC (QRADAR ADMIN) Key Responsibilities:
1. SOC Platform Operations & Availability
- Configure, administer, and maintain the IBM QRadar SIEM platform for real‑time threat detection and incident response
- Perform regular QRadar system upgrades, patches, and DSM updates to ensure platform security, stability, and performance
- Plan, execute, and validate backup and disaster recovery activities, including replication of custom rules, log sources, custom properties, QID map entries, and configurations between DC and DR environments
- Manage daily BAU operations along with weekly, monthly, quarterly, half‑yearly, and yearly SOC maintenance activities
- Monitor system health, performance, capacity, and scalability across console, event processors, and data nodes
- Conduct basic troubleshooting on event processors and QRadar components when systems become unreachable or stop ingesting logs
- Maintain SIEM data retention in accordance with regulatory and customer requirements by monitoring online and offline storage
- Implement log retention, archiving, and storage optimization strategies to ensure compliance and platform stability
2. Detection Engineering & SOC Capability Enhancement
- Design, develop, and fine‑tune QRadar correlation rules, filters, and use cases to enhance threat detection and reduce false positives
- Create and manage custom rules, building blocks, and correlation logic to support customer‑specific detection requirements
- Develop and maintain DSMs, custom log source extensions, parsers, regex patterns, and normalization logic
- Support custom application integrations and develop security use cases for effective monitoring and threat detection
- Create custom reports, dashboards, and visualizations in QRadar to provide actionable security insights to SOC analysts and stakeholders
- Continuously optimize alert quality and incident workflows to improve SOC efficiency and analyst productivity
3. Incident Management, SLA Support & Escalation Handling
- Act as an L3 escalation point for complex, critical, and aged security incidents within the SOC
- Support L1 and L2 SOC teams with advanced analysis, deep technical investigations, and ticket resolution
- Investigate and respond to security incidents by correlating events, logs, and alerts across multiple data sources
- Participate in customer troubleshooting and incident engagement calls, providing technical expertise and root‑cause analysis
- Ensure adherence to SLAs through proactive monitoring, case reviews, and timely escalations
- Collaborate with cross‑functional teams to support coordinated incident response and remediation activities
4. Governance, Documentation & Knowledge Management
- Develop, maintain, and review SOPs, runbooks, and process documentation for QRadar administration and incident handling
- Prepare and maintain knowledge base (KB) articles to support SOC operations and reduce dependency risks
- Manage user access, roles, and permissions within the QRadar platform in line with governance standards
- Support internal and external audits by providing structured logs, configurations, reports, and evidence
- Conduct regular documentation updates to ensure accuracy, consistency, and audit readiness
- Provide training, mentoring, and technical guidance to junior SOC team members to strengthen overall team capability.
Click on Apply to know more.