Role Objective
The QRadar Platform Support – Junior Engineer plays a critical role in maintaining the stability, availability, and performance of the IBM QRadar SIEM infrastructure. This role focuses on day-to-day platform operations, log source integration, and first-level troubleshooting, ensuring that SOC operations receive clean, normalized, and continuous telemetry for monitoring and detection.
Roles and Responsibilities
Operational Support
-
Monitor and maintain the health of QRadar components (Console, Event Processors, Event Collectors, Flow Processors).
-
Perform daily checks for EPS rate, storage utilization, and system performance metrics.
-
Execute routine administrative tasks: user account creation, RBAC management, and scheduled backup verification.
-
Generate scheduled operational and health reports for internal SOC and platform performance reviews.
-
Respond to platform-related alerts, performing initial triage and escalating as needed.
Technical Responsibilities
-
Assist in log source onboarding, testing syslog/API connectivity, and validating DSM mapping.
-
Support DSM customization and log parsing validation for new or non-standard sources.
-
Review parsing errors and collaborate with senior engineers to correct event categorization issues.
-
Help with QRadar patch management, upgrade testing, and version validation under supervision.
-
Participate in correlation rule testing, dashboard tuning, and offense verification for rule effectiveness.
-
Document configuration changes, SOP updates, and recurring issue resolutions.
Process and Collaboration
-
Work closely with SOC analysts, platform teams, and incident responders to ensure event integrity.
-
Follow change management and incident escalation protocols.
-
Maintain compliance with security standards for log retention and access control.
-
Participate in internal reviews, root cause analysis sessions, and continuous improvement initiatives.
Mandatory Skills Required
-
Foundational understanding of QRadar SIEM architecture (Console, EC, EP, Flow Collector).
-
Familiarity with Linux administration, networking fundamentals, and event logging protocols (Syslog, SNMP, WinCollect, API).
-
Awareness of SIEM correlation logic, event normalization, and DSM parsing basics.
-
Hands-on experience in log analysis, data ingestion validation, and dashboard usage.
-
Scripting knowledge (Bash, Python) for automation or health-check reporting.
-
Exposure to incident response or SOC operations (preferred).
Educational Requirements
-
Bachelor’s degree in Computer Science, Information Technology, or Cybersecurity.
-
Postgraduate diploma or coursework in Information Security / Network Security preferred.
Certifications (Mandatory / Preferred)
-
IBM QRadar Foundation or Associate Certification (preferred).
-
CompTIA Security+ / CEH or equivalent foundational cybersecurity certification
