IBM QRadar SIEM SOC Analyst L3 - Mumbai

Innova ESI is seeking an experienced SOC Analyst L3 with specific expertise in IBM QRadar administration for a critical role in Mumbai. This position requires an immediate joiner and focuses on maintaining and enhancing our Security Operations Center (SOC) capabilities through advanced QRadar platform management.

Key Responsibilities:

1. SOC Platform Operations & Availability:

• Configure, administer, and maintain the IBM QRadar SIEM platform for real-time threat detection and incident response.
• Perform regular QRadar system upgrades, patches, and DSM updates to ensure platform security, stability, and performance.
• Plan, execute, and validate backup and disaster recovery activities, including replication of custom rules, log sources, custom properties, QID map entries, and configurations between Data Center (DC) and Disaster Recovery (DR) environments.
• Manage daily Business As Usual (BAU) operations along with weekly, monthly, quarterly, half-yearly, and yearly SOC maintenance activities.
• Monitor system health, performance, capacity, and scalability across console, event processors, and data nodes.
• Conduct basic troubleshooting on event processors and QRadar components when systems become unreachable or stop ingesting logs.
• Maintain SIEM data retention in accordance with regulatory and customer requirements by monitoring online and offline storage.
• Implement log retention, archiving, and storage optimization strategies to ensure compliance and platform stability.

2. Detection Engineering & SOC Capability Enhancement:

• Design, develop, and fine-tune QRadar correlation rules, filters, and use cases to enhance threat detection and reduce false positives.
• Create and manage custom rules, building blocks, and correlation logic to support customer-specific detection requirements.
• Develop and maintain DSMs, custom log source extensions, parsers, regex patterns, and normalization logic.
• Support custom application integrations and develop security use cases for effective monitoring and threat detection.
• Create custom reports, dashboards, and visualizations in QRadar to provide actionable security insights to SOC analysts and stakeholders.
• Continuously optimize alert quality and incident workflows to improve SOC efficiency and analyst productivity.

3. Incident Management, SLA Support & Escalation Handling:

• Act as an L3 escalation point for complex, critical, and aged security incidents within the SOC.
• Support L1 and L2 SOC teams with advanced analysis, deep technical investigations, and ticket resolution.
• Investigate and respond to security incidents by correlating events, logs, and alerts across multiple data sources.
• Participate in customer troubleshooting and incident engagement calls, providing technical expertise and root-cause analysis.
• Ensure adherence to Service Level Agreements (SLAs) through proactive monitoring, case reviews, and timely escalations.
• Collaborate with cross-functional teams to support coordinated incident response and remediation activities.

4. Governance, Documentation & Knowledge Management:

• Develop, maintain, and review Standard Operating Procedures (SOPs), runbooks, and process documentation for QRadar administration and incident handling.
• Prepare and maintain Knowledge Base (KB) articles to support SOC operations and reduce dependency risks.
• Manage user access, roles, and permissions within the QRadar platform in line with governance standards.
• Support internal and external audits by providing structured logs, configurations, reports, and evidence.
• Conduct regular documentation updates to ensure accuracy, consistency, and audit readiness.
• Provide training, mentoring, and technical guidance to junior SOC team members to strengthen overall team capability.

Location: Mumbai, Maharashtra, India

Experience: 8 years+

Note: Only immediate joiners will be considered.