Remote work opportunity with IMRI
IMRI is looking for a Cybersecurity Project Manager with 5-7 years of experience working with SIEM, particularly QRadar, to lead the integration and upgrade project. Here's a breakdown of the scope of work:
-
Integration of Log Sources: Configure the SIEM system (QRadar) to ingest logs from various security tools including Microsoft Defender Suite (Identity, Cloud Apps, Office, and Endpoint), Tanium Threat Response, CrowdStrike, and Microsoft IoT Defender.
-
Alert Generation: Ensure that the SIEM system is configured to generate actionable alerts for the Security Operations Center (SOC) analysts based on detections from the integrated security tools. Collaboration with the Cybersecurity Operations Center Team Manager is essential to develop SIEM use cases and run books.
-
Threat Response Management: Oversee the configuration and management of threat response mechanisms within the SIEM environment to effectively respond to security incidents.
-
SOAR Integration: Manage the integration of Security Orchestration, Automation, and Response (SOAR) capabilities into the SIEM system to automate and orchestrate response actions.
-
UEBA Implementation: Implement User and Entity Behavior Analytics (UEBA) capabilities to enhance anomaly detection and insider threat analysis within the SIEM environment.
-
Scalability and Performance Analysis: Conduct thorough analysis of current and future Event Per Second (EPS) needs to ensure scalability and performance of the SIEM system.
-
Project Management: Manage the project under Information Technology Project Management Office (PMO) guidelines to ensure successful delivery within scope, budget, and timeline.
Deliverables:
- Configured and fully operational upgraded SIEM system (QRadar).
- Integration of specified log sources.
- Functional alerting mechanisms for SOC analysts.
- Integrated SOAR and UEBA capabilities.
- Report on EPS analysis to ensure scalability and performance of the SIEM system.
This project requires project management skills, technical expertise in SIEM (QRadar), and experience with cybersecurity operations and tools integration. Additionally, effective collaboration with SOC teams and adherence to IT PMO guidelines are crucial for project success.