SOC Consulting and SIEM Manager

IBM Middle East

Riyadh, Saudi Arabia

Ref: RP805-1949

Job description / Role

Employment: Full Time

Over the past 100 years, IBMers all over the globe have helped make the world work better and smarter. In this new era of Cognitive Business, IBM is helping to reshape industries by bringing together our expertise in Cloud, Analytics, Security, Mobile, and the Internet of Things: Changing how we create, collaborate, analyze and engage. From transforming healthcare to improving the retail shopping experience - it's what IBMers do. As we tackle the world's biggest challenges, our company continues to grow, we're looking for talented professionals to join us in this new era.

Join us and be part of a diverse and global team of thinkers and doers - people who want to make an impact, cultivate their expertise and collaborate with some of the world's top business and technology professionals.

Your Role and Responsibilities
The Security Analyst must serve as Security Incident and Event management specialist with pragmatic experience in both IT Security, OT Security, Cloud Security and other Emerging security technologies. This engineer will act in many ways as consultants that can speak and act to the security landscape, threat scenario, attack patterns and effective incident response methods credibly, and possess the ability to discuss and present technical security solutions to senior members of a client team.

Core consulting skills
- Strong communication and presentation skills
- The ability to lead large groups and be a primary facilitator and lead.
- Strong written skills
- Comfortable working in a project based / client serving model
- Ability to lead and shape client expectations
- Help drive pursuits and engage in complex deals, matching outcomes to expectations
- Ability to work easily with diverse and dynamic teams
- Ability to work in a matrix management model

Required Technical and Professional Expertise
- College Degree in Computer Science or equivalent. 5+ year prior experience in a similar position
- Installation, Configuration and management of Sentinel SIEM solution
- Experience is setup HA for Console, Event and Flow components of Sentinel
- Integration of supported log sources (Event and Flow) and unsupported log sources
- Custom parsers development
- Use cases and rules implementation and Tuning
- Alerts and reports development and implementation
- Create network hierarchy, building blocks, classify Log Sources within the Sentinel SIEM.
- Experience in Use Case Library
- Break-fix triage, resolution and restoration of service for Sentinel application and event collector images.
- Administering tools such as Vectra NDR, IBM Resilient SOAR, Azure EDR and threat intel platform such as Anomali


- At least 3 years Proficiency with Sentinel SIEM in a role that had similar key responsibilities as above
- At least 2 implementations of a Sentinel setup
- At least 3 years' experience Linux Operating System (OS) Administration
- possesses fundamentals such as the various Open System Interconnection (OSI) layers)
- Strong understating of Routing protocols and technologies
- Strong understanding of Security technologies and best practices
- Hands on experience in Windows/Unix-specific networking
- Hands on experience in Windows Event IDs and Netflow v8, v9, Scripting and automation skills (Bash, Perl, etc.)
- Experience of network security zones, Firewall configurations, IDS policies
- In depth knowledge TCP/IP
- Knowledge of systems communications from OSI Layer 1 to 7
- Knowledge of security frameworks such as MITRE
- Experience with Systems Administration, Middleware, Active directory administration and Application Administration
- Experience with Network and Network Security tools administration
- Knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes
- Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat)
- Good knowledge of threat areas and common attack vectors (malware, phishing, APT, technology attack etc.)
- Experience with log search tools, usage of regular expressions, and natural language queries

Preferred Technical and Professional Expertise
- At least 5 years' experience in IT and Information Security
- At least 3 years' experience in ICS Security, Cloud Security
- At least 3 years' experience in a professional services firm focused on systems integration projects
- Certification in sentinel and other relevant tools
- Basic knowledge in working across diverse teams to facilitate solutions
- Bachelor's degree or master's degree in technology or Cybersecurity
- Experience working with offshore teams
- Certified in CISSP, SSCP, CISA or CISM

About the Company

For more than six decades, IBM Middle East & Pakistan has played a vital role in shaping the information technology landscape of the region. Today, IBM is part of the region's technological fabric, solving real-world business and societal challenges, through its offices in UAE, Saudi Arabia, Qatar, Kuwait and Pakistan, and also a diversity of centers across the region.

Within the region, IBM currently has groundbreaking initiatives in cloud computing, analytics, mobile, security, as well as nanotechnology, eGovernment, healthcare and many more, collaborating with leading educational institutes and governments. IBM supports hundreds of clients to drive transformation through technology, contributes to regional research & development programs and has an active Corporate Service Corps (CSC) program.

Reinvention is a keyword in the company's history and, today, IBM is much more than a "hardware, software, services" company. IBM is now emerging as a cognitive solutions and cloud platform company.

Get personalised updates on latest vacancies
Job Alerts by Email
  • Personalised updates on latest career opportunities
  • Insights on hiring and employment activity in your industry
  • Typically sent twice a month