Hi, Hope you are doing well. Please go through the requirement if it is relevant for you than send me your updated resume at *ash...@xchangesoft.net* <p...@kpgtech.com> or you can give me a call at *732-444-6424*
*Position: Cyber Security Analyst* *Location: **Eagan, MN* *Duration: 6 months* *Phone/Skype* *Job Description:* • Knowledge of IBM SIEM product QRadar • Knowledge of Cisco IPS product Sourcefire • Security Monitoring - Qradar –navigate and analyze QRadar and Sourcefire events for security analysis security events. Drilldown to packet header and packet levels Interface with 3rd party Forsythe vendor that manages the QRadar and Sourcefire installations - Establish and document processes and procedures with the vendor to achieve seamless work relationship and workflows - Monitor health and status of the Qradar and Sourcefire appliances and work with Forsythe vendor to coordinate and plan maintenance activities. - Coordinate maintenance events that impact user access and security monitoring - Prep ServiceNow tickets - Prep Forsythe ServiceNow tickets - Track these tickets to maintain synchronization among them - Tuning of false positives and less important events in environment - Refine monitoring coverage to focus on important events and areas - Track QRadar and Sourcefire resource and license utilization for approaching limitations - Provide excerpted documentation from IBM Qradar Device Support Module (DSM) documentation to user groups for specific products and platforms. Excerpted DSM’s include mainframe audit logs, Guardium, FireEye, Amazon AWS Cloudtrail, Linux, Proofpoint, Cisco IDE, Oracle, IMS, DB2,,, - event definition in QRadar and mapping as identifiable events - Designing QRadar alerts from these incoming events • SOC2: - Coordinate between Forsythe and various database support groups in bringing various database logging of different formats into Qradar for log retention, event mapping and monitoring, and alerting on critical events. - Provide excerpted documentation from IBM Qradar Device Support Module (DSM) documentation for specific database products and platforms. (MS SQL, Oracle, IBM DB2, IBM IMS,,,) - Submit tickets and requests in coordination between Forsythe and different database platforms - QRadar report design and creation from QRadar events database for periodic reportage - Knowledge of IBM Ariel Query Language (AQL) to design searches for specific events in QRadar events database. - Provide formatting, scheduling and distribution of reportage - Document these reports and promulgate know-how to use AQL searches for security event tracking and analysis *Thanks & Regards* *Ashish Khatri| Technical Recruiter* *XChange Software* || 10 Austin Avenue, Iselin, NJ – 08830 *Phone : 732-444-6424 Fax: 732-601-4641|* Email: ash...@xchangesoft.net <p...@kpgtech.com> Hangout *ashish.khatri....@gmail.com <ashish.khatri....@gmail.com>* *P* *Please don't print unless you really need to.** |**7* *Switch off as you go** | **q* *Recycle always* *_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________* *Disclaimer:*We respect your Online Privacy. This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. If you are not interested in receiving our e-mails then please reply with a *"REMOVE"* in the subject line at *ash...@xchangesoft.net* <deepak.di...@xchangesoft.net> and mention all the e-mail addresses to be removed with any e-mail addresses, which might be diverting the e-mails to you. We are sorry for the inconvenience. -- You received this message because you are subscribed to the Google Groups "US_IT.Groups" group. To unsubscribe from this group and stop receiving emails from it, send an email to us_itgroups+unsubscr...@googlegroups.com. To post to this group, send email to us_itgroups@googlegroups.com. Visit this group at https://groups.google.com/group/us_itgroups. For more options, visit https://groups.google.com/d/optout.