IBM QRadar Subject Matter Expert

We are looking for an experienced IBM QRadar SME with a strong background in SIEM operations, threat detection, and incident response within highly regulated environments. The candidate will be responsible for monitoring critical financial-market systems, leading advanced threat detection, and supporting both UAT and Production SIEM/DAM environments across DC & DR setups.

Key Responsibilities

1. Security Monitoring & Threat Detection

• Monitor trading and clearing platforms, APIs, and connectivity gateways for anomalies, misconfigurations, and security vulnerabilities.
• Support and maintain UAT and Production SIEM/DAM environments across DC & DR .
• Continuously monitor for threats using SIEM, network telemetry, behavioral analytics, and log intelligence.
• Integrate and manage SIEM, SOAR, XDR, IDS/IPS, UEBA , and threat intelligence feeds for end-to-end visibility.

2. Threat Intelligence & Incident Response

• Track zero-day vulnerabilities , emerging cyber threats, and APT campaigns targeting financial markets.
• Lead incident triage, in-depth investigation, containment, eradication, and recovery.
• Perform root cause analysis and conduct post-incident reviews to prevent recurrence.
• Coordinate critical incidents with regulatory authorities like SEBI, CERT-In, and RBI , and liaise with law enforcement when required.
• Conduct red/blue team exercises, tabletop simulations , and cyber drills to assess cyber-resilience.

3. SOC Operations & Platform Optimization

• Manage and optimize SOC tools, analytics engines, dashboards, correlation rules, and alerting logic.
• Drive automation using SOAR playbooks, ML-based anomaly detection , and custom scripts to reduce MTTR.
• Collaborate with NOC, fraud monitoring, IT operations, and BCP/DR teams for holistic enterprise-wide resilience.
• Ensure forensic readiness, proper log management, and retention as per regulatory standards.

4. Compliance, Governance & Regulatory Reporting

• Support regulatory reporting and ensure adherence to guidelines mandated by SEBI, CERT-In, and RBI.
• Implement and run proactive threat-hunting programs to identify threats before exploitation.
• Work with architecture and engineering teams to continuously enhance detection and prevention controls.
• Develop and maintain SOC policies, SOPs, runbooks, and incident response playbooks following industry best practices.
• Implement and maintain a SOC Maturity Roadmap to strengthen detection, response, and recovery capabilities.

Required Skills & Experience

• Minimum 6 years of hands-on experience with IBM QRadar (administration, rule tuning, log onboarding, dashboards, AQL, DSM, correlation logic, performance optimization).
• Strong experience in SIEM/SOC operations, incident response, and threat detection.
• Understanding of financial-services threat landscape, especially around trading/clearing systems.
• Experience with SOAR, XDR, IDS/IPS, UEBA, threat intelligence, and other SOC ecosystem tools.
• Ability to engage with regulators and manage major incidents in compliance-heavy environments.

Strong analytical thinking, problem-solving skills, and communication abilities.