QRadar Adminstrator

SIEM / QRadar Administrator

Location:

Onsite/Hybrid in Central Houston

Rate: $105,000-$125,000 salary annually over a contract DOE; no-sponsorship available

Benefits:
This position is eligible for Health, Dental, Vision, and 401k

The SIEM Administrator will support Cybersecurity Operations by overseeing daily operational management of the QRadar SIEM platform and serving as the primary liaison between the client and the Managed Security Service Provider (MSSP). Responsibilities include developing, tuning, and maintaining SIEM detection rules; onboarding and maintaining log sources; coordinating data ingestion, parsing, and log‑source lifecycle activities; and managing QRadar upgrades, patches, and overall platform health.

This role is critical for ensuring effective collaboration with the MSSP, sustaining operational continuity, and enhancing the client's threat‑detection and response capabilities.

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.

• 5–7 years of experience in cybersecurity operations, with a minimum of 3+ years specifically administering a SIEM platform (preferably QRadar).

• QRadar administration: rule tuning, log source onboarding, DSM matching, parsing, and platform health monitoring
• Working directly with an MSSP or SOC provider in a collaborative operational model
• Log ingestion architecture and lifecycle management
• Managing upgrades, patches, and maintenance for SIEM infrastructure
• Troubleshooting data ingestion failures, EPS issues, routing, and correlation logic
• Experience with data source onboarding (firewalls, EDR, cloud, identity platforms, etc.)
• Strong understanding of detection engineering and incident response workflows
• Familiarity with Linux systems

• QRadar‑specific
  • IBM Certified Associate Administrator – QRadar SIEM
  • IBM Security QRadar SIEM V7.x Implementer
• General cybersecurity certifications
  • CompTIA Security+
  • CompTIA CySA+
  • GIAC GCIA
  • GIAC GMON
  • ISC2 CC or CISSP
• Cloud & identity
  • Microsoft SC‑200 (Security Operations Analyst)
  • Azure AZ‑500 (Security Engineer)

• Strong understanding of logging formats: syslog, JSON, CEF, LEEF
• Knowledge of network and security devices (firewalls, proxies, EDR, IDS/IPS)
• Experience with MITRE ATT&CK–aligned detections
• Knowledge of SIEM capacity planning (EPS, FPM, storage retention)
• Understanding of scripting languages (Python, Bash) is a plus but not mandatory

• Strong communication and leadership skills
• Ability to translate SOC/MSSP output into actionable internal improvements
• Vendor management experience
• Ability to prioritize and manage operational workload in a high‑volume environment
• Documentation and process‑development skills