Wazuh SIEM System Administrator

& Associate System Administrator / System Software Engineer

JOB SUMMARY

IDRBT is seeking dedicated Wazuh SIEM Administrators and System Software Engineers to manage the complete Wazuh SIEM system lifecycle — from planning and execution through to ongoing maintenance. The team will monitor system performance, build tools that maximise the open-source SIEM/XDR platform, and own end-to-end Wazuh server cluster deployment, agent onboarding, and fine-grained Role-Based Access Control (RBAC) implementation to ensure secure, least-privilege operations for security teams and auditors.

ROLE OVERVIEW
Experience Department Location Employment Type
1 – 7 Years Cybersecurity / SOC On-Site Full-Time
KEY RESPONSIBILITIES

Wazuh Infrastructure & Setup

    • Deploy and maintain high-availability Wazuh central components: Wazuh server, Wazuh indexer, and Wazuh dashboard.
    • Streamline deployment and remote management of Wazuh agents across Windows, Linux, and macOS endpoints using Ansible.
    • Monitor on-premises Nutanix Acropolis (AHV) private cloud — track infrastructure health, hypervisor performance, and storage metrics simultaneously.
    • Core Metrics to Track:
      • Storage IOPS & Latency: maintain storage pool and container latencies below 10–15 ms.
      • CPU / Memory Overcommit: track cluster provisioning ratios to prevent host contention.
      • CVM Health: monitor Controller VM (CVM) memory, CPU usage, and cluster replication status.
      • Storage Capacity: predict storage runway to avoid metadata or disk exhaustion.
    • Configure agent groups and enrollment settings to ensure centralised management and log collection.

Role-Based Access Control (RBAC) & User Management

    • Architect and implement fine-grained RBAC in Wazuh to restrict dashboard access, API utilisation, and incident management actions based on user roles (e.g., Security Analyst vs. Security Engineer).
    • Configure internal users and define security policies, roles, and rulesets tailored to organisational hierarchy.
    • Integrate Wazuh dashboard with enterprise Identity Providers (IdPs) via SAML/OIDC (e.g., Microsoft Entra ID).
    • Configure Active Directory / LDAP for unified authentication and authorisation across the platform.

Monitoring & Security Operations

    • Configure custom decoders, rules, and active responses for proactive threat detection and automated remediation.
    • Enforce strict File Integrity Monitoring (FIM) across critical endpoints and servers.
    • Implement and maintain Vulnerability Detection pipelines to surface and track CVEs across the estate.
    • Conduct and schedule Security Configuration Assessments (SCA) to continuously validate hardening baselines.
    • Track the full Wazuh SIEM system lifecycle — from planning through execution and maintenance — and produce regular performance and health reports.
CORE TECHNOLOGIES & INTEGRATIONS
  • SIEM / XDR: Wazuh Server  |  Wazuh Indexer (OpenSearch)  |  Wazuh Dashboard
  • Agents: Windows  |  Linux  |  Nutanix
  • Identity / Auth: Microsoft Entra ID  |  Active Directory  |  LDAP  |  SAML / OIDC
  • Infrastructure: Nutanix AHV (Acropolis)  |  Prism Central  |  CVM monitoring
  • Security Controls:  FIM  |  SCA  |  Vulnerability Detection  |  Active Response  |  Custom Rules & Decoders
QUALIFICATIONS & REQUIREMENTS
Competency Requirement
Experience 1–7 years managing OEM/open-source SIEM solutions; hands-on Wazuh architecture experience preferred
Access Mgmt. Strong understanding of RBAC, centralized authentication, LDAP/AD integration, and SSO providers
OS & Scripting Proficiency in Linux system administration, Bash/Python scripting, and Ansible automation
Networking Understanding of TCP/UDP ports, TLS/SSL certificates, and firewall configs for agent-to-manager communication
SIEM/XDR Experience configuring decoders, rules, active responses, FIM, vulnerability detection, and SCA
Cloud/Virt Familiarity with on-premises private cloud platforms (e.g., Nutanix AHV) is an advantage
Identity Experience integrating SAML/OIDC with enterprise IdPs (e.g., Microsoft Entra ID / Azure AD)
WHAT WE OFFER
  • Competitive compensation and benefits package
  • Opportunity to work on cutting-edge open-source SIEM/XDR and cloud-native security infrastructure
  • Collaborative SOC and infrastructure team environment at IDRBT
  • Support for professional development, cybersecurity certifications, and conference participation
  • Exposure to enterprise identity, cloud, and automation technologies.
Apply Here
Archives