-Client is seeking a Network Management Operations Technician (Tier 3) - III
-ArcSight Security Engineer - Tier 3
looking for someone that can do ArcSight implementation, operation, and development - specifically someone that can build flex connectors, bring in new device feeds, etc. This is a deployment at a large financial institution. Examples focus on examples of your capabilities with respect to ArcSight system integration and evolution is important.
-The ArcSight Engineer is responsible for the delivery of high visibility security projects and consultative services to our Managed Security Services customer.
-The engineer will be responsible for all aspects of the system including use cases for Dashboards, Active Channels, Reports, Rules, Filters, Trends, and Active Lists.
-Provides optimization of data flow using aggregation, filters, etc.
-Participates in the operation of ArcSight Security Information and Event Management systems to include ArcSight ESM, Connector appliances/SmartConnectors, Logger appliances, Windows and Linux servers, network devices and backups.
-Supports life-cycle management of the ArcSight platforms to including coordination and planning of upgrades, new deployments, and maintaining current operational data flows.
-Must possess strong written and verbal communication skills and must be capable of the understanding, documenting, communicating and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertise
-Must have demonstrated ability to build and implement event correlation rules, logic, and content in the security information and event management system with specific experience in the ArcSight ESM environment
-Must have demonstrated ability to tune the SIEM event correlation rules and logic to filter out security events associated with known and well established network behavior, known false positives and/or known errors
-Must have experience maintaining an event schema with customized security severity criteria
-Must have experience creating scheduled and ad-hoc reporting with SEIM tools.
-Must possess a thorough and in-depth understanding of SEIM technologies and event collector deployments in the Windows and Linux operating environments
-2 to 5 years experience in a dedicated security position
-Bachelor's Degree or higher is preferred
-Experience identifying, documenting, mitigating, and consulting on enterprise security threats
-Experience in Linux, ArcSight, qRadar, or a proprietary SIEM
-Strong communication skills and ability to engage with customers to understand their requirements
-Clear and concise written and oral English
-Proactive in following up on customer issues
-Ability to excel in high pressure environments
Preferred Skills and Experience:
-ITIL Foundations training / certification
-Security Certifications CEH, GCIA