Description
Summary- ArcSight Administration
- Responsible for the large scale ArcSight deployment including capacity planning, maintenance, and operations.
- Detail oriented
- Excellent communication skills, both written and oral
- Ability to work independently
- Processes and procedure documentation
- Scripting
- Strong knowledge of Information Security Products and Techniques (SIEM, Firewall, Intrusion Prevention (IDS/IPS)
- Strong working knowledge of operating systems (ie: Windows, UNIX, RedHat Linux) and RDBMS Systems such as Oracle, MySQL and MS SQL
- Strong Network experience and fluency in Enterprise architectures
- Linux experience
- 5 plus years' experience with ArcSight Responsibilities
- Administration of ArcSight SIEM environment
- Capacity planning
- ArcSight Architecture
- Perform day-to-day analysis on ArcSight Servers and associated components to verify stability and optimize performance
- Deploy ArcSight devices (connectors, Loggers, ESM)
- Testing, implementation and configuration of patches and upgrades
- Research, analyze and understand logs source from various devices in the network for acquisition and integration in ArcSight
- Smart connector management and Flex connector development
- RMA of failed hardware
- Troubleshooting and break fix
- Write scripts and automation to optimize various processes involved
- Author Standard Operating Procedures (SOPs) and training documentation when needed
- Provide support in researching, designing, testing, and implementing new technologies that will enhance the organizations capabilities.
- Knowledge of the following technologies a plus:
- Intrusion Detection/Prevention Systems for networks and hosts
- Security Event Management Systems
- Vulnerability Assessment Systems
- Secure transfer protocols such as SSH, SCP and Connect Direct Secure Plus
- Diagnostic tools such as packet capture/decode and WAN probes
- IP Networking
- Windows Systems administration and security tools
- Experience with remote access, Terminal Servers, etc a plus
- Experience in the administration of UNIX
- Solaris, HP/UX, or Linux and Windows operating systems a plus
- Experience in developing and administering an information security program desirable
- Working knowledge of and experience in the policy and regulatory environment of information security, especially in higher education is desirable