Description
JOB TITLE: ArcSight Security Engineer - Tier 3
Position Summary:
The ArcSight Engineer is responsible for the delivery of high visibility security projects and consultative services to our Managed Security Services customer.
The engineer will be responsible for all aspects of the system including use cases for Dashboards, Active Channels, Reports, Rules, Filters, Trends, and Active Lists. Provides optimization of data flow using aggregation, filters, etc. Participates in the operation of ArcSight Security Information and Event Management systems to include ArcSight ESM, Connector appliances/SmartConnectors, Logger appliances, Windows and Linux servers, network devices and backups. Supports life-cycle management of the ArcSight platforms to including coordination and planning of upgrades, new deployments, and maintaining current operational data flows.
- Must possess strong written and verbal communication skills and must be capable of the understanding, documenting, communicating and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertise
- Must have demonstrated ability to build and implement event correlation rules, logic, and content in the security information and event management system with specific experience in the ArcSight ESM environment
- Must have demonstrated ability to tune the SIEM event correlation rules and logic to filter out security events associated with known and well established network behavior, known false positives and/or known errors
- Must have experience maintaining an event schema with customized security severity criteria
- Must have experience creating scheduled and ad-hoc reporting with SEIM tools.
- Must possess a thorough and in-depth understanding of SEIM technologies and event collector deployments in the Windows and Linux operating environments
Position Requirements:
- 2 to 5 years experience in a dedicated security position
- Bachelors Degree or higher is preferred
- Experience identifying, documenting, mitigating, and consulting on enterprise security threats
- Experience in Linux, ArcSight, qRadar, or a proprietary SIEM
- Strong communication skills and ability to engage with customers to understand their requirements
- Clear and concise written and oral English
- Proactive in following up on customer issues
- Ability to excel in high pressure environments
Preferred Skills and Experience:
- ITIL Foundations training/certification
- Security Certifications CEH, GCIA
. Not accepting 3rd party candidates at this time.