Description
Position: Information Security Specialist
- Knowledge of a typical SIEM architecture.
- Knowledge of the requirements of a successful SIEM implementation.
- Knowledge of integrating a new event source into SIEM.
- Ability to document and communicate effectively a complex SIEM infrastructure for operations management.
- Experience working with audit/log configuration for Cisco Routers
- Proven Experience working with audit/log configuration for RSA secured.
- Proven Experience working with audit/log configuration for CyberArk.
- Proven Experience working with audit/log configuration for Citrix or other Terminal Servers.
- Proven Experience working with audit/log configuration for HP Service Desk.
- Proven Experience with building custom Arcsight Flex Connectors.
- Proven Experience with creating custom content in Arcsight (asset modelling, rules, queries, trends, reports, dashboards).
- System administration experience working with redhat (install, network, syslog, iptables, Scripting, etc.).
- System administration experience working with Windows Server platforms (install, network, syslog, iptables, Scripting, etc.).
- Practical working knowledge of tuning event sources.
- Proven Experience in operationalizing a SOC (ie preparing documentation for SOC analysts).
- Ability to document content created in ArcSight (ie rules and expected actions by analysts).
- Proven Experience with system health monitoring of event sources
- Understanding of NERC and CIP requirements
Proven success in implementing the following (minimum 4 years demonstrable experience):
- Installing and configuring ArcSight, SmartConnectors
- Building custom ArcSight Flex Connectors
- Creating custom content in ArcSight (asset modelling, rules, queries, reports, dashboards)
- Working with Cisco device logging
- Linux system administration
- Log analysis and IT security fundamentals
- Working with Visio to create operational support diagrams
- Creating clear and concise technical support documentation