Description
- Knowledge of a typical SIEM architecture.
- Knowledge of the requirements of a successful SIEM implementation.
- Knowledge of integrating a new event source into SIEM.
- Ability to document and communicate effectively a complex SIEM infrastructure for operations management.
- Experience working with audit/log configuration for Cisco Routers
- Proven Experience working with audit/log configuration for RSA secured.
- Proven Experience working with audit/log configuration for CyberArk.
- Proven Experience working with audit/log configuration for Citrix or other Terminal Servers.
- Proven Experience working with audit/log configuration for HP Service Desk.
- Proven Experience with building custom Arcsight Flex Connectors.
- Proven Experience with creating custom content in Arcsight (asset modelling, rules, queries, trends, reports, dashboards).
- System administration experience working with redhat (install, network, syslog, iptables, Scripting, etc.).
- System administration experience working with Windows Server platforms (install, network, syslog, iptables, Scripting, etc.).
- Practical working knowledge of tuning event sources.
- Proven Experience in operationalizing a SOC (ie preparing documentation for SOC analysts).
- Ability to document content created in ArcSight (ie rules and expected actions by analysts).
- Proven Experience with system health monitoring of event sources
- Understanding of NERC and CIP requirements
- Experience with security analysis via Security Event Management, preparation of security policies and procedures, analysis of intrusion detection events and recommendation for event tuning, analysing log files and summarizing events
- Experience with content development, documenting Security Policies and Procedures with respect to Security Event Management, Verify the correctness of preliminary and established procedures through testing, Prepare comprehensive documentation of procedures
- Experience with development and implementation of Unix security hardening procedures, Unix security administration duties including backups, performance and resource monitoring
- Experience in integration of ArcSight ESM, creating flex connectors, creating custom content, analysing logs and creating documentation
- Proficient in the following: Windows, TCP/IP, Oracle, Unix, and Firewall
Proven success in implementing the following (minimum 4 years demonstrable experience):
- Installing and configuring ArcSight SmartConnectors
- Building custom ArcSight Flex Connectors
- Creating custom content in ArcSight (asset modelling, rules, queries, reports, dashboards)
- Working with Cisco device logging, Citrix or Terminal Server and HP Openview Service Desk
- Linux system administration
- Log analysis and IT security fundamentals
- Working with Visio to create operational support diagrams
- Creating clear and concise technical support documentation