We are looking for an ArcSight Security Engineer with knowledge and experience with tools like IDS, IPS, SIEM/UBA/NBAD, infrastructure security, scripting, Linux and Windows Server Operating Systems and log file management.
Preferable permanent but contractors are very welcome!
For the job of Security Engineer candidate will be performing the below mentioned day-to-day tasks.
1. Installation and Configuration of ArcSight components: (ESM, ArcMC, ADP, Event Broker, Smart and Flex connectors and Logger)
- Installation and configuration of ArcSight ESM solution;
- Development, installation and configuration of Smart and Flex connectors;
- Event mapping, filtering and aggregation at the Connector level;
- Installation and configuration of Logger;
- Testing of the performance of the various SIEM components;
- Connecting the various ArcSight components to the various networks (dev, test, production, etc.);
- Configure data collection and validate the correct collection, normalization and storage of events;
- Troubleshooting, fine-tuning and automating daily tasks.
2. Administrative activities:
- Patching, as necessary, to the latest Service Patch and updating the SSL Certificate;
- System updates and upgrades;
- System Backup and Restore;
- Capacity and performance monitoring;
- Debugging and fixing log collection issues;
- Debugging and fixing various ArcSight components.
3. Security Engineering Activities:
- Experienced in Use Case development.
- Good experience of ArcSight Rules, Reports, Dashboards.
- Comfortable in building flex connectors.
What the client requests
Preferably, you possess the follow capabilities and characteristics:
- You have experience with ArcSight and you understand the architecture and components around SIEM like technologies;
- You have experience of infrastructure and application integration;
- You have experience with Log Collection and Log Management;
- You have experience with Linux and Windows Server operating systems as well as scripting within environments such as bash or powershell;
- You have networking knowledge and can configure, debug and troubleshoot based on specific layers of the TCP/IP and OSI stacks;
- You have excellent debugging and troubleshooting capabilities and are experienced with reading and interpreting raw logs;
- You have at least 5 years of experience in this domain;
- Bachelor's/Master’s degree in Computer Science/ Information Security.
- Splunk knowledge is a major plus;
- Experience with the most common operating systems management and monitoring such as Linux and Windows Server;
- Experience with basic bash/shell and powershell scripting;
- Experience with networking protocols and tools (SMTP, HTTP/HTTPS, TCP/UDP, FTP, SSH, SCP…) and networking stacks (TCP/IP and OSI);
- Experience with debugging network related issues;
- Cloud related infrastructure deployments / tools experience is a plus (Azure, AWS, CASB, Office 365 …);
- Experience with network behavior anomaly detection tools such as Darktrace or similar;
- Experience with firewalls, UTMs, NG Firewalls and proxies such as: PaloAlto, Checkpoint, Z-Scaler or similar.
Certifications and Accreditations:
The following certifications (or equivalents) would be a plus:
- ArcSight Administrator or Analyst related certifications / trainings;
- Splunk related certifications;
- Windows Infrastructure / Server / Cloud related certifications;
- Linux (RedHat, LPIC …) related certifications;
- Relevant major security vendors related certifications;
- CISSP, CCSP, CompTIASecurity+ or equivalent.
|Hours per week||Full time|