Arc Sight (SIEM) Admin/Analyst
|Technology||:||Arc Sight (SIEM) Admin/Analyst|
|Experience||:||5 - 8 Years Years|
Responsible for administration and implementation of SIEM tools (Arcsight/Splunk/Qradar/etc).
Responsible for rule authorization, system configuration, and operations and maintenance.
Should mentor and manage team members, providing technical leadership, interfacing with customers, and suggesting new ideas.
Responsible for reviewing alerts escalated by Level 1 /Level 2 analysts.
Reviewing customer reports to ensure quality and accuracy.
Work with customers to configure host IDS/IPS policies (Cisco CSA agent, IBM Proventia, Checkpoint Integrity, Tripwire Enterprise, SEP, McAfee Host Intrusion Prevention ) pertaining to enabling audit trails, log collection and troubleshooting of collector issues.
Perform analysis of log files, including forensic analysis of system resource access.
Responsible for tuning HIDS policies for individual hosts.
Would monitor security events received from customer's monitored servers, and then take appropriate action based on customer's security policy.
Experience with Managing Anti-Virus consoles (at least two from Symantec, McAfee, Sophos, Trend Micro, Kaspersky).
Perform triage on events/alerts which are reported by various detection devices to filter out things such as false positives and known accepted activities.
Conduct basic correlation and investigation by using the client provided tools and using other approved network services.
Understanding of common network services (web, mail, FTP, etc), network vulnerabilities, andDesired.
Strong interpersonal skills are critical, since the candidate will working with system and network administrators and executives around the world, and must be able to effect change and influence decisions.
Ability to multi-task and handle multiple projects.
Strong organizational skills.
Strong oral and written communication skills.
In-depth knowledge of SIEM Technology and implementation is a Must.
Knowledge of firewalls and intrusion detection systems (specific knowledge of any of the following personal firewalls or host ids is considered a plus: Cisco CSA, Dragon HIDS, Sygate, Blackice, IBM Real Secure, Tripwire).
Knowledge of Single Sign On technologies such as SAML, Kerberos, and Siteminder.
Bachelors Degree with relevant work experience in high-paced, enterprise environmentTechnology background in the financial/healthcare sector.
Implementation of SIEM and Log management tools.
Network security: Understand the standard network model and the risks present. The functions of network equipment and to understand network architecture.
Database design and programming experience.
Experience of liaising with external SIEM product vendors.
SIEM product certifications Arcsight / Splunk would be preferred.
CISA/CISM/CISSP/CRISC/GCIH certifications preferred.
Primary Skill :
Security Information and Event Management.
Role Description :
Plan, design, architect, implement and deploy SIEM solutions, including integration of log sources (supported and non-supported), custom content (use cases) creation and custom parser development,etc.
SIEM (Splunk/ RSA Security Analytics / HP ArcSight / IBM QRadar, RSA enVision) Consultant. The SIEM Consultant - will be part of any end to end SIEM implementation project.