Arcsight Specialist

Primary Responsibilities Arcsight content developer:

This is an ArcSight role that will develop, implement and review rules associated with monitoring security events. ArcSight development experience required. Knowledge of ArcSight architecture and associated tools. Splunk experience is a plus. Write, develop and unit test software and participates with design or build, test and implement infrastructure components that meet the needs of the design specifications. Identifies and escalates issues that impact project performance. Adheres to standards and best Practices, processes, and deliverables. Participates in physical design and development of software or hardware products. Communication & Relationship Mgmt. Has knowledge of state-of-the art programming languages and object-oriented approaches in designing, coding, testing and debugging programs as required by your domain. Has in-depth knowledge of state-of-the art engineering technical approaches in design, build, testing, debugging problems as required by domain. (Infrastructure). Maintains deep technical knowledge within areas of expertise. Possesses a strong understanding of systems programming, graphical user interfaces and control languages.

- Develop and test new content and use cases using ESM filters, rules, data monitors, active lists, session lists, dashboards, reports and trends
- Participate in developing monitored use cases within the Cyber Defense Centre SIEM
- Work with Security Analysts to effectively deploy and tune monitored content
- Integrate the SIEM Platform with 3rd party tools like ticketing and case management systems, Asset Management systems, Hadoop/Vertica, etc. using the ArcSight API and Java and/or Python
- Create scripts to monitor the health of ESM, Loggers, Connector Appliances, Connector Servers and SmartConnectors

The SOC Analyst is responsible for day-to-day protective monitoring in accordance with customer security policies, standards and regulations. They will monitor for possible security incidents, using knowledge of attack types and standard protocol behaviour to classify incidents, comment, and provide advice on mitigation or remedial actions. They will be responsible for the security analysis, incident classification and incident response actions such as notification and alerting.

Responsibilities:

- Monitoring client security infrastructure
- Identifying and reporting Real Time attacks and vulnerabilities on the client network
- Identification of incidents and subsequent analysis to determine their severity and the response required
- Properly documenting incidents
- Providing security expertise and recommending solutions for the resolution of security issues
- Gathering intelligence from external sources eg the Internet
- Interfacing effectively with LIRMs/client
- Producing security reports based upon security incident information
- Maintaining an up to date knowledge of threats and vulnerabilities
- Assisting with investigations as required

TEKsystems is acting as an Employment Business in relation to this vacancy.