Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Top Secret clearance is required. Must be clearable to TS/SCI.
Candidates will be required to support the deployment, configuration, and administration of enterprise network security appliances and software. The position requires the candidate be a self starter and work with limited direct supervision. A wide range of knowledge and skills are needed such as ArcSight ESM, system administration, content development, network engineering, and cyber security architecture design. Specifically, candidates may be required to:
- Deploy new ESM, Loggers, SmartConnectors/FlexConnectors as required to collect data feeds.
- Assist in the proper operation and performance of ArcSight ESM, Loggers and connectors.
- Integration of data feeds (logs) into ArcSight. Perform Content Development to properly identify data feeding ArcSight. Develop filters to assist in the identification of significant events.
- Coordinate with client engineering staff for modifications, downtimes, and upgrades.
- Develop reports (manual and automated) to support the development, collection, and reporting of Quality Assurance and Performance metrics (as defined by the client).
- Develop dashboards/reports for external customers for system monitoring.
- Provide ad-hoc training to analysts focusing on specific client missions, including generic ArcSight training sessions and Custom Use Case training sessions.
- Provide recommendations and implement changes to optimize ArcSight products in the customer environment.
- Support the client in fact finding or case supporting tasks as it relates to ArcSight.
- Evaluate relative ArcSight product advancements and provide recommendations to the customer
1-3 years of experience with college degree is preferred.
Must be familiar with deploying, installing and administering ArcSight ESM 4.5+ in a complex environment. Candidates must have experience with Flex Connectors, and content development, some scripting experience, and IdentityView knowledge is preferred but not mandatory. Candidates should also have real/significant experience developing content/use cases.
Linux experience is strongly recommended. Network IDS/IPS/HIPS expereience is preferred but not required.
ArcSight ESM Security Analyst (AESA) --- formally ArcSight Certified Security Analyst (ACSA) ; ArcSight ESM Integrator/Administrator (AEIA) --- formally ArcSight Certified Integrator/Administrator (ACIA); and ArcSight Advanced Administration certifications are strongly preferred .
Knowledge Consulting Group - 18 months ago