AboutWeb is currently looking for a SIEM Security Engineer for a government contract in Reston, VA.
Install, configure, tune, and maintain the following SIEM components: Event Collectors/Smart Connectors, Loggers, Correlation Engine & Database.
- Primarily focus on content creation regarding advanced threat analysis (rules, variables, trending, watch lists, etc) of incoming data and for self-monitoring of the solution itself.
- Perform supporting tasks such as system hardening, high availability configurations, and developing backup strategies.
- Assist with the creation of detailed deployments plans, architectural drawings and operation manuals.
- Assist with event source auditing configurations, integration with various security platforms, network devices, and systems.
- Apply NIST 800-53 guidelines and standards to FISMA reporting content.
- Required to understand the business and technical requirements, architecture and design specifications and developing the associated content and documentation.
- Works with solution architect and technical architect to gather and interpret user/system requirements into content specifications, development of rules, dashboards, and reports and to ensure content and solution meets customer requirements.
- Analysis and tuning of all incoming security events for threat detection and to increase the efficiency of processing, maximize true threat identification, and ensure accurate reports for FISMA auditing.
- Maintains skills in technology areas required by solutions and helps educate/train staff
- Detail oriented, self-motivated and disciplined, with excellent time management skills
- 2+ years administrative experience deploying, configuring, troubleshooting, and maintaining ArcSight SIEM Connectors, Loggers, Correlation Engine and Database
- 2+ years engineering experience creating correlation, dashboard, and reporting content using ArcSight
- Advanced knowledge of content creation concepts and best practices.
- Experience with threat analysis and event tuning
- General networking experience
- 4+ years of Information Security experience
- 5+ years of Information Technology experience
- Works independently within set guidelines for development of high quality correlation rules, dashboards, and FISMA reports. Current Public Trust clearance, EOD, or Final
- Proven ability and experience with highly complex security analysis for Information Technology
- Excellent problem-solving and technical skills* Experience with integrating unsupported devices using the Flex Connector toolkit.
- Experience with pattern discovery, identity view, and IT Governance packages
- Security Operations Center (SOC) experience
- Preferred certifications include: ACSA, ACIA, CISSP, GIAC, SSCP
- Experience with any combination of the following: Visio, Syslog, Syslog-NG, TCP/IP, Networking, Linux/Unix, Windows, Active Directory, Event Analysis, NIST standards and guidelines, Database Activity Monitoring, Oracle, SAN architecture, Veritas server clustering, PL/SQL
washingtonpost.com - 18 months ago