Sr. Data Analyst (ArcSight)
- Is a Subject Matter Expert (SME) with Arcsight software.
- Experience planning, installing and administering ArcSight products to include ArcSight Loggers, Connector Appliances, ESM, Management Center and Software Connectors.
- Experience troubleshooting and resolving issues quickly on all platforms to ensure log management and incident response capabilities are maintained.
- Experience creating and maintaining detailed documentation of all ArcSight configurations and integrations.
- Experience working with Business Users to understand logging, incident identification, and compliance requirements.
- Experience translating those requirements into ArcSight content such as rules, reports, dashboards, alerts, etc.
- Experience working with System and Network Admins to understand all enterprise platforms and develop a plan to integrate all required logs into ArcSight. This includes mapping these platforms to business requirements and analyzing the events from each platform to validate event output and feed all ArcSight Content Development activities.
- Experience working with Analyst to create content to help automate the identification and reporting of incidents, compliance reports, events of interest, etc.
- Experience reviewing open source threat feeds such as SANS and McAfee to stay current of the latest threats; and experience validating and integrating required event sources to identify events of interest surrounding this information.
- Experience creating and maintaining all content on all ArcSight platforms; including, all rules, filters, active channels, reports, dashboards, queries, etc. for all use cases, and ensuring all content is backup up on a regular basis.
- Experience developing Flex Connectors to integrate legacy or unsupported applications and platforms into ArcSight.
- Experience managing the Enterprise Auditing requirements based on ICS 500-27.
- Minimum of 6 years providing security alert event configuration and management, continuous monitoring of multiple security technologies such as IDS/IPS, syslog, file integrity, vulnerability scanners, correlating, analyzing events, designing, implementing, tuning, and using ArcSight SIEM tool to detect IT security incidents.
- A bachelor’s degree from an accredited university in a field such as information systems, computer science, engineering or a related technical field.
- Current active IAT level III certification is required
- Current Top Secret clearance with SCI eligibility