Developing content for a complex and growing ArcSight infrastructure. This includes use cases for Dashboards, Active Channels, Reports, Rules, Filters, Trends, and Active Lists
Provide optimization of data flow using aggregation, filters, etc. Develop custom Flex Connector as required to meet use case objectives.
Participate in the operation of ArcSight Security Information and Event Management systems to include ArcSight ESM, Oracle, Connector appliances/SmartConnectors, Logger appliances, Windows and Linux servers, network devices and backups
Life-cycle management of the ArcSight platforms to including coordination and planning of upgrades, new deployments, and maintaining current operational data flows
Apply Configuration Management disciplines to maintain hardware/software revisions, ArcSight content, security patches, hardening, and documentation
Provide guidance to security analyst and network engineering staff
Supporting the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses.
Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities
Responding to day-to-day security requests relating to ArcSight operations.
Tunes ArcSight performance and event data quality to maximized ArcSight system efficiency.
Assists with analyst using ArcSight and other tools to detect and respond to IT security incidents.
Perform routine equipment checks and preventative maintenance
Performing systems hardening to DoD Standards
Maintaining up to date documentation of designs/configurations
Create shell and perl scripts to facilitate automated tasks
Work with other Service Providers to support areas of common interest
Working with software and hardware vendors
5-10 years of overall ArcSight experience
Strong Unix/Linux skills (CLI and package management)
Good communication skills
Candidate must be able to obtain a Security Clearance