Thursday, September 1, 2016

Security Consultant - ArcSight

Job Title: Security Consultant - ArcSight
Type: 4+ months Contract
Required Skills:          
3+ years of ArcSight experience

Good understanding/experience with Networking

Need to understand ArcSight from an Engineering perspective.

Basic Qualifications:  
Candidates are able to sit 100% remote

Job Description:
Primary Responsibilities: * Responsible for the analysis, design, installation, configuration and maintenance of log integration * Consult with application / platform owners to understand and adhere to logging policy * Work with clients to configure log transport to SIEM * Maintain enterprise logging and remediate any issues * Work support cases with vendor to fix issues efficiently Qualifications: Requirements: * 5+ years of Information Technology Experience * 3+ years of Linux / Unix Management * 3+ years of hands-on ArcSight experience * Write and communicate effectively * High School diploma or GED Assets: * Parsing experience * Deploy ArcSight devices (connectors, loggers, ESM) * 5+ years IT Security Experience * Programming or Scripting Experience * Database experience * Certifications - Any IT Security certifications
Went live with ArcSight in June of 2015, stood up the platform in 3 months (very quick). With a very large SIEM platform and at day 1: no stability in place, no altering, no monitoring.
Rest of SIEM team was using Security Analytics, worked to cut-over to ArchSight. What this team does (group is not jack of all trades:

  • Platform Engineering team (10 people)
  • Responsible for integrating log sources into ArcSight
    • New sources all the time because Optum keeps expanding
  • Responsible for the Health and Wellness of ArcSight
  • Have approximately 300 users
    • Keep the platform up and running and stable
  • SIEM is changing to become more security specific
    • Do not do the audit and compliance, there is a big data lake that ArcSight sends events to for audit and compliance purposes
  • This team does not use the platform they support: analysts use it (this team is not analysts, not doing event correlation, not responding to threats)
    • Looking for Platform Engineers
  • Need ArcSight experience from an engineering standpoint integrating log sources
  • SIEM in general
  • Linux background(possibly Windows)
    • Do a lot of scripting: Python Perl
  • Networking type background with hardware is likely best fit vs. Security Analyst
Hiring 5 people because they have a backlog of over 100 integration requests
Day to Day:
Integrate new log sources into the SIEM
Customer interaction on the front end, understanding what needs to be done / down to actual hands on Linux work on the box / Parsing of events. Will likely handle in an assembly line fashion, have people do specific tasks of that process.
Interview Format:

  • Intro to ArcSight Platform Engineering Team
  • Opportunity for candidate to sell themselves, tell about relevant experience
  • Ask questions relative to above experience and resume
  • Give time for candidate to ask questions about the role

    Jagadishwar.N |Technical Recruiter |Email:
    Direct : (678) 666 3829 |Work : (404)-315-1555 Ext 643| Fax: 678-302-4488
    Softpath System LLC | 3985 Steve Reynolds Blvd | Bldg C Norcross GA 30093