Tuesday, June 20, 2017

Mid-Level ArcSight Analyst/Forensic Analyst

Mid-Level ArcSight Analyst/Forensic Analyst (F2F Interview Required)
Arlington, VA
6+ Months Contract
Must be Locals or Nearby and US Citizen and Green Card. (W2/1099)

Enterprise initiative to gather and translate data collected from network devices, in combination with various ArcSight products and forensic tools.  The goal of this initiative is to collect, process, preserve, and present digital evidence, delivering an accurate analysis that will address the needs of incident response team, and assist the SIOC team, HR, and Legal in property crimes and cybercrime-related investigations.

To achieve these goals, the SIOC team is seeking an a Mid-Level ArcSight Analyst/Forensic Analyst.  The role will be a key contributor to success of this initiative.  The analyst will work as part of a team working closely with business and IT technical team members. 

The ideal Mid-Level ArcSight Analyst/Forensic Analyst candidate will have a good understanding of enterprise security coupled with hands-on networking and security skills, best of breed forensic toolkits, Windows, MAC and Linux operating systems, formal change of custody practice, as well as an ability to write and understand scripting languages such as Perl.

Candidate Duties and Responsibilities:
The Mid-Level ArcSight Analyst/Forensic Analyst must take ownership of projects/tasks/issues and work them through completion.  The successful candidate for this position will work on the SIOC team and will:
Research, analyze and understand log sources, particularly from various devices in an enterprise network
Appropriately categorize the security messages generated by various sources into the multi-dimensional ArcSight normalization schema
Write and modify scripts to parse out messages and interface with the ArcSight categorization database
Write scripts and automation to optimize various processes involved
Understand content for ArcSight ESM, including correlation rules, dashboards, reports, visualizations, etc.
Understand requirements to write content to address use cases based on customer requests and feedback
Provide back-up support to existing analysts
Support the development of this cross functional team to deliver clear and succinct documentation on processes and procedures
Provide on-call support as needed

Candidate Requirements and Qualifications:
2+ years' experience with a Security Information and Event Management (SIEM) solution such as ArcSight ESM is required
2+ years' as a ArcSight Security Analyst 
Hands-on experience scripting with Perl or Python
2+ years working as a Security engineer
2+ years working as a Forensics Analyst
Excellent knowledge of Forensic operations, administration and security
Experience examining logs and output from enterprise network devices and from applications hosted in these environments
Experience using Carbon Black and Bit9 as well as F-Response
Demonstrated technical understanding and knowledge appropriate to the role
Experience with performing endpoint forensics and malware analysis
Provide on-call support as needed
Experience examining logs and output from enterprise network devices and from applications hosted in these environments
Ability to quickly and accurately identify the meaning and severity of these log messages
Demonstrated technical understanding and knowledge appropriate to the role

BS/MS in Computer Science or 3+ year of equivalent experience in IT Security.

RajKiran Goud Batthula
Sr. US IT Recruiter

14175 Sullyfield Circle, Suite # 400,Chantilly, VA 20151, U.S.A
Phone: 703-468-8304 Skype: rajkiranb