ArcSight Content Management Engineer
ARCSIGHT CONTENT MGMT ENGINEER
Candidate must have a TS/SCI Clearance in order to be considered.
Our client' s contract provides Computer Network Defense and Analysis (CND) to the customer’ s network. Because the customer allows their user community to access their personal email accounts while on site, there is a lot of spam hitting their network regularly. This contract is responsible for the 24 x 7 x 365 protection of the customer’ s network from maliciously intended viruses and attacks on their network.
Day to day Responsibilities:
- Candidate will be Primarily responsible for managing the the Content captured from the ArcSight SIEM tool every day.
- Responsible for the monitoring and analysis of IDS/IPS alerts, logs and reports to make a determination and categorize suspected anomalies and intrusion events for further investigation and/or action, and when this determination is made, a report will be submitted for follow on to the second tier.
- Other tools used include FireEye, ISS, McAfee Intrushield, wireshark, splunk, etc.
- Responsible for maintaining the integrity and security of enterprise-wide cyber systems and networks.
- Supports cyber security initiatives through both predictive and reactive analysis, articulating emerging trends to leadership and staff.
- Coordinates resources during enterprise incident response efforts, driving incidents to timely and complete resolution.
- Defend the enterprise network from Computer Network Attacks (CNA)
- Create channels, filters, rules, etc. in ArcSight to help pinpoint malicious network activity
- Deep pcap analysis
- Solid understanding of various types of CNA’ s and attacker TTP’ s
- DoS/DDoS attacks (syn flood, teardrop, etc.), drive-by, image cache poisoning, fast flux, zombies, botnets, XSS, etc.
- Employs advanced forensic tools and techniques for attack reconstruction, including dead system analysis and volatile data collection and analysis.
- Supports internal HR/Legal/Ethics investigations as forensic subject matter expert.
- Performs network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output as it pertains to the cyber security of communications networks.
- Reviews threat data from various sources and develops custom signatures for Open Source IDS or other custom detection capabilities.
- Correlates actionable security events from various sources including Security Information Management System (SIMS) data and develops unique correlation techniques.
- Utilizes understanding of attack signatures, tactics, techniques and procedures associated with advanced threats.
- Develops analytical products fusing enterprise and all-source intelligence.
- May conduct malware analysis of attacker tools providing indicators for enterprise defensive measures, and reverse engineer attacker encoding protocols.
- Interfaces with external entities including law enforcement organizations, intelligence community organizations and other government agencies such as the Department of Defense.
- ArcSight set up/configuration and content management
- Experience with IDS and IPS or, a strong background with respect to networking and network technologies or Systems Administration.
- Linux experience
- Experience with email electronic signatures, knowing what’ s behind them and how to go in and find out where they originate.
- Demonstrated experience (monitoring, installation, analysis) with other systems that can collect IDS/IPS/Network Health metrics.
- Systems Engineering or, Network Management/Monitoring Systems or Systems Administration experience.
- ArcSight, WireShark, Putty, Splunk, WebShield, IBM ISS Proventia, Generic System Tools (Ping, Trace Route, Nslookup)
- Candidate would be required to meet the DoD IAPT Level II security compliance through being certified with a Security+, CEH or higher (CISSP, SANS GSEC, etc), within 90 days upon joining the contract.
Job Type: Full Time