Beschreibung
• Working for the Cyber Detect to deliver Logging and Monitoring of our client’s assets for CISO• Responsible for the integration of in-scope asset feeds into our client’s SIEM ArcSight solution, this will involve liaising with system owners, providing requirements, feed verification and full testing against documented monitoring criteria.
• Work with ArcSight SIEM application to develop, configure and build all ArcSight con-tent including rules, filters, active lists, reports, dashboards, channels, parsers and analysis methodologies plus the appropriate alert mechanisms.
• Ensure all logs received by production ArcSight can be parsed and are sent in the cor-rect format
• Building custom parsers (Flex Connectors) using Regex where standard parsers do not exist eg bespoke applications and systems
• Ensure in scope systems are monitored against security policy, where technically and operationally feasible. Identify and document gaps
• Configuration and development of SIEM application (ArcSight) to maximize out-put/value and satisfy Security Event Monitoring requirements.
• Maintain the effective running of the SIEM infrastructure and troubleshoot any dis-ruption to service.
• Assist with the investigation of anomalies/suspicious/inappropriate activity and re-port on key security violations.
• Assist with the documentation of processes and procedures for newly on-boarded assets.
• Ensure all changes to the live environment follow change control procedure. Work closely with Security Ops team to ensure that ITIL disciplines are adhered to; eg rai-sing CMR's, PMR's, Incident Reports, etc. as appropriate.
• Manage relationships with system owners to bring additional systems into scope and where required develop skills further to ensure effective log interpretation.
• Proactively work with the Security Operations to identify areas where we can broa-den the SIEM scope, add value and enhance monitoring, alerting capabilities.
Skills/Experience required:
• Experience implementing and/or managing SIEM technical solutions in a medium to large environment
• Experience within the SIEM space using ArcSight
• A strong understanding of enterprise security logging processes, event management and security incident methodologies
• Strong knowledge of SQL is desired as are strong technical skills in both Windows and Unix environments, as well as networking (TCP/IP) skills
• Strong understanding of REGEX and Scripting
• Hands on experience with log management solutions
• Excellent interpersonal skills
• Experience investigating security incidents, specifically using a SIEM solution
• Audit/Risk/Compliance