Beschreibung
Tätigkeit:For one of our clients within the banking sector we require an experienced SIEM Engineer (m/f). The tasks which have to be accomplished by the SIEM Engineer are as following: responsible for the integration of in scope asset feeds into the SIEM ArcSight solution, this will involve liaising with system owners, providing requirements, feed verification and full testing against documented monitoring criteria. Working with ArcSight SIEM application to develop configure and build all ArcSight content including rules, filters, active lists, reports, dashboards, channels, parsers and analysis methodologies plus the appropriate alert mechanisms. Ensuring that all logs received by production ArcSight can be parsed and are sent in the correct format. Building custom parsers (Flex Connectors) using Regex where standard parsers do not exist eg bespoke applications and systems. Ensure in scope systems are monitored against security policy, where technically and operationally feasible. Identify and document gaps Configuration and development of SIEM application (ArcSight) to maximize output/value and satisfy Security Event Monitoring requirements. Maintain the effective running of the SIEM infrastructure and troubleshoot any disruption to service. Assist with the investigation of anomalies/suspicious/inappropriate activity and report on key security violations. Assist with the documentation of processes and procedures for newly onboarded assets. Ensure all changes to the live environment follow change control procedure. Work closely with Security Ops team to ensure that ITIL disciplines are adhered to, e. g. raising CMRs, PRMs, incident reports, etc. as appropriate. Manage relationships with system owners to bring additional systems into scope and where required develop skills further to ensure effective log interpretation. Proactively work with the Security Operations to identify areas where we can broaden the SIEM scope, add value and enhance monitoring, alerting capabilities.The following skills are required: experience implementing and/or managing SIEM technical solutions in a medium to large environment, experience within the SIEM space using ArcSight, a strong understanding of enterprise security logging processes, event management and security incident methodologies, strong knowledge of SQL is desired as are strong technical skills in both Windows and Unix environments, as well as networking (TCP/IP) skills, strong understanding of REGEX and Scripting, hands on experience with log management solutions, excellent interpersonal skills, experience investigating security incidents, specifically using a SIEM solution, Audit/Risk/Compliance. Project start: asap. Project duration 3 month. Location: Rhein-Main-Gebiet. If you are interested in this position please send us your application with keyword: " + Cyber Security Engineer".
Anforderungen:
SQL, TCP/IP, Englisch, Netzwerksecurity, Unix, Windows, ITIL
Zeitraum:
19.02.2015
Einsatzort:
Rhein-Main Gebiet