• SIEM Engineer (ArcSight/Splunk)

    Job Locations US-DC
    Posted Date 3 weeks ago(4/2/2018 10:55 AM)
    Job ID
    2018-1245
    Category
    Information Technology
  • Overview

    AnaVation is looking for a talented Security Information and Event Management (SIEM) Engineer who is passionate about technology and working with cutting edge software and hardware to support our mission critical customer in Washington, DC. The ideal candidate appreciates partnering with our customer and a group of engineers to create innovative engineering solutions.

     

    Responsibilities

    The SIEM Engineer will:
     
    • Provide optimization of data flow using aggregation, filters, etc. Develop custom Flex Connector as required to meet use case objectives.
    • Participate in the operation of SIEM systems to include ArcSight ESM, Splunk ES, Oracle, Connector Appliances, SmartConnectors, Logger appliances, Windows and Linux servers, network devices and backups
    • Responsible for providing a detailed technical design for enterprise solutions
    • Responsible for implementing part or all of the technical solution to the client, in accordance with an agreed technical design
    • Provides planning and design support for the development of solution architectures that will be implemented in a multiple system environment with high availability and failover
    • Develop and deploy content for a complex and growing SIEM infrastructure; including use cases that involve Dashboards, Active Channels, Reports, Rules, Filters, Trends, and Active Lists
    • Develop filters, rules and customized reports for Loggers
    • Support initial build, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and response
    • Lead and coordinate event collection, log management, event management, compliance automation, and identity monitoring activities
    • Life-cycle management of the SIEM platforms to including coordination and planning of upgrades, new deployments, and maintaining current operational data flows
    • Follow Change Management Process and System Development Lifecycle process associated with varies development models (Agile)
    • Apply Configuration Management disciplines to maintain hardware/software revisions, content, security patches, hardening, and documentation
    • Provide optimization of data flow using aggregation, filters, etc. Develop custom Flex Connector as required to meet use case objectives.
    • Provide guidance to security analyst and network engineering staff
    • Working Closely with C&A Team to maintain Security requirements for Operation of ArcSight SIEM systems
    • Responding to day-to-day security requests relating to ArcSight and SplunkSIEM operations.
    • Tunes performance and event data quality to maximized system efficiency.
    • Assists with analyst using various tools to detect and respond to IT security incidents.
    • Performing systems hardening to meet DoD and IC Standards
    • Help maintain up to date documentation of designs/configurations
    • Perform routine equipment checks and preventative maintenance. Troubleshoot and conduct system health checks, including but not limited to performance issues, integration problems and outages and preventative maintenance
    • Develop filters, rules and customized reports for Loggers
    • Perform system user administration
    • Monitors and oversees the completion and implementation of technical products to ensure success and timeliness. Provides high-level analysis and design reviews to avoid duplication of efforts.
    • Evaluates vendor capabilities to provide the most complex required products or services. Conducts cost analyses to determine feasibility of various vendor products. Recommends vendor(s) and approach and presents to senior management/customer as appropriate.
    • Provides highly complex technical consultation to other organizations; interacts with senior customer personnel and internal senior management.
    • Researches and understands the marketing requirements for a product including target environment, performance criteria and competitive issues. Provides product expertise to the marketing process.
    • Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. Develops, tests and operates firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools.
    • Provides complex engineering analysis and support for firewalls, routers, networks and operating systems. Performs and evaluates vulnerability scans within a multi-platform, large enterprise environment. Reacts to and initiates corrective action regarding security violations, attempts to gain unauthorized access, virus infections that may affect the network or other event affecting security.
    • Oversees user access process to ensure operational integrity of the system. Enforces the information security configuration and maintains system for issuing, protecting, changing and revoking passwords.
    • Develops technical and programmatic assessments, evaluates engineering and integration initiatives and provides technical support to assess security policies, standards and guidelines.
    • Prepare and present RFC documentation to Configuration Control Board (CCB) when required in order to perform necessary administrative actions on Smart Connectors, Connector Appliances, and Logger Appliances
    • Demonstrate Eeffective organizational, and written/oraling, and communication skills.
    • Participates in identifying business requirements; ensures delivered solutions meet performance expectations.
    • Recommends program/project release schedules based on knowledge of software development life cycle; delivers functionality and ensures the integrity of the overall system.
    • The candidate will be required to create Requests for Change (RFC's) and defend the proposed solutions impact to the CCB.
    • Develops and implements guidelines for deployment of product.
    • Performs document reviews to ensure effective and appropriate environment changes and demonstrates ability to escalate needs when necessary.
    • Prepare, mentor, and train client and team members to SIEM-related Standard Operating Procedures (SOPs).
    • A requirement of this position is that all candidates submit sanitized writing samples demonstrating previous engineering work and documentation experience as a part of the selection process
     

    Qualifications

    Required education and technical experience:
    • 5+ years of professional experience and a Bachelor of Arts/Science or equivalent degree in computer science or related area of study; without a degree, three additional years of relevant professional experience (8+ years in total) required
    • 5+ years of ArcSight experience using ArcSight Security Information and Event Management products, to include ArcSight Connectors, Logger, and Enterprise Security Manager (ESM) (or equivalent with Splunk ES)
    • Hands-on ArcSight and/or Splunk experience developing & managing use cases and content; Dashboards, Active Channels, Reports, Rules, Filters, Trends, Active Lists, etc.
    • 2+ years of Linux experience
    • 2+ years of security experience in IT security system management including SIEM, IDS, DLP, FW, etc.
    • 2+ years of data, syslog, security event, network traffic analysis. Experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists
    • Experience working with internet, web, application and network security techniques
    • Experience working with federal regulations related to information security (FISMA, Computer security Act, etc.)
    • Experience working with NIST Special Publications and C&A process methodology
     
    Required Clearance:
    • Active Top Secret Security Clearance , SCI and CI poly eligible
     
    Desired education and technical experience:
    • Master's Degree or 12 years of equivalent work experience preferred
    • Information Security Certification(s), such as CISSP, ISSEP, GSEC, GCIA, GSLC, CEH, Security+ CE
    • Microsoft Certified Systems Engineer (MCSE) or (MCITP), Red Hat Certified Engineer (RHCE) or equivalent
    • Programming languages: Perl, VBS, RegEx, Boolean, and Scripting skills are highly desired
     

     

    EEO Statement

    AnaVation is an Equal Employment/Affirmative Action employer. We do not discriminate in hiring on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state, or local law.

     

    If you need a reasonable accommodation for any part of the employment process, please contact us by email at accommodations@anavationllc.com and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.