- Deploy new ESM, Loggers, SmartConnectors/FlexConnectors as required to collect data feeds.
- Assist in the proper operation and performance of ArcSight ESM, Loggers and connectors.
- Integration of data feeds (logs) into ArcSight. Perform Content Development to properly identify data feeding ArcSight. Develop filters to assist in the identification of significant events.
- Coordinate with client engineering staff for modifications, downtimes, and upgrades.
- Develop reports (manual and automated) to support the development, collection, and reporting of Quality Assurance and Performance metrics (as defined by the client).
- Develop dashboards/reports for external customers for system monitoring.
- Provide ad-hoc training to analysts focusing on specific client missions, including generic ArcSight training sessions and Custom Use Case training sessions.
- Provide recommendations and implement changes to optimze ArcSight products in the customer environment.
- Support the client in fact finding or case supporting tasks as it relates to ArcSight.
- Evaluate relative ArcSight product advancements and provide recommendations to the customer
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Top Secret clearance is required and must be eligible for SCI.
Candidates must have at least 3 years of hands-on working experience with ArcSight. Should be familiar with deploying, installing and administering ArcSight ESM 4.5+ on a variety of environments.
Candidates must have content development experience, some scripting experience, and IdentityView knowledge is preferred but not mandatory. Candidates should also have real/significant experience developing content/use cases and have experience with Flex Connectors.
Linux experience is strongly recommended.
ArcSight ESM Security Analyst (AESA) --- formally ArcSight Certified Security Analyst (ACSA) ; ArcSight ESM Integrator/Administrator (AEIA) --- formally ArcSight Certified Integrator/Administrator (ACIA); and ArcSight Advanced Administration certifications are strongly preferred.