Senior ArcSight Engineer
Posted on Oct 24, 2020 by Randstad Sourceright kft
Role: Senior ArcSight Engineer
Client: 1 of UK's largest telecommunications services providers
Location: Remote, UK with occasional travel to Greater London offices
Role Type: Short term contract until the end of 2020 to begin with
The team are responsible for supporting a multitude of security controls within the business. Support may incorporate consultation, design, development, as well as in-life support. Product areas which may be supported by the team include IPS, DLP, SIEM, IRP, and Vulnerability Scanning.
The position is focused on on-boarding assets into the SIEM solution. Tasks may include identification of optimal secure ingestion methods through to designing, developing, and enhancing correlation and trending on events ingested.
Evaluation of logs generated by a product/solution and identification of log ingestion method.
Creation and/or optimisation of logs ingested or soon to be ingested into the SIEM solution - This may include multi-line parsing via syslog.
Troubleshooting and assisting in resolution of blockers for the ingestion of events into the SIEM solution.
Where required, creation and optimisation of new/existing correlation implementations associated with the log ingestion.
Documentation of the above.
Essential Skills Required:
Advanced knowledge of ArcSight SmartConnectors, Loggers, ArcMC, and ESM.
Advanced knowledge of ArcSight parsers, including development and overrides.
Knowledge of regular expression, Linux CLI, and Windows.
Knowledge of Linux and Windows Auditing.