Administer, operate, and maintain SIEM environment, including installation, configuration, tuning, and maintenance of SIEM components, such as: event collectors, loggers, correlation engine, and databases
- Upgrade and patch the SIEM and other security platforms to the latest versions
- Develop processes and documentation to magnify the benefits of existing tools
- Perform security gap analysis in support of new products as well as the tuning of existing tools
- Work with internal customers to develop requirements to meet their security objectives related to Log Management and SIEM
- Create collaborative environment that encourages growth and information sharing including mentoring and educating team members
- Review current reporting and compliance goals, and verify reports to ensure they are meeting these goals
- Provide the highest level of support for SIEM environment
- 4+ years of Information Security experience
- 3+ years administrative experience deploying, configuring, troubleshooting, and maintaining SIEM components
- 3+ years engineering experience creating correlation, dashboard, and reporting content using SIEM
- Advanced knowledge of content creation concepts and best practices as well as networking experience
- Excellent problem-solving and technical skills
- Experience with any combination of the following: Syslog, TCP/IP, Networking, Linux/Unix, Windows, OSX, Active Directory, Event Analysis, NIST standards and guidelines, Database Activity Monitoring, MS SQL, Oracle, SAN architecture, firewalls, IPS/IDS, A/V, advanced networking
- Expert-level understanding and knowledge of the principles of log management and preferably the Arcsight SIEM toolset
- Experience planning, scaling, implementing, monitoring, and troubleshooting an SIEM environment
- Knowledge of core security principles and tool management that is product agnostic
- Clear understanding of Windows AD logs, SQL and Oracle events
- Must possess the ability to provide best practices subject matter expertise regarding log management system integration, alerting and reporting.
- High analytical skills: must be able to perform analysis and tuning of all incoming security events for threat detection, and increase the efficiency of processing, maximize true threat identification, and ensure accurate reports for auditing. Has the ability to draw meaningful conclusions from reported events, and implement appropriate reporting.
- Required to understand the business and technical requirements, architecture and design specifications and developing the associated content and documentation.