Brooksource is looking for a Senior ArcSight/SIEM Engineer to join one of our leading healthcare clients on a 12-month contract in Charlotte, NC. Our client is in the process of retiring their ArcSight infrastructure to Splunk and is looking for a talented SME to assist with complex disconnects and supporting the tool until full retirement within the next 12-18 months. This role can include:
· Supporting use cases for Dashboards, Active Channels, Reports, Rules, Filters, Trends, and Active Lists.
· Providing optimization of data flow using aggregation, filters, etc.
· Participating in the operation of ArcSight Security Information and Event Management systems to include ArcSight ESM, Connector appliances/SmartConnectors, Logger appliances, Windows and Linux servers, network devices and backups.
· Supporting life-cycle management of the ArcSight platforms to including coordination and planning of disconnects and maintaining current operational data flows.
· This Engineer is responsible for ensuring that the information security requirements necessary to protect the warranty considerations of the organization’s core business processes are adequately addressed in all aspects of enterprise architecture.
· 5-10 years’ experience with ArcSight SIEM platform (Splunk is a nice-to-have)
· Hands on experience with Windows and LINUX servers
· Experience in a Security Operations Center (SOC)
· Active Security+, CISSP, or similar information security certifications
· Detailed understanding of the TCP and IP protocol suites and ability to dissect and explain the contents of traffic and packets
· Good knowledge of regular expression, Linux CLI, and Windows
· Advanced knowledge of ArcSight SmartConnectors, Loggers, ArcMC, and ESM
· Well versed in of ArcSight parsers, including development and overrides
· Creation and/or optimization of logs ingested or soon to be ingested into the SIEM solution
· Troubleshooting and assisting in resolution of blockers for the ingestion of events into the SIEM solution
· Ability to multi-task in a deadline-oriented environment
· Demonstrated ability to work well independently in a remote environment
· Experience with configuration of debug, event generation and logging functionality within application and operating systems, using Syslog or flat file generation
· (Direct report): Reporting directly to the Cyber Security Systems Engineering Manager
· (Hours): Regular 8-5 M-F (potential overtime with disconnects or critical disruption events)
· (Dress code): Business casual
· (Location): Indian Land, SC (currently remote)
· (Start): ASAP
Brooksource provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.