- Competitive daily rate
- 01/02/18 - Flexible
My client a Dutch organization is urgently looking for an Arcsight Specialist to work on inital 6 month contract with a high possibility of Extension, based in The Hague.
We are looking for a SIEM specialist who can contribute to optimizing the ArcSight SIEM for a period of (at least) 6 months and take care of the daily management of the environment (s). The position means that you are very closely integrated with the SOC team, tailoring the SIEM for successful detection of threats and examining problems that the SOC analysts have with regard to daily use, through their activities and the SIEM itself. monitor. As a result, you play a role in the development of SmartConnectors / FlexConnectors when connecting new log sources, in addition to the development and maintenance of the existing Content for the SIEM (eg controlling and creating rules, reports, active lists, dashboards, etc.). etc). In addition, you play and role in the onboarding process of new Use Cases. As a result of a close relationship with the SOC team, you should ideally have a background as a SOC Analyst yourself (for example, you have used ArcSight in the past to check for IOCs / security incidents). It is also desirable that in certain cases you can assist in the operational process to help the security analysts analyze events.
The work includes:
- Installation and configuration of HP ArcSight components:
(ESM, flex-connectors and logger) - Installation and configuration of HP ArcSight ESM solution- Installation and configuration of Flex connectors
- Testing the performance of the different SIEM components
- Patching, if necessary, to the latest Service Patch and updating SSL Certificates
- Connecting the various HP ArcSight components to the different networks (dev, test, install, etc.)
- Migration from Logger to another platform within Configuration of flex connector for the integration of new applications
- Configuration of data collection and validation of the data collection, standardization and storage of events.
- Tuning of the existing Connectors
- Event mapping and filtering and aggregation rules to the Connectors in accordance with the requirements of the log policy and basic security monitoring
- Translation of user stories and requirements in detailed use case definition (eg Reports, Alerts etc).
- Create content (filters, rules, dashboards, reports, assets) to meet the usage specifications provided by customers.
- Develop and implement HP ArcSight content to meet the requirements of the end user. The tools can include any feature of ArcSight ESM, including (but not limited to) correlation rules, data monitors, reports, event annotation placements, case customization, active lists and pattern discovery.
Testing and tuning of the developed content is required and coincides with the development process.
- Delivery and maintenance of detailed design documentation, detailed installation, configuration and troubleshooting manuals.
- Part of the function is demonstration and transfer of knowledge to the SOC team.
• Previous experience with the management of the ArcSight SIEM, SmartConnectors and ArcMC
• Experience in creating and solving problems with parsers for Standard Smart Connectors and FlexConnectors
• Knowledge of regular expressions
• Experience with the boarding of new log sources on ArcSight
For immedaite consideration please get in touch Directly at :