Beschreibung
For a seven month project with continuation option at our banking client in Zurich we are looking for immediate support in the form of aArcSight Security Consultant (2016)
to expand the coverage of security event sources and threats based monitoring use cases on our clients’ Security Incident and Event Management (SIEM) platform.
The following is project scope in three steps:
1. Define and implement preliminary ArcSight reports, views, and alerting rules based on use cases
2. Review the run-time performance of these ArcSight reports, views and alerting rules; identify issues (false positives) and remediate / improve of the reports, views and alerting rules (a.k.a. base-lining)
3. Implement the resulting security monitoring rules in the Security Operations Center
We are looking for an experienced information security analyst who is capable of independently performing phases 1 and 2 as described above. This role will be the interface between business (who drives the monitoring use cases), engineering (who ultimately implements the ArcSight reports, views, and rules) and the SOC (who is the user and beneficiary of the new rules).
Requirements for the ideal candidate:
• Understands monitoring use cases and business requirements and translates them into SIEM (ArcSight) reports, views, and rules;
• Analyzes security events originating from various sources like Windows or UNIX servers, network devices, databases, malware scanners, etc. and determines how they can be leveraged to implement the desired monitoring use cases;
• Improves quality of raw and processed logs, identifies gaps
• Analyzes the performance of ArcSight reports, views and rules; recognizes problems by identifying anormalities and evaluating trends; proposes improvements and measures to fix the identified issues with ArcSight reports and alerts; cooperates with platform owners to support issue resolution
• Determines threat / risk level for prioritization of resolution activities
• Proposes monitoring rules and reports that focus on relevant correlations and alerts with low rate of false positives, which then are manageable by Security Operations Center
• Coordinates with SOC service management
• University or comparable level degree in Information Technology
• Special education in Information Security required
• Major experience in the configuration and tuning of SIEMs (3 years)
• Knowledge of ArcSight is an advantage
• Experience in Security Operations and as Business Analyst
• Experience in System Administration, Network Security, Information Security Policies, Network Troubleshooting, Firewall Administration, Network Protocols, Routers, Hubs, and Switches
• Strong analytical thinking, ability to oversee complex problems
• Skilled in dealing with sensitive matters and people
• Ability to work independently and without direct supervision
• Well versed in English, orally and in writing
If you consider yourself the ideal candidate, we look forward to receiving your application in word format on