ArcSight / Forensic Analyst

ArcSight ESM, SIEM, Carbon Black,Bit9, F-Response, Forensic Analysis, ArcSight normalization schema, ArcSight categorization database
Full Time, Contract Corp-To-Corp, Contract Independent, Contract W2, 12-24 Months
Market
Telecommuting not available Travel not required

Job Description

Client has an Enterprise initiative to gather and translate data collected from network devices, in combination with various ArcSight products and forensic tools. 

 

The goal of this initiative is to collect, process, preserve, and present digital evidence, delivering an accurate analysis that will address the needs of Client’s incident response team, and assist the SIOC team, HR, and Client’s Legal in property crimes and cybercrime-related investigations.

 

To achieve these goals, the client’s team is seeking an a ArcSight Analyst/Forensic Analyst. 

 

The role will be a key contributor to success of this initiative. 

 

The analyst will work as part of a team working closely with business and IT technical team members. 

 

 

To achieve these goals, the Client’s  team is seeking an a ArcSight Analyst/Forensic Analyst.  The role will be a key contributor to success of this initiative.  The analyst will work as part of a team working closely with business and IT technical team members. 

 

The ideal ArcSight Analyst/Forensic Analyst candidate will have a good understanding of enterprise security coupled with hands-on networking and security skills, best of breed forensic toolkits, Windows, MAC and Linux operating systems, formal change of custody practice, as well as an ability to write and understand scripting languages such as Perl.

 

 

Feel free to contact me directly if you have questions. 

 

The candidate shall have the knowledge, qualifications, and experience relating to the following responsibilities:

 

Candidate Duties and Responsibilities:

The ArcSight Analyst/Forensic Analyst must take ownership of projects/tasks/issues and work them through completion.  The successful candidate for this position will work on the NRECA SIOC team and will:

 

  • Research, analyze and understand log sources, particularly from various devices in an enterprise network

  • Appropriately categorize the security messages generated by various sources into the multi-dimensional ArcSight normalization schema

  • Write and modify scripts to parse out messages and interface with the ArcSight categorization database

  • Write scripts and automation to optimize various processes involved 

  • Understand content for ArcSight ESM, including correlation rules, dashboards, reports, visualizations, etc.

  • Understand requirements to write content to address use cases based on customer requests and feedback

  • Provide back-up support to existing analysts

  • Support the development of this cross functional team to deliver clear and succinct documentation on processes and procedures

  • Provide on-call support as needed

 

Candidate Requirements and Qualifications:

 

  • 2+ years’ experience with a Security Information and Event Management (SIEM) solution such as ArcSight ESM is required

  • 2+ years’ as a ArcSight Security Analyst 

  • Hands-on experience scripting with Perl or Python

  • 2+ years working as a Security engineer

  • 2+ years working as a Forensics Analyst

  • Excellent knowledge of Forensic operations, administration and security

  • Experience examining logs and output from enterprise network devices and from applications hosted in these environments

  • Experience using Carbon Black and Bit9 as well as F-Response

  • Demonstrated technical understanding and knowledge appropriate to the role

  • Experience with performing endpoint forensics and malware analysis

  • Provide on-call support as needed

  • Experience examining logs and output from enterprise network devices and from applications hosted in these environments

  • Ability to quickly and accurately identify the meaning and severity of these log messages

  • Demonstrated technical understanding and knowledge appropriate to the role

 

  • Education: BS/MS in Computer Science or 3+ year of equivalent experience in IT Security

Posted By

3569 Habersham at Northlake, Building K Tucker, GA, 30084

Contact
Dice Id : capricor
Position Id : scarcsightARLVA
Have a Job? Post it

Similar Positions

Qradar SIEM Engineer
  • Primus Software Corp
  • Ashburn, VA
Security Analyst (ARCSIGHT) / Forensics Analyst ... HOT !!
  • Capricorn Systems, Inc.
  • Arlington, VA
SIEM Splunk Architect - 12888
  • Maxonic, Inc.
  • Fairfax, VA
Tier 3 SOC Analyst
  • Base One Technologies
  • Washington, DC
Information Security Engineer
  • IT Gateway
  • Washington, DC
Firewall Engineer
  • Quality Technology, Inc.
  • Manassas, VA
Firewall Engineer
  • ApplyLogic Consulting Group, LLC
  • Manassas, VA
firewall engineer-Secret
  • Prism, Inc.
  • Arlington, VA
Sr. Security ArcSight Admin
  • Smartlink, LLC (HQ)
  • Washington, DC
Senior Security ArcSight Administrator
  • Net2Source Inc.
  • Washington, DC
Security Specialist
  • JSL Computer Services, Inc.
  • Lanham, MD
Information Security
  • GLOBAL VISSE INC
  • Washington, DC
Qradar SIEM Engineer
  • Creospan
  • Ashburn, VA
McAfee Security Product Specialist
  • Meridian Technologies, Inc.
  • Vienna, VA