Our team is looking for an experienced ArcSight Security Analyst to own, optimize and scale out our security event collection, aggregation and analysis platform to flag anomalous activities observed in the security events from mission critical Celestica systems. You will be responsible for the architecture, deployment, troubleshooting, operations and management of the security infrastructure leveraged by our team to securely collect artifacts from the applications, systems, and networking components hosting services for Celestica. The data sources vary from a wide range of first party and 3rd party artifacts such as windows event logs, unix based syslogs, vulnerability stats, endpoint security solutions, and network solutions to name a few. The platforms can be a hybrid combination of on-premise and hosted/private cloud offerings spread across complex service fabric across all geographies. We are looking for a type of person who can build/engineer/sustain a service and then be accountable to manage and continuously improve to meet evolving business needs.
Further, you will assist in the development of and follow detailed operational process and procedures to appropriately analyze, escalate, and assist in remediation of critical information security incidents.
- 3+ years of experience with SIEM platform, network security, system security, or supporting Security Information and Event Management (SIEM) tools
- Strong analytical, problem solving and interpersonal skills
- Experience with Enterprise Security Manager version Installation, configuration and maintenance with deep architecture experience
- 3+ years monitoring multiple security technologies, including the ArcSight ESM SOC Main Channel, IDS, HIPS, Windows AD event logs, syslog, anti-virus, file integrity, and vulnerability scanners for security events.
- Experience with SmartConnector installation\configuration\maintenance which includes performance optimization, troubleshooting, upgrades and FlexConnector creation
- Experience with ArcSight Management Console (or ArcSight Connector Appliance) admin\maintenance
- Experience in creating and tuning ArcSight ESM Content including rules, data Monitors, dashboards, active/session lists, reports, trends and asset/network modeling
- Prior experience with administration\installation\configuration\maintenance ArcSight Logger software or appliances
- Must evaluate and investigate detected security events to determine if they represent significant security incidents and require some level of response.
- Must have an understanding of the functionality and technology of existing systems as well as an understanding of the business critical applications and their major issues.
- Must have a general view of the current state of information security threats and vulnerabilities across the globe as well as within a large multi-national corporation.
- Suggest and work with the larger security team members to develop and refine additional monitoring content and Use Cases.
- Have parsing experience
- Device deployment experience (connectors, loggers, ESM, etc)
- Strong organization skills
- Be part of an enterprise level/scope of work
- Have experience in the analysis, design, installation, configuration, adhere and maintenance of log integration
- Have experience consulting with application/platform owners
- Willingness to be a team player
- Ability to have fun while working
ADDITIONAL PREFERRED QUALIFICATIONS:
Experience with other SIEMs, including Splunk, QRadar, or Nitro/ESM
Experience with security research, incident response, or vulnerability management and malware analysis a plus
Experience with scripting languages or automation and orchestration tools
Experience with security scanning and network packet capture tools
Experience with SPL, SQL, and other related search languages
Knowledge of networking protocols
BA or BS degree in CS, IT, or a related field
SIEM Platform Certification preferred
ArcSight Analyst V1
ArcSight Security V1