ArcSight Content Management Engineer

Herndon, VA 20175

Job ID: 124907 Industry: Government


Candidate must have a TS/SCI Clearance in order to be considered. 

Job Description:

Our client' s  contract provides Computer Network Defense and Analysis (CND) to the customer’ s network.  Because the customer allows their user community to access their personal email accounts while on site, there is a lot of spam hitting their network regularly.  This contract is responsible for the 24 x 7 x 365 protection of the customer’ s network from maliciously intended viruses and attacks on their network.

Day to day Responsibilities:
  • Candidate will be Primarily responsible for managing the the Content captured  from the ArcSight SIEM tool every day.
  • Responsible for the monitoring and analysis of IDS/IPS alerts, logs and reports to make a determination and categorize suspected anomalies and intrusion events for further investigation and/or action, and when this determination is made, a report will be submitted for follow on to the second tier.
  • Other tools used include FireEye, ISS, McAfee Intrushield, wireshark, splunk, etc.
  • Responsible for maintaining the integrity and security of enterprise-wide cyber systems and networks.
  • Supports cyber security initiatives through both predictive and reactive analysis, articulating emerging trends to leadership and staff.
  • Coordinates resources during enterprise incident response efforts, driving incidents to timely and complete resolution.
  • Defend the enterprise network from Computer Network Attacks (CNA)
  • Create channels, filters, rules, etc. in ArcSight to help pinpoint malicious network activity
  • Deep pcap analysis
  • Solid understanding of various types of CNA’ s and attacker TTP’ s
  • DoS/DDoS attacks (syn flood, teardrop, etc.), drive-by, image cache poisoning, fast flux, zombies, botnets, XSS, etc.
  • Employs advanced forensic tools and techniques for attack reconstruction, including dead system analysis and volatile data collection and analysis.
  • Supports internal HR/Legal/Ethics investigations as forensic subject matter expert.
  • Performs network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output as it pertains to the cyber security of communications networks.
  • Reviews threat data from various sources and develops custom signatures for Open Source IDS or other custom detection capabilities.
  • Correlates actionable security events from various sources including Security Information Management System (SIMS) data and develops unique correlation techniques.
  • Utilizes understanding of attack signatures, tactics, techniques and procedures associated with advanced threats.
  • Develops analytical products fusing enterprise and all-source intelligence.
  • May conduct malware analysis of attacker tools providing indicators for enterprise defensive measures, and reverse engineer attacker encoding protocols.
  • Interfaces with external entities including law enforcement organizations, intelligence community organizations and other government agencies such as the Department of Defense.

Required Skills:
  • ArcSight set up/configuration and content management
  • Experience with IDS and IPS or, a strong background with respect to networking and network technologies or Systems Administration.
  • Linux experience

Desired Skills:
  • Experience with email electronic signatures, knowing what’ s behind them and how to go in and find out where they originate.
  • Demonstrated experience (monitoring, installation, analysis) with other systems that can collect IDS/IPS/Network Health metrics.
  • Systems Engineering or, Network Management/Monitoring Systems or Systems Administration experience.
  • ArcSight, WireShark, Putty, Splunk, WebShield, IBM ISS Proventia, Generic System Tools (Ping, Trace Route, Nslookup)
  • CCNA
  • Candidate would be required to meet the DoD IAPT Level II security compliance through being certified with a Security+, CEH or higher (CISSP, SANS GSEC, etc), within 90 days upon  joining the contract.

Job Type: Full Time  

Not ready to apply?

Send an email reminder to:

Share This Job:

Related Jobs: