ArcSight SME

  • Full-time

Company Description

Beaulieu & Associates, Inc. was founded in 2007 with the vision of being the antithesis of today's recruiting practices by offering a unique, high-end approach to IT Staffing and Recruiting.  Today more than ever, our clients appreciate our ability to understand their requirements and consistently find and engage great people. The depth of our offering goes way beyond traditional staffing.   In our world, integrity, trust and mutual respect encourage a spirit of true collaboration aimed at producing performance, results and overall value.

Our mission, our passion is helping people, teams and entire organizations achieve the success they desire.  Why not hire the best!

 

Job Description

Beaullieu & Associates is seeking candidates for an ArcSight SME for a Direct Placement with a San Antonio area Government Contractor.   This position requires an active Top Secret - SCI Clearance.   

 

The focus of this position will be developing content for a complex and growing ArcSight infrastructure deployed within the United States Air Force networks, gateways, base boundaries, joint regional security stacks, and C2 Nodes.

Position Requirements

  • Must have an Active TS/SCI security clearance in JPAS
  • Must possess strong written and verbal communication skills and must be capable of the understanding, documenting, communicating and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertise
  • Must have demonstrated ability to build and implement event correlation rules, filters, logic, and content in the security information event management (SIEM) system with specific experience in the ArcSight ESM environment
  • Must have demonstrated ability to tune the SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives (High Benign Trigger Probability) and/or known errors.
  • Must have experience maintaining an event schema with customized security severity criteria
  • Must have experience creating scheduled and ad-hoc reporting with SEIM tools.
  • Must possess a thorough and in-depth understanding of SIEM technologies and event collector deployments in the Windows and Linux operating environments
  • This position requires at least five (5) years of experience in developing, implementing and managing ArcSight ESM correlation rules, filters and content

Responsibilities

 

  • This includes use cases for Dashboards, Active Channels, Reports, Rules, 
    Filters, Trends, and Active Lists.
  • Provides optimization of data flow using aggregation, filters, etc.
  • Participates in the operation of ArcSight Security Information and Event Management systems to include ArcSight ESM, Connector appliances/SmartConnectors, Logger appliances, Windows and Linux servers, network devices and backups.
  • Supports life-cycle management of the ArcSight platforms to including coordination and planning of upgrades, new deployments, and maintaining current operational data flows.
  • Applies Configuration Management disciplines to maintain hardware/software revisions, ArcSight content, security patches, hardening, and documentation.
  • Works closely with A&A/C&A Team to maintain Security requirements for operation of ArcSight systems. Supports the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses.
  • Develops Checklists, Standard Operation Procedures (SOP), Tactics, Techniques and Procedures (TTP) for the warfighter.

Qualifications

Preferred Qualifications:

  • Attendance and completion of Advanced ArcSight ESM, AESA, Content and Correlation etc.
  • United States Air Force experience desired

Additional Information

Are you interested? Please forward your resume and contact information. We will follow up with more details regarding this opportunity.  

Beaullieu & Associates is an Equal Opportunity Employer.