Security Engineer

We are looking for a Security Engineer with knowledge and experience with tools like IDS, IPS, SIEM/UBA/NBAD, infrastructure security, scripting, Linux and Windows Server Operating Systems and log file management. Preferably, you possess the follow capabilities and characteristics:

  • You have experience with ArcSight and you understand the architecture and components around SIEM like technologies;
  • You have experience of infrastructure and application integration;
  • You have experience with Log Collection and Log Management;
  • You have experience with Linux and Windows Server operating systems as well as scripting within environments such as bash or PowerShell;
  • You have networking knowledge and can configure, debug and troubleshoot based on specific layers of the TCP/IP and OSI stacks;
  • You have excellent debugging and troubleshooting capabilities and are experienced with reading and interpreting raw logs;
  • You have at least 5 years of experience in this domain;
  • Bachelor's/Master’s degree in Computer Science/ Information Security.

Expertise:

The Security Engineer candidate will be performing the below mentioned day-to-day tasks.

Installation and Configuration:

  • Installation and configuration of ArcSight ESM solution;
  • Development, installation and configuration of Smart and Flex connectors;
  • Event mapping, filtering and aggregation at the Connector level;
  • Installation and configuration of Logger;
  • Testing of the performance of the various SIEM components;
  • Connecting the various ArcSight components to the various networks (dev, test, production, etc.);
  • Configure data collection and validate the correct collection, normalization and storage of events;
  • Troubleshooting, fine-tuning and automating daily tasks.

Administrative:

  • Patching, as necessary, to the latest Service Patch and updating the SSL Certificate;
  • System updates and upgrades;
  • System Back-up and Restore;
  • Capacity and performance monitoring;
  • Debugging and fixing log collection issues;
  • Debugging and fixing various ArcSight components.

Engineering:

  • Experienced in Use Case development;
  • Good experience of ArcSight Rules, Reports and Dashboards;
  • Comfortable in building flex connectors.

Additional Experience:

  • Splunk knowledge is a major plus;
  • Experience with the most common operating systems management and monitoring such as Linux and Windows Server;
  • Experience with basic bash/shell and PowerShell scripting;
  • Experience with networking protocols and tools (SMTP, HTTP/HTTPS, TCP/UDP, FTP, SSH, SCP ...) and networking stacks (TCP/IP and OSI);
  • Experience with debugging network related issues;
  • Cloud related infrastructure deployments / tools experience is a plus (Azure, AWS, CASB, Office 365 ...);
  • Experience with network behavior anomaly detection tools such as Darktrace or similar;
  • Experience with firewalls, UTMs, NG Firewalls and proxies such as: PaloAlto, CheckPoint, Z-Scaler or similar.

Certifications and accreditations:
The following certifications (or equivalents) would be a plus:

  • ArcSight Administrator or Analyst related certifications / trainings;
  • Splunk related certifications;
  • Windows Infrastructure / Server / Cloud related certifications;
  • Linux (RedHat, LPIC ...) related certifications;
  • Relevant major security vendors related certifications;
  • CISSP, CCSP, CompTIASecurity+ or equivalent.

For more information, call +31 (0) 345 506 105 or send an email to hrm@isoc24.com

Vendors

Sourcefire, Niksun, Netwrix, Redsocks, Rapid 7, Unomaly, Logpoint, Isight Partners