We are looking for a Security Engineer with knowledge and experience with tools like IDS, IPS, SIEM/UBA/NBAD, infrastructure security, scripting, Linux and Windows Server Operating Systems and log file management. Preferably, you possess the follow capabilities and characteristics:
- You have experience with ArcSight and you understand the architecture and components around SIEM like technologies;
- You have experience of infrastructure and application integration;
- You have experience with Log Collection and Log Management;
- You have experience with Linux and Windows Server operating systems as well as scripting within environments such as bash or PowerShell;
- You have networking knowledge and can configure, debug and troubleshoot based on specific layers of the TCP/IP and OSI stacks;
- You have excellent debugging and troubleshooting capabilities and are experienced with reading and interpreting raw logs;
- You have at least 5 years of experience in this domain;
- Bachelor's/Master’s degree in Computer Science/ Information Security.
The Security Engineer candidate will be performing the below mentioned day-to-day tasks.
Installation and Configuration:
- Installation and configuration of ArcSight ESM solution;
- Development, installation and configuration of Smart and Flex connectors;
- Event mapping, filtering and aggregation at the Connector level;
- Installation and configuration of Logger;
- Testing of the performance of the various SIEM components;
- Connecting the various ArcSight components to the various networks (dev, test, production, etc.);
- Configure data collection and validate the correct collection, normalization and storage of events;
- Troubleshooting, fine-tuning and automating daily tasks.
- Patching, as necessary, to the latest Service Patch and updating the SSL Certificate;
- System updates and upgrades;
- System Back-up and Restore;
- Capacity and performance monitoring;
- Debugging and fixing log collection issues;
- Debugging and fixing various ArcSight components.
- Experienced in Use Case development;
- Good experience of ArcSight Rules, Reports and Dashboards;
- Comfortable in building flex connectors.
- Splunk knowledge is a major plus;
- Experience with the most common operating systems management and monitoring such as Linux and Windows Server;
- Experience with basic bash/shell and PowerShell scripting;
- Experience with networking protocols and tools (SMTP, HTTP/HTTPS, TCP/UDP, FTP, SSH, SCP ...) and networking stacks (TCP/IP and OSI);
- Experience with debugging network related issues;
- Cloud related infrastructure deployments / tools experience is a plus (Azure, AWS, CASB, Office 365 ...);
- Experience with network behavior anomaly detection tools such as Darktrace or similar;
- Experience with firewalls, UTMs, NG Firewalls and proxies such as: PaloAlto, CheckPoint, Z-Scaler or similar.
Certifications and accreditations:
The following certifications (or equivalents) would be a plus:
- ArcSight Administrator or Analyst related certifications / trainings;
- Splunk related certifications;
- Windows Infrastructure / Server / Cloud related certifications;
- Linux (RedHat, LPIC ...) related certifications;
- Relevant major security vendors related certifications;
- CISSP, CCSP, CompTIASecurity+ or equivalent.
For more information, call +31 (0) 345 506 105 or send an email to email@example.com