ArcSight Administrator

ArcSight Administrator

Job Code: TJ_8861
Job Location: Atlanta, Georgia
Zip Code: 30301
Job Category/Title:
Employment Category: Contract - Corp-to-Corp, Contract - Independent, Contract - W2
Position Type: Senior Level
Travel Required: No
Interview Type: In-person
Education: Associate Degree
Experience: 5-10 year(s)
Job Description: • Develop content for enterprise SIEM application, combining big data security information collection, management, and analytics capabilities with full network and log-based visibility and automated threat intelligence from commercial vendor and other government agencies.
• Develop and upgrade dashboards, channels, filters, rules, and reports, as needed. Integrate threat intelligence. Maintain and upgrade application to current supported version. Patch and update application software as needed. Maintain version control and document all changes.
• Develop processes for application use by all ArcSight users.
• Provide support for Information Security requests: Review security policy clarifications and exception requests; lead Security projects; triage general security questions from other internal teams.
• Tune, monitor and analyze network traffic and respond to IDS alerts
• Analyze network and host-based security logs to identify potential security threats. Participate in incident response and triage
• Participate in an on call rotation including after hours and weekends to support critical security issues. Drive down mean time to resolution for all Security work. Continuously create and review documentation for Security Operations procedures.
• Work with the GRC team to develop the policies, standards and procedures related to Security Management.
• Recommend steps and plans to improve EPA’s security posture via security device placement, optimization of existing architecture, and evaluation and implementation of new technologies.
• Assess new and emerging security threats to identify security risks and impacts to WAN and data center operations.
• Provide technical guidance for and participate in the installation, configuration, and management of enterprise security infrastructure, including IPS, firewalls, VPN, and vulnerability scanners.
• Review IPS system and SIEM tool logs, report potentially malicious findings, and assist with incident response activities.
• Assist firewall team with development, review, implementation, and audit of firewall rules.
• Oversee the hardening, monitoring, and maintenance of security components to provide protection against malicious external threats to EPA’s intranet, public access, and DMZ networks.
• Provide weekly and monthly status, performance, and compliance reports as required by client.
• Participate in a 24x7 on-call support rotation to resolve issues with security infrastructure devices.
• Assist system administrators with interpretation of vulnerability scan results and remediation efforts as needed.
• Review general support systems (GSS) and application security plans for compliance with NIST guidelines, and help document the implementation and successful operation of technical security controls.
• Support and participate in external oversight audits as needed. Document audit findings in a Plan of Action and Milestones (POAM), and track mitigation progress.
• Maintain and update Standard Operating Procedures and Standard Configuration Documents for security infrastructure components.
• Closely coordinate with and assist other task orders and teams as required, especially the Network Operations team, Internet and managed service providers, and Enterprise Computer Security Incident Management (ECSIM).
Duration: 6 Month(s)
No. of Posts: 1
Job Expiry Date: December 1, 2016
Telecommute: No
Contact Information Login To View