Saudi Aramco Careers
HP ArcSight Senior Analyst
Requisition ID: 1019955
Req Number: 15209BR
We are seeking an HP ArcSight Senior Analyst to join the Security Intelligence Center Division of Information Technology.
The Security Intelligence Center Division is responsible for providing security operations, including 7/24 Security Operations Center (SOC), cyber intelligence, forensic services, network and endpoint protections as well as running Security Information and Event Management (SIEM), Log Management System (LMS) and Cyber Intelligence Management System (CIMS).
The HP ArcSight Senior Analyst primary role is for day-to-day ArcSight administration and tuning. Work closely with security staff to develop high fidelity use cases for detecting malicious activity to support security operations.
As the successful candidate you will hold a Bachelor’s degree in Computer Science from a recognized and approved program. An advanced degree is preferred.
You will have seven or more years of experience in information security, including at least five in ArcSight administration. You must have a strong understanding of building and administrating ArcSight (or similar SIEM platform) use cases & content. You will be able to demonstrate understanding of information systems security; network architecture; general database concepts; document management; hardware and software troubleshooting; electronic mail systems. You must have an understanding of Log Format and Source Data for ArcSight Analysis and experience with Flex Connectors, and content development. Solid experience on developing custom parsers and integration of ArcSight with other systems is a requirement. You will be able to demonstrate familiarity with common protocols such as: DNS, DHCP, LDAP, SNMP, SMTP, HTTP, and SSL. Experience with RHEL (Red Hat Enterprise Linux) is preferred. Two or more certifications are also necessary, such as Certified Ethical Hacker (CEH), ArcSight Certified Integrator/Administrator (ACIA), ArcSight Certified Security Analyst (ACSA), EC-Council Certified Security Analyst, Cisco Certified Network Associate (CCNA) or similar certification or equivalent academic courses (higher education).
Duties & Responsibilities:
You will be required to perform the following:
Develop content for the enterprise ArcSight SIEM (Rules, use cases, threat cases, reports and dashboards).
Develop technologies for ArcSight, such as ArcSight ESM Loggers, ArcSight Smart Connectors, ArcSight Flex Connectors, ArcSight custom parsers, filters to assist in the identification of significant events.
Deploy and administer ArcSight ESM. Support the integration of ArcSight with other applications and systems.
Configure ArcSight SIEM tool performance and event data quality to maximize SIEM system efficiency.
Provide content development to include reports, dashboards, real-time rules, filters and active channels.
Develop and institute standard procedures for the “front-end” operation of the SIEM system.
Ensure all necessary logging sources are reporting to the ArcSight SIEM. Creation of technically detailed reports on the status of the SIEM to include metrics on items such as number of logging sources; log collection rate, and server performance.
Use ArcSight logs along with other correlated data from the SIEM to aid investigations and provide additional visibility or insight into attacks.
Tune ArcSight as appropriate in line with business and infrastructure requirements.
Patch and update ArcSight SIEM application software as needed to maintain the application to current supported version.
Leverage information available in the ArcSight SIEM infrastructure to improve the Content Management process.