Position: Reports to: Location: Security Monitoring Engineer / (NY or NC) Director, Information Security New York, NY or Winston-Salem, NC Position Summary: The Clearing House (TCH) Information Security (IS) group is responsible for information security and risk identification throughout the Company s overall business strategy. TCH is looking for Security Monitoring Engineer as an expert in HP ArcSight integration engineering technology. The Security Monitoring Engineer is responsible for all aspects of SIEM solution, (event lifecycle, managing implementation, partitions and retention policies, administering ArcSight ESM, Express, Logger and Connector Appliances, Backups, Patch Management and Troubleshooting and related metrics). Security Monitoring Engineer will also support security awareness, Information security incident management and IS core processes. Position Requirements: Essential Functions: ArcSight Skills: Develop content for a complex and growing ArcSight infrastructure. This includes Use Cases, Dashboards, Active Channels, Reports, Rules, Filters, Trends, and Active & Session Lists. Provide optimization of data flow using aggregation, filters, etc. Develop custom Flex Connector as required to meet use case objectives. Manage ArcSight Security Information and Event Management systems to include ArcSight ESM, Express, Connector appliances/smartconnectors, Logger appliances, Windows and Linux servers, network devices and backups. Life-cycle management of the ArcSight platforms to including coordination and planning of upgrades, new deployments, and maintaining current operational data flows. Perform defined system designs, data lifecycles, and reporting tasks for
identification of malicious activity. Apply Configuration Management disciplines to maintain hardware/software revisions, ArcSight content, security patches, hardening, and documentation. Recommend configuration changes to improve the performance, usability, and value of cyber analysis tools. Work closely with IT and IS to maintain Security requirements for Operation of ArcSight systems. Support all aspects of Security Information and Event Management initiative and provide guidance to security analyst and network engineering staff. Support the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses. Coordinate and conducting event collection, log management, event management, compliance automation, and identity monitoring activities. Respond to day-to-day security requests relating to ArcSight operations. Vulnerability, configuration and asset management (ArcSight Network Model). Tunes ArcSight performance and event data quality to maximized ArcSight system efficiency. Assists with analysts using ArcSight and other tools to detect and respond to IT security incidents. Perform routine equipment checks and preventative maintenance. Performing systems hardening to Industry Standards (DoD, CIS, etc.). Maintain up to date documentation of designs/configurations. Create shell and perl scripts to facilitate automated tasks. Manage trouble ticketing system (ArcSight Case Management) and develop reports for TCH customers as required. Threat Analysis Skills: Perform threats and vulnerability assessment and provide subject matter expertise on appropriate threat mitigation. Actively monitor security threats and risks involving critical infrastructure. Perform in-depth analysis in support of network monitoring and incident response operations.
Manage Threat Monitoring service (delivery, configuration, installs, etc.) as well as Threat Intelligence and business analytics that fuse data from all monitoring feeds for correlation and analysis. Conduct Research of emerging security threats. Collaborate with the Advanced Threat and IR Analyst (Vulnerability Scanner/Incident Response) to develop and implement innovative strategies for monitoring and preventing attackers. Assist customers in reducing their threat footprint by suggesting network and host-level controls that limit an attacker s access and alert upon a security event. Monitoring and Incident Management Skills: Advanced Network Monitoring using real-time forensics. Develop appropriate metrics (key risk and Performance indicators) to measure the monitoring program and related process. Assess the impact of potentially malicious traffic on customer networks. Determine impact of potential intrusions on the network and infrastructure. Develop/Monitor basic IDS/IPS rules to identify and/or prevent malicious activity. Identify intrusion activity by leveraging alert data from multiple sensors and systems and determine priority for response. System and network log collection, correlation and reporting (This includes use cases for Dashboards, Active Channels, Reports, Rules, Filters, Trends, and Active Lists). Familiar with latest security vulnerabilities, advisories, incidents, penetration techniques. Understanding current vulnerabilities, attacks, and countermeasures. Propose additional components and techniques that could be used to proactively detect and prevent malicious activity. Work with third party MSSP, and other company wide engineers, analysts, managers and others on monitoring and incidents
Administrative Skills: Adhering to established internal procedures and guidelines. Articulating security issues to customers, both verbally and written. Assist in TCH s employee IS awareness and training needs. Continue self-development of knowledge, skills, and abilities to better support execution of the IS function. Provide guidance to security analyst and network engineering staff. Provide security consulting to TCH s technology, operations, and business on an ongoing basis. Publish incidents, alerts, advisories, and bulletins as required. Serve as primary contact point for stakeholders reporting potential security events in IS. Understand regulations and governmental initiatives impacting the TCH technology environment and systems, work with appropriate teams to ensure proper understanding of potential gaps, and propose strategic but practical response policies, plans, and projects. Knowledge & Skills: Prior information Security and Risk Management experience, HP Arcsight or other SIEM management experience and preferably experience in incident response and forensics. Must be a seasoned Security Monitoring Engineer to proactively manage, upgrade, and improve a centrally managed infrastructure and provide customer support. Position requires strong oral and written communications skills, expert-level skills with ArcSight ESM, Express, ArcSight Logger, ArcSight Connector Appliances, ArcSight Case management, ArcSight trends, and reporting. Secondary skill with Vulnerability scanner, Intrusion Detection/Protection Systems (IDS) / (IPS), firewalls, and signature development is highly desired. Additionally, significant experience with Linux and Windows operating systems, knowledge of virtual environments, malware analysis and APT Methodologies. Candidate should have broad technical knowledge on a number of security
technologies and a solid understanding of information and networking security. Soft skills such as the ability to build relationships, build consensus, negotiate solutions, and guide customers through their decision process are highly desirable. Project Management experience. Experience/Education/Certification: Bachelor's degree in engineering, computer science, or a related field with minimum of 8 years of experience; Candidate requires 5+ years of experience delivering systems administration/engineering support, to include specific experiences with ArcSight ESM, Express, Logger, and Connector Appliances). Strong communication and negotiation skills. Strong analytical and problem solving skills. Ability to work with all levels within the organization ArcSight Certified Security Analyst (ACSA) certification and/or Certification in ArcSight content development is desired. Membership with FS-ISAC, US-CERT and other relevant technological knowledge sharing forums is desired. Knowledge of ISO27001/ISO31000, NIST 800-137 and similar standards is preferred. PLEASE APPLY IMMEDIATELY by emailing in a single submission: a letter of interest describing your experience and interest in the position, your resume and names or letters of reference immediately to human.resources@theclearinghouse.org. Please use Security Monitoring Engineer as the subject of your email. Only complete applications will be reviewed. The Clearing House is an equal opportunity employer