Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Similar documents
National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Click to edit Master title style. DIY vs. Managed SIEM

Unlocking the Power of the Cloud

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

BUILDING AND MAINTAINING SOC

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Solutions Technology, Inc. (STI) Corporate Capability Brief

Continuous protection to reduce risk and maintain production availability

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

locuz.com SOC Services

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Global Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009

ArcSight Activate Framework

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

Job Specification & Recruiting Profile of Vacancy

Securing Your Digital Transformation

Canada Life Cyber Security Statement 2018

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

the SWIFT Customer Security

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

RSA NetWitness Suite Respond in Minutes, Not Months

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

Consolidation Committee Final Report

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Cyber Security Program

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

Automating the Top 20 CIS Critical Security Controls

Proactive Approach to Cyber Security

Suma Soft s IT Risk & Security Management Solutions for Global Enterprises

भ रत य ररज़र व ब क. Setting up and Operationalising Cyber Security Operation Centre (C-SOC)

One Hospital s Cybersecurity Journey

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Cyber Security Technologies

Sage Data Security Services Directory

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Job Descriptions and Person Specifications for Information and Communication Technology (ICT) Officers and Communication Officers

Reinvent Your 2013 Security Management Strategy

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

NEXT GENERATION SECURITY OPERATIONS CENTER

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Total Security Management PCI DSS Compliance Guide

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

Cyber Security For Business

Security

CYBER RESILIENCE & INCIDENT RESPONSE

Manchester Metropolitan University Information Security Strategy

C T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified

Security Incident Management in Microsoft Dynamics 365

to Enhance Your Cyber Security Needs

Certified Information Security Manager (CISM) Course Overview

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

CYBER SECURITY OPERATION CENTER

Defining Computer Security Incident Response Teams

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

Emerging Issues: Cybersecurity. Directors College 2015

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

NATIONAL INFORMATION TECHNOLOGY AUTHORITY - UGANDA (NITA-U) REGIONAL COMMUNICATIONS INFRASTRUCTURE PROGRAM (RCIP) INFORMATION SECURITY SPECIALIST

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

Snort: The World s Most Widely Deployed IPS Technology

Enabling Security Controls, Supporting Business Results

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

CompTIA CASP (Advanced Security Practitioner)

6 MILLION AVERAGE PAY. CYBER Security. How many cyber security professionals will be added in 2019? for popular indursty positions are

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

How AlienVault ICS SIEM Supports Compliance with CFATS

CYBERSECURITY MATURITY ASSESSMENT

Managing Microsoft 365 Identity and Access

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

SIEM (Security Information Event Management)

ORACLE SERVICES FOR APPLICATION MIGRATIONS TO ORACLE HARDWARE INFRASTRUCTURES

KEDAYAM A KAAPAGAM MANAGED SECURITY SERVICES. Kaapagam Technologies Sdn. Bhd. ( T)

RSA ADVANCED SOC SERVICES

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

INFORMATION ASSURANCE DIRECTORATE

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Security. Protect your business from security threats with Pearl Technology. The Connection That Matters Most

Twilio cloud communications SECURITY

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Information Security Controls Policy

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

State of Security Operations

Security by Default: Enabling Transformation Through Cyber Resilience

External Supplier Control Obligations. Cyber Security

Industrial Defender ASM. for Automation Systems Management

TRUE SECURITY-AS-A-SERVICE

HRSD Position Description: UNIX Systems Administrator

SIEM: Five Requirements that Solve the Bigger Business Issues

Will your application be secure enough when Robots produce code for you?

Transcription:

Position: Reports to: Location: Security Monitoring Engineer / (NY or NC) Director, Information Security New York, NY or Winston-Salem, NC Position Summary: The Clearing House (TCH) Information Security (IS) group is responsible for information security and risk identification throughout the Company s overall business strategy. TCH is looking for Security Monitoring Engineer as an expert in HP ArcSight integration engineering technology. The Security Monitoring Engineer is responsible for all aspects of SIEM solution, (event lifecycle, managing implementation, partitions and retention policies, administering ArcSight ESM, Express, Logger and Connector Appliances, Backups, Patch Management and Troubleshooting and related metrics). Security Monitoring Engineer will also support security awareness, Information security incident management and IS core processes. Position Requirements: Essential Functions: ArcSight Skills: Develop content for a complex and growing ArcSight infrastructure. This includes Use Cases, Dashboards, Active Channels, Reports, Rules, Filters, Trends, and Active & Session Lists. Provide optimization of data flow using aggregation, filters, etc. Develop custom Flex Connector as required to meet use case objectives. Manage ArcSight Security Information and Event Management systems to include ArcSight ESM, Express, Connector appliances/smartconnectors, Logger appliances, Windows and Linux servers, network devices and backups. Life-cycle management of the ArcSight platforms to including coordination and planning of upgrades, new deployments, and maintaining current operational data flows. Perform defined system designs, data lifecycles, and reporting tasks for

identification of malicious activity. Apply Configuration Management disciplines to maintain hardware/software revisions, ArcSight content, security patches, hardening, and documentation. Recommend configuration changes to improve the performance, usability, and value of cyber analysis tools. Work closely with IT and IS to maintain Security requirements for Operation of ArcSight systems. Support all aspects of Security Information and Event Management initiative and provide guidance to security analyst and network engineering staff. Support the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses. Coordinate and conducting event collection, log management, event management, compliance automation, and identity monitoring activities. Respond to day-to-day security requests relating to ArcSight operations. Vulnerability, configuration and asset management (ArcSight Network Model). Tunes ArcSight performance and event data quality to maximized ArcSight system efficiency. Assists with analysts using ArcSight and other tools to detect and respond to IT security incidents. Perform routine equipment checks and preventative maintenance. Performing systems hardening to Industry Standards (DoD, CIS, etc.). Maintain up to date documentation of designs/configurations. Create shell and perl scripts to facilitate automated tasks. Manage trouble ticketing system (ArcSight Case Management) and develop reports for TCH customers as required. Threat Analysis Skills: Perform threats and vulnerability assessment and provide subject matter expertise on appropriate threat mitigation. Actively monitor security threats and risks involving critical infrastructure. Perform in-depth analysis in support of network monitoring and incident response operations.

Manage Threat Monitoring service (delivery, configuration, installs, etc.) as well as Threat Intelligence and business analytics that fuse data from all monitoring feeds for correlation and analysis. Conduct Research of emerging security threats. Collaborate with the Advanced Threat and IR Analyst (Vulnerability Scanner/Incident Response) to develop and implement innovative strategies for monitoring and preventing attackers. Assist customers in reducing their threat footprint by suggesting network and host-level controls that limit an attacker s access and alert upon a security event. Monitoring and Incident Management Skills: Advanced Network Monitoring using real-time forensics. Develop appropriate metrics (key risk and Performance indicators) to measure the monitoring program and related process. Assess the impact of potentially malicious traffic on customer networks. Determine impact of potential intrusions on the network and infrastructure. Develop/Monitor basic IDS/IPS rules to identify and/or prevent malicious activity. Identify intrusion activity by leveraging alert data from multiple sensors and systems and determine priority for response. System and network log collection, correlation and reporting (This includes use cases for Dashboards, Active Channels, Reports, Rules, Filters, Trends, and Active Lists). Familiar with latest security vulnerabilities, advisories, incidents, penetration techniques. Understanding current vulnerabilities, attacks, and countermeasures. Propose additional components and techniques that could be used to proactively detect and prevent malicious activity. Work with third party MSSP, and other company wide engineers, analysts, managers and others on monitoring and incidents

Administrative Skills: Adhering to established internal procedures and guidelines. Articulating security issues to customers, both verbally and written. Assist in TCH s employee IS awareness and training needs. Continue self-development of knowledge, skills, and abilities to better support execution of the IS function. Provide guidance to security analyst and network engineering staff. Provide security consulting to TCH s technology, operations, and business on an ongoing basis. Publish incidents, alerts, advisories, and bulletins as required. Serve as primary contact point for stakeholders reporting potential security events in IS. Understand regulations and governmental initiatives impacting the TCH technology environment and systems, work with appropriate teams to ensure proper understanding of potential gaps, and propose strategic but practical response policies, plans, and projects. Knowledge & Skills: Prior information Security and Risk Management experience, HP Arcsight or other SIEM management experience and preferably experience in incident response and forensics. Must be a seasoned Security Monitoring Engineer to proactively manage, upgrade, and improve a centrally managed infrastructure and provide customer support. Position requires strong oral and written communications skills, expert-level skills with ArcSight ESM, Express, ArcSight Logger, ArcSight Connector Appliances, ArcSight Case management, ArcSight trends, and reporting. Secondary skill with Vulnerability scanner, Intrusion Detection/Protection Systems (IDS) / (IPS), firewalls, and signature development is highly desired. Additionally, significant experience with Linux and Windows operating systems, knowledge of virtual environments, malware analysis and APT Methodologies. Candidate should have broad technical knowledge on a number of security

technologies and a solid understanding of information and networking security. Soft skills such as the ability to build relationships, build consensus, negotiate solutions, and guide customers through their decision process are highly desirable. Project Management experience. Experience/Education/Certification: Bachelor's degree in engineering, computer science, or a related field with minimum of 8 years of experience; Candidate requires 5+ years of experience delivering systems administration/engineering support, to include specific experiences with ArcSight ESM, Express, Logger, and Connector Appliances). Strong communication and negotiation skills. Strong analytical and problem solving skills. Ability to work with all levels within the organization ArcSight Certified Security Analyst (ACSA) certification and/or Certification in ArcSight content development is desired. Membership with FS-ISAC, US-CERT and other relevant technological knowledge sharing forums is desired. Knowledge of ISO27001/ISO31000, NIST 800-137 and similar standards is preferred. PLEASE APPLY IMMEDIATELY by emailing in a single submission: a letter of interest describing your experience and interest in the position, your resume and names or letters of reference immediately to human.resources@theclearinghouse.org. Please use Security Monitoring Engineer as the subject of your email. Only complete applications will be reviewed. The Clearing House is an equal opportunity employer

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback