• Provide recommendations and implement changes to optimize ArcSight and Splunk SIEM products in the customer environment.
• Health checks & configuration of rules, reports, dashboards, data monitoring etc.
• ArcSight Administration including creation and management of custom connectors, correlations and alerts. Must have experience with Flex Connectors, and content development, some scripting experience.
• Identify potential threats and malicious behavior in security logs; develop methods to improve monitoring capabilities and build new use cases.
• Develops content for a complex and growing ArcSight infrastructure, this includes use cases for Dashboards, Active Channels, Reports, Rules, Filters, Trends, and Active Lists. Provides optimization of data flow using aggregation, filters, etc.
• Participates in the operation of ArcSight Security Information and Event Management systems to include
ArcSight ESM, Connector appliances/SmartConnectors, Logger appliances.
• Must have demonstrated ability to tune the SIEM event correlation rules and logic to filter out security events associated with known and well established network behavior, known false positives and/or known errors.
• Must have experience maintaining an event schema with customized security severity criteria.
• Should have at least 3+ years of experience in cyber threat intelligence services and investigations DFIR.
• Provides expert analysis on strategic threats, actors, Advanced Persistent Threat groups.
• Performs analytic support focused on Cyber actor TTPS doctrine, policies, strategies, capabilities, and intent to conduct Cyberspace operations and Cyber-oriented groups, individuals, organizations, tools, tactics, and procedures.
• Collects raw data from intelligence feeds, open sources, partner groups, and internally-aligned cybersecurity elements as part of an all-source intelligence effort.
• Hunting and discovering previously unidentified/unknown and emerging threats and understand new adversary TTPs
• Collect and document threat indicators from internal and external sources
• Validate the quality of threat indicators including IoCs and IoAs.
• Curate the collected indicators to ensure proper aging out of indicators
• Ability to conduct host forensics, network forensics, log analysis, and malware analysis in support of incident response investigations
• Perform incident triage and handling by determining scope, urgency and potential impact thereafter identifying the specific vulnerability and recommending actions for expeditious remediation.
• Coordinate with and act as subject matter expert to resolve incidents by working with other information security specialists and IT contacts to correlate threat assessment data.
• Coordinate with and act as subject matter expert to resolve incidents by working with other information security specialists and IT contacts to correlate threat assessment data.
• Perform forensic analysis of Windows and Unix systems to identify compromise artifacts.
Job Details
| Posted Date: | 2019-02-08 |
| Job Location: | Dubai, United Arab Emirates |
| Job Role: | Information Technology |
| Company Industry: | Information Technology |
Preferred Candidate
| Career Level: | Mid Career |
from Jobs in UAE | Bayt.com http://bit.ly/2HYl8Gf
0 comments:
Post a Comment