Be an early applicantLess than 25 applicants

Company

Original Job Post

Capgemini · 3 days ago

Senior Data Analyst

McLean, VA

Full-time

Onsite

Senior Level

6+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

ConsultingInformation Technology

Actively Hiring

Insider Connection @Capgemini

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Responsible for management of security event traffic, appliances, and loggers.

Provide support for onsite Insider Threat support services providing immediate investigation and resolution

Provide assistance to other personnel to ensure cross-training while maintaining continuous performance

Plan, install, and administer ArcSight products to include ArcSight Loggers, Connector Appliances, ESM, Management Center and Software Connectors

Troubleshoot and resolve issues quickly on all platforms to ensure log management and incident response capabilities are maintained

Create and maintain detailed documentation of all ArcSight configurations and integrations

Work with Business Users to understand logging, incident identification, and compliance requirements

Translate requirements into ArcSight content such as rules, reports, dashboards, alerts, etc.

Work with System and Network Admins to understand all enterprise platforms and develop a plan to integrate all required logs into ArcSight. This includes mapping these platforms to business requirements and analyzing the events from each platform to validate event output and feed all ArcSight Content Development activities

Work with Analyst to create content to help automate the identification and reporting of incidents, compliance reports, events of interest, etc.

Review open-source threat feeds such as SANS and McAfee to stay current of the latest threats; and experience validating and integrating required event sources to identify events of interest surrounding this information

Create and maintain all content on all ArcSight platforms; including, all rules, filters, active channels, reports, dashboards, queries, etc. for all use cases, and ensuring all content is backup up on a regular basis

Develop Flex Connectors to integrate legacy or unsupported applications and platforms into ArcSight

Manage the Enterprise Auditing requirements based on ICS 500-27

Provide assistance to other personnel to ensure cross-training while maintaining continuous performance

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Security Alert Event ConfigurationContinuous MonitoringSecurity TechnologiesIDS/IPSSyslogFile IntegrityVulnerability ScannersEvent CorrelationEvent AnalysisArcSight SIEMInformation Security StandardsData ConfidentialityRisk IdentificationRisk AnalysisArcSight SoftwareSubject Matter ExpertTraining Documentation

Required

U.S. Citizenship

Must have an active TS/SCI clearance (or SCI eligible)

BS in Computer Science, Management Information Systems, or related field is desirable, an advanced degree is also desirable or additional equivalent experience

Current IAT Level III certification

Minimum of 6 years providing security alert event configuration and management, continuous monitoring of multiple security technologies (such as IDS/IPS, syslog, file integrity, vulnerability scanners, correlating, analyzing events, designing, implementing, tuning, and using ArcSight SIEM tool to detect IT security incidents)

Knowledge of information security standards, rules and regulations related to information security and data confidentiality with desktop, server, application, database, network security principles for risk identification and analysis