Connecting

SIEM/ArcSight/IRP - Business System Analyst

Job Title: SIEM/ArcSight/IRP - Business System Analyst
Contract Type: Contract
Location: Saudi Arabia, Saudi Arabia
Industry:
IT
Salary: Competitive
Start Date: 2020-02-18
Reference: BH-124180
Contact Name: Sajjad Ali
Contact Email: sajjad.ali@nesgt.com
Job Published: February 18, 2020 10:47

Job Description

Education: Minimum bachelor in Computer Science, or Information technology or in similar field.

Concentration: Information Security and Cybersecurity

Minimum experience: atleast 10 years of experience in the field of network security and cybersecurity.

Job Titles: Business System Analyst

 

 

ArcSight/IRP:

 

Candidate shall be fluent in SIEM, Incident Response Platform solution. , should know how to configure and maintain on ArcSight collectors, should be able to manage end devices to make sure they are sending logs to ArcSight collectors.

Candidate shall be able to develop the playbooks in IRP, and manage the IRP components.

 

In addition candidate shall be able to perform following duties:

 

  1. Install, configure, upgrade, maintain and fine tuning of security systems (SIEM, LM solution, TIP, Forensic tools, and IRP) components.
  2. Identify, Develop, implement, and test and fine tune threat cases in ArcSight.
  3. Ensure the system security baselines include sending the security related event logs to security and logging systems.
  4. Send security related events in a format supported by the security system and approved by the security operation team such as CEF, Syslog.
  5. Regularly Provide updated asset inventory (number of devices, device names, device type, Software version, System criticality, IP addresses, system log dictionary etc.)
  6. Respond to cybersecurity incidents & remediate system related security incidents.
 

Network firewall / Intrusion Prevention System (IPS):

 

Candidate shall be capable of installing, configuring, administrating and troubleshooting the network firewall and IPS solution on MPLs network.

 

In addition candidate shall be able to perform following duties:

 

  1. Install, configure and manage network firewalls.
  2. Configure security polices, firewall filters, and security zones in security network environment.
  3. Install the IPS on security network and fine tune the configuration based on network environment.
  4. Establish process and procedures related to all configuration, policies and rules.
  5. Investigate all triggered incidents and provide proper remediation for each incident.
 

Vulnerability management and compliance management:

 

Candidate shall be capable of configuring, managing and troubleshooting the VM and compliance tools (Nessus and Tripwire). Candidate must be skilled in Center of Internet Security (CIS) baseline.

 

In addition candidate shall be able to perform following duties:

 

  1. install, configure and manage VM tool & devices inventory.
  2. Scan the security network on monthly bases, identify security holes and missing security updates and patches.
  3. Based on the scan result, execute and install all needed security updates and patches.
  4. generate and Provide monthly vulnerability reports to management.
  5. Install, configure and manage compliance tool.
  6. scan inventory on weekly bases on security network
  7. implement and modify CIS benchmark in security network.
  8. establish, update, and manage security baseline on monthly bases.
  9. Run security compliance scan on monthly bases, identify compliance gaps on all low end devices.
  10. Based on the scan result, configure and update baseline on each device that is missing security gaps.
  11. Establish process and procedures related to VM and compliance tool.
 

Network Access Control:

 

Candidate shall be capable of installing, configuring and administrating the network access control solution in security network environment.

 

In addition candidate shall be able to perform following duties:

 

  1. Install all necessary hardware & software and configure the NAC solution in security network environment.
  2. Gather list of all devices on the network and establish necessary network access control list.
  3. Manage all permissions required for NAC authentication.
  4. Apply roles and permission for all users who are able to authenticate the devices.
  5. Establish process and procedures related to NAC.
 

Education: Minimum bachelor in Computer Science, or Information technology or in similar field.

Concentration: Information Security and Cybersecurity

Minimum experience: atleast 10 years of experience in the field of network security and cybersecurity.

Job Titles: Business System Analyst

 

 

ArcSight/IRP:

 

Candidate shall be fluent in SIEM, Incident Response Platform solution. , should know how to configure and maintain on ArcSight collectors, should be able to manage end devices to make sure they are sending logs to ArcSight collectors.

Candidate shall be able to develop the playbooks in IRP, and manage the IRP components.

 

In addition candidate shall be able to perform following duties:

 

  1. Install, configure, upgrade, maintain and fine tuning of security systems (SIEM, LM solution, TIP, Forensic tools, and IRP) components.
  2. Identify, Develop, implement, and test and fine tune threat cases in ArcSight.
  3. Ensure the system security baselines include sending the security related event logs to security and logging systems.
  4. Send security related events in a format supported by the security system and approved by the security operation team such as CEF, Syslog.
  5. Regularly Provide updated asset inventory (number of devices, device names, device type, Software version, System criticality, IP addresses, system log dictionary etc.)
  6. Respond to cybersecurity incidents & remediate system related security incidents.
 

Network firewall / Intrusion Prevention System (IPS):

 

Candidate shall be capable of installing, configuring, administrating and troubleshooting the network firewall and IPS solution on MPLs network.

 

In addition candidate shall be able to perform following duties:

 

  1. Install, configure and manage network firewalls.
  2. Configure security polices, firewall filters, and security zones in security network environment.
  3. Install the IPS on security network and fine tune the configuration based on network environment.
  4. Establish process and procedures related to all configuration, policies and rules.
  5. Investigate all triggered incidents and provide proper remediation for each incident.
 

Vulnerability management and compliance management:

 

Candidate shall be capable of configuring, managing and troubleshooting the VM and compliance tools (Nessus and Tripwire). Candidate must be skilled in Center of Internet Security (CIS) baseline.

 

In addition candidate shall be able to perform following duties:

 

  1. install, configure and manage VM tool & devices inventory.
  2. Scan the security network on monthly bases, identify security holes and missing security updates and patches.
  3. Based on the scan result, execute and install all needed security updates and patches.
  4. generate and Provide monthly vulnerability reports to management.
  5. Install, configure and manage compliance tool.
  6. scan inventory on weekly bases on security network
  7. implement and modify CIS benchmark in security network.
  8. establish, update, and manage security baseline on monthly bases.
  9. Run security compliance scan on monthly bases, identify compliance gaps on all low end devices.
  10. Based on the scan result, configure and update baseline on each device that is missing security gaps.
  11. Establish process and procedures related to VM and compliance tool.
 

Network Access Control:

 

Candidate shall be capable of installing, configuring and administrating the network access control solution in security network environment.

 

In addition candidate shall be able to perform following duties:

 

  1. Install all necessary hardware & software and configure the NAC solution in security network environment.
  2. Gather list of all devices on the network and establish necessary network access control list.
  3. Manage all permissions required for NAC authentication.
  4. Apply roles and permission for all users who are able to authenticate the devices.
  5. Establish process and procedures related to NAC.

    The spread of COVID-19 is affecting all of us. But as a global staffing company, NES would like to reassure our customers that we are fully operational across all our locations and are working closely with clients to ensure essential projects stay on track at this difficult time. For regular updates, please see our COVID-19 Support Hub.