Principal Security Specialist - SIEM - HP ArcSight - Telecom/Infra

Roles and Responsibilities :

- Should have good understanding on the events from different platforms which includes the following (Operating system includes Microsoft, Unix, Network appliances, security products at each layers)

- Should be able to prioritize the event against the risk based on the impact

- Candidate should have the ability to classify the assets and threats targeting the asset

- Candidate should be expertise in the threat intelligence model integration with SIEM products to proactively detect threats

- Candidate should periodically review the standard operating procedure and create a knowledge base for the operations team reference

- Candidate should be good in recommendations with reference to preventive and corrective controls

- Candidate should have architecture exposure towards multiple SIEM products

- Candidate should have understanding of evolving areas like Security Analytics based on Big Data

- Candidate should have good exposure towards scripting knowledge

- Candidate should be capable of use case development, leading to creating correlation rules against any new customer requirement and new identified threats

- Candidate should have good understanding on log collection and parsing techniques

- Candidates should implement innovative techniques to monitor the customer health and availability of SIEM tools

- Candidate should have expertise in providing turnkey solutions.

- Candidates should have hands on experience in the products listed (Arcsight, RSA envision, Alien vault and etc.)

- Report query adjustments, and various other SIEM configuration activities.

- Assist customers to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources.

- Work closely with the assigned Managed Services SIEM resources to ensure client's customized solution is functioning optimally and continuously tuned to the client's needs.

- Interface with a variety of customers in a polite, positive and professional manner.

- Work under pressure on multiple issues & projects (i.e. multi-task) with tight schedules.

- Resolve problems related to Network, Device, Policy, connectivity issues etc.

Skills & Experience :

- 6-12 years experience in Information and cyber security

- Certifications include MCSA, MCSE, CCNA, CCNP, OEM certifications (Arcsight, Splunk, Alien Vault, RSA Envision, Qradar and etc.)

- Bachelor's Degree in computer science or related IT field

- Understanding on system, network and application related security events.

- Design incident response flow to critical security events

- Hands on experience in products such as Arcsight, Q radar, Nitro, Splunk, RSA envision and Alien vault

- Good understanding of Infrastructure security concepts

- Good understanding of day to day operational process or related domain

- Should have excellent problem solving skills and also advanced knowledge of TCP/IP and OSI layers, network routing & switching protocols, and experience in one or more best-of-breed Firewall/UTM, IPS/IDS, SIEM, Proxy and Advanced Threat Prevention platforms/security products from various vendors such as Check Point, Cisco, Juniper, Palo Alto, Blue Coat, Websense, IBM QRadar, and HP Arcsight. Working familiarity with Unix, Linux, Windows OS and scripting language

- Possess an impeccable work ethic and a high degree of integrity