ARCSight Administrater - Clearance Required
Full Time
Overview
LMI is seeking an experienced ARCSight/Splunk Administrator to support a Program Office for a Government Client, located in Virginia. Remote work is anticipated with travel to various Client sites as needed.
At LMI, we’re reimagining the path from insight to outcome at The New Speed of Possible™. Combining a legacy of over 60 years of federal expertise with our innovation ecosystem, we minimize time to value and accelerate mission success. We energize the brightest minds with emerging technologies to inspire creative solutioning and push the boundaries of capability. LMI advances the pace of progress, enabling our customers to thrive while adapting to evolving mission needs.
Responsibilities
Responsibilities are, but no limitted to the following:
- Perform all major Administrator functions to operate and tune ArcSight for current systems and prepare for migration to Splunk SIEM
- Coordinate and manage future Splunk SIEM migration and implementation.
- Ensure interoperability between Splunk and new tool/sensor data feeds.
- Design and architect logs IAW Army Cyber Technical Capabilities Requirements
- Provide data analysis, log analysis, logging solution details.
- Use Splunk SIEM tool to monitor and analyze network performance and Cyber Security incidents and reports to detect vulnerabilities and anomalies or problems or issues.
- Develop monitoring and response rules, reports, dashboards, data monitors, active channels, trends, and use cases to identify threats and optimize data mining.
- Perform analysis of current configuration and proposed configurations to ensure compatibility within the overall system.
- Analyze threat information gathered from logs, Intrusion Detection Systems, intelligence reports, vendor sites, and a variety of other sources.
- Research, plan, install, configure, troubleshoot, maintain, and back up all components in ArcSight first, and upon migration to Splunk, in Splunk
- Apply knowledge of SIEM tools expertise to conceptualize, design, and build secure technical solutions, including operationally viable and efficient applications, systems, architectures, and infrastructure.
- Direct on the design and integration of Cybersecurity toolsets to enable more automated discovery, remediation, and alerting of network and device vulnerabilities as a means of improving the security posture while reducing manpower requirements.
- Troubleshoot and develop solutions for anomalies both remotely and locally for Splunk based solutions.
- Experience with any or all of these technologies: Splunk, Qmulos, AMQP (RabbitMQ), Nessus, SQL Server, PostGRE SQL, Red Hat Satellite, Nagios, McAfee ePO, Phantom, IPSEC, PKI, ForeScout, Qualys, CA PAM/Xceedium, CyberARK, SailPoint
- Experience in utilizing the COTS products identified such as the following:
- Operating System: IBM AIX, Solaris OS, Red Hat Enterprise Linux, Microsoft Windows Server 2008/2016 and later
- Oracle: Oracle Application Server; Oracle Grid Infrastructure; Oracle Database; Oracle Clients; Oracle SQL Developer; WebLogic,
- Data Loss Prevention: McAfee Agent; McAfee Host Intrusion Prevention; McAfee Policy Auditor; Policy Auditor Content Update; Policy Auditor Agent; SQL Server
- COTS: Internet Explorer; Adobe Acrobat Reader X; ActivClient CAC; ActivCard Gold for CAC -“PKI; ForgeRock Open AM Java EE Policy Agent; Tivoli Client, Veritas Volume Manager & NetBackup
- Experience assisting with Federal Government Certification and Accreditation information assurance following Risk Management Framework (RMF) process.
- Responsible for making moderate to significant improvements of systems or products to enhance performance of programs and projects.
Qualifications
- BA/BS in IT related field or equivalent experience and minimum 5 years related work experience.
- Demonstrated experience with the integration and sustainment of the ArcSight Connector Appliance, Logger components, ArcSight Management Center, and ArcSight ESM.
- Current Security Plus Certification required.
- Experience with Splunk and migration to the Cloud environment.
- Previous experience in a Security Operations Center (SOC) environment is a plus.
- Knowledge of administration of SIEM tools backend database infrastructure related to upgrades and daily maintenance.
- Detail and team oriented – able to work via MS Teams and in person as needed.
- Flexible – The environment is highly dynamic. You will be expected to keep up with the changing environment while ensuring a high level of operational effectiveness.
- Team Player – This role is part of a much larger team and needs to stay connected and involved in the daily operations battle rythm of the program.
- Position will most likely be remote authorized – with the requirements to be able to travel to the Fort Gregg-Adams, VA, Redstone Arsenal, Huntsville, AL, or Radford. VA -as needed for IT support or site surveys. (less than 20%).
- Must have current DOD Security Clearance - Secret
#LI-SH1