Post for ______ Information Security

Job Description

Security Monitoring Systems EngineerReporting to the Director, Security Monitoring Center (SMC), and the Security Monitoring Systems Engineer will provide operational oversight and technical support for logging and monitoring security technologies in the enterprise environment.The Security Monitoring Systems Engineer is responsible for configuration and administration of existing security monitoring technology. The successful candidate will also serve as an expert escalation point for security event analysis and security monitoring system operational issues. This position is also a key consultant regarding the security controls in the environment, and works closely with other IT and business teams to ensure comprehensive and consistent monitoring of security within Fiserv s IT infrastructure and general business processes following the Enterprise information security policy and standards as well as other applicable standards and security best practices (i.e. GLBA, PCI, ISO27001). The successful candidate will have extensive experience with Security Incident Event Manager (SIEM) technologies, with focus on ArcSight experience and working knowledge of Splunk.Key Responsibilities:
• Coordinates and conducts security event collection using a log management tool, initiates event management, enhances compliance automation, and leverages identity monitoring activities.
• Works closely with Security Systems Engineering lead to build, manage and develop monitoring content for enterprise SIEM systems.
• Manages the workflow of security events to the appropriate business unit or corporate group.
• Interfaces with the Fiserv business units, corporate functions, and security and risk personnel.
• Builds and manages asset models that support event data separation Manages SIEM content in ArcSight Enterprise Security Manager within corporate change management system.
• Provides technical administration services for the Security Incident Event Manager (SIEM) solution.
• Works closely with IT resources to assist with the development of custom connectors (Agents) for application security logs.
• Supporting the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, dashboards, searches, trends, reports, and responses using ArcSight ESM to support security monitoring, analysis and reporting.
• Develops reports on the ArcSight logger to support business group needs and monitoring center needs.
• Advises senior leadership on SIEM content, SIEM architecture and best practices.
• Modifies configuration files (internal system)
• Provides optimization of data flow using aggregation, filters, etc.
• Tunes SIEM performance and event data quality to maximize system efficiency.
• Collaborates with IT resources on troubleshooting and configuring networking devices, various platforms, and databases (Oracle) to appropriately log security events.
• Assists desktop services to install ArcSight connectors as needed.
• Acts as SME for all questions related to the ArcSight SIEM implementation.
• Conducts life-cycle management of the ArcSight ESM including coordination and planning of upgrades, new deployments, and maintaining current operational data flows.
• Provides actionable and proactive engineering plans to management to support ever-increasing availability, capacity, and capability requirements of ESM and infrastructureSupports the onboarding and training of Security Event Administration staff as needed and provides ongoing ArcSight guidance to the Security Event Administration staff.
• Facilitates, coordinates and performs upgrades and patches of ArcSight Enterprise Security Monitoring Application.
Required Experience:
• 5 to 8 years of professional IT security experience in a Security Monitoring Center or a Security Operating Center environment.
• Detailed understanding of network architectures and services (routing, switching, web, DNS, email).
• Perl, Python and REST API scripting experience for automation of manual security event data review and analysis.
• Experience with administering Apache on Windows is a plus.
• Experience with ArcSight content development for monitoring and alerting critical security events in Fiserv network.
• Proficient in the technology, administration, configuration, and troubleshooting of ArcSight infrastructure components to include connectors (agents), loggers, and ESM.
• Demonstrable experience designing and implementing new ArcSight use cases, as well as assessing and optimizing existing use cases.
• Possess excellent customer service skills able to describe previous experiences demonstrating responsiveness, attention to detail, commitment to quality, and persistence in resolving customer issues.
• Partner with Fiserv teams to build ArcSight systems that would feed into one master monitoring console.
• Proficient technical writing skills to generate ArcSight systems documentation, SMC procedures, and externally-facing communications.
• In-depth, hands-on experience with security features and system administration of Linux, UNIX, and Windows operations systems.
• Expert understanding of security vulnerabilities in operating systems, web and applications servers, including knowledge of remediation procedures.
• Expert understanding of Attack activities address/port scans, man in the middle, sniffing, DoS, DDoS, and the technical aspects of malware such as worms, Trojans, and viruses.
• Extensive experience with security technologies including firewalls, IDS, logging and monitoring tools, data loss prevention, and anti-virus systems, with specific knowledge of security-related event notifications and log entries generated within these technologies.
• Strong communication, analytical, and problem-solving skills.
• Strong work ethic that demonstrates self-initiative, discretion, and ability to meet challenges head on.
• Solid character references given the sensitivity of the role.
Education:Bachelor or Masters of Science in Information Security, Computer Science, Risk Management, Information Technology, Engineering, Mathematics. Will consider equivalent relevant experience.,

Keyskills :
data loss preventionuse casesdata flowit securitydata qualitywriting skillslog managementbusiness unitsrisk managementproblem solvingloss preventionsecurity policy