Lmi Consulting - Petersburg, VA

posted about 2 months ago

Full-time - Mid Level
Remote - Petersburg, VA
Professional, Scientific, and Technical Services

About the position

LMI is seeking an experienced ARCSight/Splunk Administrator to support a Program Office for a Government Client in Virginia. This role involves operating and tuning ArcSight systems, preparing for migration to Splunk SIEM, and ensuring interoperability between Splunk and new tool/sensor data feeds. The position is primarily remote with occasional travel to client sites as needed.

Responsibilities

  • Perform all major Administrator functions to operate and tune ArcSight for current systems and prepare for migration to Splunk SIEM.
  • Coordinate and manage future Splunk SIEM migration and implementation.
  • Ensure interoperability between Splunk and new tool/sensor data feeds.
  • Design and architect logs in accordance with Army Cyber Technical Capabilities Requirements.
  • Provide data analysis, log analysis, and logging solution details.
  • Use Splunk SIEM tool to monitor and analyze network performance and Cyber Security incidents.
  • Develop monitoring and response rules, reports, dashboards, data monitors, active channels, trends, and use cases to identify threats and optimize data mining.
  • Perform analysis of current configuration and proposed configurations to ensure compatibility within the overall system.
  • Analyze threat information gathered from logs, Intrusion Detection Systems, intelligence reports, vendor sites, and other sources.
  • Research, plan, install, configure, troubleshoot, maintain, and back up all components in ArcSight and Splunk.
  • Apply knowledge of SIEM tools expertise to conceptualize, design, and build secure technical solutions.
  • Direct the design and integration of Cybersecurity toolsets to improve security posture and reduce manpower requirements.
  • Troubleshoot and develop solutions for anomalies both remotely and locally for Splunk-based solutions.

Requirements

  • BA/BS in IT related field or equivalent experience.
  • Minimum 5 years related work experience.
  • Demonstrated experience with the integration and sustainment of the ArcSight Connector Appliance, Logger components, ArcSight Management Center, and ArcSight ESM.
  • Current Security Plus Certification required.
  • Experience with Splunk and migration to the Cloud environment.
  • Previous experience in a Security Operations Center (SOC) environment is a plus.
  • Knowledge of administration of SIEM tools backend database infrastructure related to upgrades and daily maintenance.

Nice-to-haves

  • Experience with technologies such as Qmulos, AMQP (RabbitMQ), Nessus, SQL Server, PostGRE SQL, Red Hat Satellite, Nagios, McAfee ePO, Phantom, IPSEC, PKI, ForeScout, Qualys, CA PAM/Xceedium, CyberARK, SailPoint.
  • Experience assisting with Federal Government Certification and Accreditation information assurance following Risk Management Framework (RMF) process.

Benefits

  • Remote work flexibility with occasional travel to client sites.
  • Opportunity to work with emerging technologies and innovative solutions.
Job Description Matching

Match and compare your resume to any job description

Start Matching
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service