1. Home
  2. SIEM Engineer - ArcSight
Expires soon
J.P. Morgan

SIEM Engineer - ArcSight

  • Jersey City (Hudson County)
  • Design / Civil engineering / Industrial engineering
Apply Now

Job description

JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/ .

The Cybersecurity organization's objective is to ensure that JPMC is able to effectively detect, prevent, and respond to cyber threats against our technology infrastructure. The scope of Cybersecurity comprises detection and monitoring of threats and vulnerabilities, managing security incidents, and evolving our preventive infrastructure to keep ahead of the threat. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.

Summary

As a member of the Cybersecurity Operations team, the SEIM Content Engineer will provide operational oversight for security technologies in the event monitoring environment including log management and Security Information and Event Management. The SEIM Content Engineer is responsible for evaluating new technologies, as well as installation, configuration, and upgrades on existing technology. The SEIM Content Engineer is also a key consultant regarding the security controls in the environment, and works closely with other IT and business areas to ensure sound and consistent implementation of security within IT infrastructure and general business process. The candidate will have experience with SIEM and log management technologies, specifically HP ArcSight ESM and Splunk.

Responsibilities:

· Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities using the ArcSight ESM and Splunk platforms
· Integration and normalization of disparate asset information into a centralized asset model
· Overall responsibility for being the subject matter expert on ArcSight ESM and Splunk software for the customer
· Use of ArcSight ESM and Splunk in the daily operational work and workflow of the end customer
· Advising SOC Manager on best practices and use cases on how to use ArcSight and Splunk to achieve end state requirements
· Custom development of Connectors (Agents) using ArcSight FlexConnector
· Meet with business users to gather requirements and make recommendations for meeting customer requirements within the SIEM and Log Management solution
· Analyzing new technologies and making security recommendations based on business objectives
· Implementation of security controls and best practices including ISO 27001/27002, NIST CSF and SP800-53

Desired profile

Required Qualifications

·  BSc of Computer Science, Engineering, or Mathematics preferred.
·  Work with systems owners to establish how best to leverage ArcSight ESM and Splunk (and associated products) to meet the strategic goals by defining Use Cases Technical administration of the ArcSight ESM, Splunk, and Connector software platform
·  Ability to modify configuration files (under the covers, not exposed at Console level)
·  Distributed Multi-Manager architecture and deployment
·  Troubleshoot and configure networking devices, various platforms and databases
·  Integration with 3rd party systems including configuration management, network management, vulnerability scanners and trouble ticketing applications
·  Upgrade and patch all components of the ArcSight and Splunk platforms
·  Project Management, Customer Service and Technical Writing duties

Qualifications & Requirements

·  3+ years security engineering experience in mid-sized to large organizations, with emphasis on security operations, incident management, intrusion detection, firewall deployment and security event analysis.
·  3+ years with SIEM and Log Management technologies specific to Splunk and/or ArcSight.
·  Experience with 3-5 of the following security technologies including:
·  Host and perimeter firewalls
·  Host and network intrusion detection systems
·  Logging and monitoring tools
·  Antivirus or end-point security
·  Data loss prevention, privileged access management
·  Identity and access management
·  Database access monitoring
·  Netflow/sflow
·  Vulnerability scanning
·  Network full packet capture
·  In depth hands-on experience with security features and system administration of Linux, Unix, and Windows operations systems
·  Experience of mainframe and mid-range platforms an advantage
·  Understanding of security vulnerabilities in common operating systems, web and applications, including knowledge of remediation procedures
·  Able to work independently or in a team to create and optimize fraud detection rules
·  Able to work under pressure in time critical situations
·  Excellent written and verbal communication skills are required to articulate and visually present analysis results
·  Ability to communicate effectively with business representatives in explaining analysis findings clearly and where necessary, in layman's terms
·  Ability to communicate with industry professionals to create solid partnerships with key external stakeholders to ensure that the analysis process remains at a world class level

High Security Access (HSA)

This position is anticipated to require the use of one or more High Security Access (HSA) systems. Users of these systems are subject to enhanced screening which includes both criminal and credit background checks, and/or other enhanced screening at the time of accepting the position and on an annual basis thereafter. The enhanced screening will need to be successfully completed prior to commencing employment or assignment.

Preferred Product/Vendor Certifications:

·  ArcSight - ESM Administrator, ESM Use Case Foundations, SmartConnector Foundations & Tool Kit, FlexConnector Configuration
·  Splunk - Certified Architect

Preferred Industry Certifications:

·  CISSP
·  CISM
·  CISA
·  GIAC

Make every future a success.
  • Job directory
  • Business directory
    •