Je functie: Context of the mission The Security Monitoring Centre is responsible for monitoring security alerts that represent potential group–wide threats. These alerts are generated by an additional level of co–relation of alerts produced by SIEM solutions catering individual business areas. As a Level 3 Security Specialist you will be responsible for supporting the Security Monitoring Centre (SMC) by sustaining the core SMC infrastructure on a day–to–day basis. Further to this you may be also involved in providing expert assistance for in–depth analysis of security alerts generated by correlating logs from multiple technologies. You will be contributing towards providing enhanced visibility to the security posture of Group’s IT infrastructure. As a Level 3 Security Specialist you will be responsible for mentoring Level–1 and Level–2 security analysts in order to identify, analyze, and respond to attacks and abuse within the IT environment. Function: – Complete operational responsibility for ArcSight Event Correlation System. Includes ArcSight ESM, Oracle Database, Connector Interfaces, Logger Appliances, Windows and Linux servers, Network Appliance Storage, and Backups; – Responsibility for complete Life–cycle management with event source system administrators/owners. Including coordination and planning for system upgrades, new systems, as well as maintaining current operational event flows. Provide optimization of connector interfaces, aggregation, and data normalization; – Architect and develop custom Flex Connector as required to meet Use Case Objectives; – Apply Configuration Management disciplines to maintain hardware/software revisions, ArcSight Content (default and custom), security patches/hardening, and documentation; – Develop & manage Use Case and Content. Provide guidance for Use Case/Content development to security analyst & network engineering staff. Analyze requirements of engineering, operations and security staff and develop Use Cases/Content (Dash Boards, Data Monitors, Reports, Rules, Filters, Trends, Active Lists, etc) to improve efficiency and effectiveness in each discipline; – Manage/Coordinate relationships, projects, and open issues with ArcSight Support, Professional Services staff, and L–3 Enterprise WAN team; – Mentor, lead, and train security analysts. – Lead the effort and work towards improving the existing process and procedures required for security monitoring operations; – Tactical direction to other security analysts; – Support on–boarding of new sites; – Support architecture changes required to supporting evolving business needs and threat profile. For e.g. establishment and integration of regional level SIEM solution for integrating new small sites; Je profiel: Education – Master degree or equivalent Personal skills Mandatory: – Strong logical and analytical skills to help define new use cases, statistical correlation rules and analytical monitoring functions; – Strong troubleshooting skills (Complex Network and Security Problem Resolution); – Passion and drive to work in start–up division with potential of significant growth in scope and services; – You are highly disciplined and motivated, able to work independently, under direction, or as a member of a team. Business experience required Mandatory: – 7+ years of experience within the IT security domain Preferable: – Prior experience of working in process oriented organisation; Technical experience required Mandatory: – 3 years of experience with ArcSight ESM and associated Oracle database systems and storage technologies – AEIA & AESA Certification; – CISSP Certification; – CEH Certification; – CCNA Certification; – MCSE or Solaris / HP Unix or Linux Administration (e.g. RHCE) Certification; – ITIL Foundation Certification; Preferable: – Engineering experience with ArcSight ESM 4.0+ (deployment and administration) is a plus; – Experience with security device installations, configuration and troubleshooting (e.g., firewall, IDS, etc.) – CISM Certification; – CISA Certification; – SANS GSAC – Security product certification like CCSA/SE (Checkpoint Certified Security Administrator/Engineer); – SANS GIAC Certified Incident Handler or equivalent; Language requirement Good verbal and written communication in English, fluent French speaking