Principal SIEM Engineer (ArcSight & Splunk)
Capgemini, Washington, DC, United States
Washington DC, District of Columbia, United States
Capgemini
A global leader in consulting, technology services and digital transformation, we offer an array of integrated services combining technology with deep sector expertise.
Capgemini Government Solutions (CGS) LLC seeks a highly motivated SIEM engineer with experience managing both ArcSight and Splunk. The ArcSight/Splunk Engineer will be responsible for configuring the collection, parsing, correlation, and visualization of events for a critical operational system. The individual will lead efforts for configuring the systems which support analysts and end-users. The successful candidate will support the collection and extraction of data used to refine existing and new reports, analytics, and dashboards.
As a Principal SIEM Engineer (ArcSight & Splunk), you will be:
- Responsible for design, implementation and support of ArcSight or Splunk core components, including ESM, Loggers, Smart Connectors, Indexers, Forwarders, Search Heads, and Cluster Managers.
- Responsible for configuration and administration of ArcSight or Splunk ingestion and forwarding for new and existing applications and data.
- Responsible for troubleshooting ArcSight or Splunk dataflow issues between the various event flow components.
- Responsible for configuring and deploying data collection for a variety of operating systems and networking platforms.
- Responsible for creating Dashboards and Analytics within SIEM tools.
- Working with monitoring systems supporting auditing, incident response, and system health.
- Responsible for understanding of networking components and devices, ports, protocols, and basic networking troubleshooting steps.
Required Qualifications:
- US citizenship is required.
- Ability to obtain TS/ SCI clearance.
- Bachelor's degree in information technology, Computer Science, Information Systems, or related field.
- A minimum of 8 years of related cybersecurity experience.
- A minimum of at least 4 years of experience with either ArcSight or Splunk.
- Experience in design, implementation, and support of ArcSight or Splunk core components.
- Experience with configuration and administration of ArcSight or Splunk ingestion and forwarding.
- Experience with troubleshooting ArcSight or Splunk dataflow issues.
- Experience configuring and deploying data collection for various operating systems and networking platforms.
- Experience creating Dashboards and Analytics within SIEM tools.
- Experience working with monitoring systems supporting auditing, incident response, and system health.
- Understanding of networking components and devices, ports, protocols, and basic networking troubleshooting steps.
- The ability to troubleshoot issues with log feeds, search time, and field extractions.
Desired Skills:
- Network Security Operations Center (SOC) experience.
- Experience and talent in data correlation.
- GIAC Certified Incident Handler Certification.
- Cybersecurity certifications.
- Formal SIEM training.
Disclaimer
Capgemini is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity/expression, age, religion, disability, sexual orientation, genetics, veteran status, marital status or any other characteristic protected by law.
#J-18808-Ljbffr