ARCSight Administrator - Clearance Required

Overview

LMI is seeking an experienced ARCSight / Splunk Administrator to support a Program Office for a Government Client, located in Virginia. Remote work is anticipated with travel to various Client sites as needed.

At LMI, we're reimagining the path from insight to outcome at The New Speed of Possible™. Combining a legacy of over 60 years of federal expertise with our innovation ecosystem, we minimize time to value and accelerate mission success. We energize the brightest minds with emerging technologies to inspire creative solutioning and push the boundaries of capability. LMI advances the pace of progress, enabling our customers to thrive while adapting to evolving mission needs.

Responsibilities

Responsibilities are, but no limitted to the following :

• Perform all major Administrator functions to operate and tune ArcSight for current systems and prepare for migration to Splunk SIEM
• Coordinate and manage future Splunk SIEM migration and implementation.
• Ensure interoperability between Splunk and new tool / sensor data feeds.
• Design and architect logs IAW Army Cyber Technical Capabilities Requirements
• Provide data analysis, log analysis, logging solution details.
• Use Splunk SIEM tool to monitor and analyze network performance and Cyber Security incidents and reports to detect vulnerabilities and anomalies or problems or issues.
• Develop monitoring and response rules, reports, dashboards, data monitors, active channels, trends, and use cases to identify threats and optimize data mining.
• Perform analysis of current configuration and proposed configurations to ensure compatibility within the overall system.
• Analyze threat information gathered from logs, Intrusion Detection Systems, intelligence reports, vendor sites, and a variety of other sources.
• Research, plan, install, configure, troubleshoot, maintain, and back up all components in ArcSight first, and upon migration to Splunk, in Splunk
• Apply knowledge of SIEM tools expertise to conceptualize, design, and build secure technical solutions, including operationally viable and efficient applications, systems, architectures, and infrastructure.
• Direct on the design and integration of Cybersecurity toolsets to enable more automated discovery, remediation, and alerting of network and device vulnerabilities as a means of improving the security posture while reducing manpower requirements.
• Troubleshoot and develop solutions for anomalies both remotely and locally for Splunk based solutions.
• Experience with any or all of these technologies : Splunk, Qmulos, AMQP (RabbitMQ), Nessus, SQL Server, PostGRE SQL, Red Hat Satellite, Nagios, McAfee ePO, Phantom, IPSEC, PKI, ForeScout, Qualys, CA PAM / Xceedium, CyberARK, SailPoint
• Experience in utilizing the COTS products identified such as the following :
• Operating System : IBM AIX, Solaris OS, Red Hat Enterprise Linux, Microsoft Windows Server 2008 / 2016 and later
• Oracle : Oracle Application Server; Oracle Grid Infrastructure; Oracle Database; Oracle Clients; Oracle SQL Developer; WebLogic,
• Data Loss Prevention : McAfee Agent; McAfee Host Intrusion Prevention; McAfee Policy Auditor; Policy Auditor Content Update; Policy Auditor Agent; SQL Server
• COTS : Internet Explorer; Adobe Acrobat Reader X; ActivClient CAC; ActivCard Gold for CAC -"PKI; ForgeRock Open AM Java EE Policy Agent; Tivoli Client, Veritas Volume Manager & NetBackup
• Experience assisting with Federal Government Certification and Accreditation information assurance following Risk Management Framework (RMF) process.
• Responsible for making moderate to significant improvements of systems or products to enhance performance of programs and projects.

Qualifications

LI-SH1