Deep understanding of ArcSight is essential
Experience of maintaining a secure enterprise network through configuring and managing typical Security Enforcing Devices, such as Firewalls, Proxies, IDS/IPS devices, HIDS/EPO. Knowledge of Sourcefire/Snort.
A sound knowledge of IT security procedures, common attack types and detection / prevention methods.
Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours
In depth experience of other common devices, such as routers, switches, hubs.
Good understanding of application protocols (HTTP, DNS, FTP, etc.) and networking protocols (TCP, UDP, ARP)
Experienced with integrating existing IT infrastructures into the ArcSIght SIEM / SOC solution from inception through to support
Understanding of various SOC standards and reporting requirements i.e. GPG13
Experience implementing SOC reporting and governance
Experience with SOC automation and workflow products such as Archer GRC