ArcSight Engineer

The Allstate Corporation is the largest publicly held personal lines property and casualty insurer in America, serving more than 16 million households nationwide. Founded in 1931, Allstate has been dedicated to protecting our customers from life's uncertainties and preparing them for the future for more than 80 years.

* Create, optimize, and continuously evaluate security monitoring content within the SIEM platform (Arcsight) * Work with other team members and SOC analysts to develop and document security monitoring Use Cases, including: * Objectives * Identification of required log sources * Logic used for monitoring and alerting * Design of Arcsight monitors, including Dashboard, Data Monitors, and Active Channels * Response procedures * Identify, evaluate, and acquire (if necessary) different log sources for Use Case development.The candidate will work with various different system owners/engineers to understand system functionality and logging capabilities.Some examples include F5 LTM/GSLB, Cisco Netflow, DNS, Windows, Linux, ISAM, IDS/IPS, firewalls, McAfee HIPS/AV, File Integrity Monitoring, IIS, IHS, Tibco BW/EMS, Layer7 WS Gateway, Qualys, WAF, etc. * Perform analysis on logs, traffic, and other activities to create baseline.

* Strong knowledge of networking fundamentals * Strong knowledge of systems knowledge, such as Linux, Windows, ISAM, proxy servers, etc * Strong knowledge of network/security devices such as firewalls, routers/switches, web application firewalls, IDS/IPS, etc * Experience with protocol analyzers (i.e. Wireshark) * Experience with any SIEM or log aggregation tools is a plus * Experience with scripting is a plus * Good written and communication skills * Ability to read and comprehend system manuals and protocol specifications