Arcsight Content Engineer

Slough, Berkshire
07 Feb 2017
07 Mar 2017
Clearance Level
DBS, DV, None / Undisclosed, SC
Job Type

Telefonica is on a truly inspirational adventure. As one of the world’s most innovative communication companies and the name behind flagship brands such as O2, we’re thinking bigger than ever before. We’re taking on new challenges around the world and exploring new ways to open up the world for our millions of customers. And you could be part of it all.

About the Team:

Have you heard of Smart Metering? We are currently involved in an exciting Government led Programme known as ‘SMIP’.  SMIP stands for the ‘Smart Metering Implementation Programme’ and its focus is on providing consumers with an easy and effective way of monitoring and managing their energy use in the home by using only a sim card.  We’re now on the look-out for an Arcsight Content Engineer to join this new team and make a difference.

The primary function of the role is to be the leading authority on ArcSight Content, but there is also a requirement to support to the IDS/IPS Engineer. This will include:

  • Create and Maintain the SIEM Content in line with business and infrastructure requirements
  • Tuning as appropriate in line with business and infrastructure requirements
  • Working with the business to plan and on-board new applications without negatively impacting the business
  • Custom development of Connectors (Agents) using ArcSight FlexConnector
  • Assist identification of misparsed events and help ensure events are parsed correctly
  • Manage IDPS solutions, with knowledge about policies, rules, tuning and incident analysis
  • Assist Investigating and managing Security Incidents that have been escalated from the SOC, to establish the extent of the issue, the business impacts and advise on the most suitable course of action to contain and remediate the situation
  • Assist analyse of system logs and event information and perform detailed analysis during investigations, have the ability to spot abnormal behaviour and patterns
  • Act as a mentor for other Security Engineers and as an escalation point for any issue or investigation involving ArcSight or IDPS
  • Assist with problem resolution including root cause analysis of system and application incidents as raised by Service management, CERT or other authorized personnel
  • Technical support to the SOC Incident Response Platform (Resilient System)
  • Production of meaningful KPI stats for inclusion in monthly reporting and the creation and distribution of security reports
  • Part of a Team that is responsible for providing 24x7x365 on-call cover for critical security events
  • Use ArcSight logs along with other correlated data from the SIEM to aid investigations and provide additional visibility or insight into attacks
  • Being primary resource for on-boarding new ArcSight infrastructure into the Security Operations unit
  • Create, Review, resolve and subsequently close service requests/tickets and complete change requests
  • Report KPI’s including availability, capacity, and volumetrics

The ideal candidate will have experience across:

  • Incident Response, Intrusion methods, Attack Monitoring, Networks, Threat and Vulnerability Management, Intrusion Methods
  • ArcSight solutions and how to administer, configure, create Flex, tune and investigate security events derived from them
  • Vulnerabilities, IT Security and Network Threats, with a working knowledge of vulnerability assessment tools
  • IDPS solutions, with knowledge about policies, rules, tuning and incident analysis
  • A range of IT security standards including ISO 27001, PCI-DSS, SOX, DPA, FIPS and NIST

Essential Experience:

Security engineering experience in mid-sized to large organizations, with emphasis on:

  1. Security operations
  2. Incident management
  3. Intrusion detection
  4. Firewall deployment
  5. Security event analysis


  • ArcSight Content, Enhancement, and Tuning
  • Good understanding of Unix/Linux/Windows Operating systems
  • Knowledge and understanding of Penetration testing
  • Knowledge and understanding of Database security monitoring (MS SQL, Oracle, MySQL)

Essential Qualifications:

  • Graduate or post graduate degree in a computing / security related subject
  • Certified or looking to work towards security qualifications (e.g. CISSP, CISM / CISA, CCP)


  • ArcSight - ESM Administrator, ESM Use Case Foundations, SmartConnector Foundations & Tool Kit, FlexConnector Configuration
  • Highly desirable experience of ArcSight, Tripwire IDS/IPS, IP360, Qualys, Safenet Luna HSM, Splunk

Additional Information:

Grade: PTG

Location: Northampton or Slough

*Flexible with location- could be based in Slough or Northampton*

Salary and benefits:

We are looking to pay a competitive salary + on call allowance for this position, and in addition we have some great benefits such as a company car, bonus, life cover, health care, holiday entitlement and lots of flexible benefits too.

Telefonica’s commitment to a great work-life balance allows us to consider flexible approaches to working.  Like to know more? Feel free to raise it.

Joining Telefonica means opening up a world of freedom, support and possibility. A fascinating world where you’ll be able to think bigger, be bolder and try new things. And where there are endless opportunities to develop your career.

There’s so much to discover. Your adventure starts here.



Similar jobs

Similar jobs