Previous Job
Archer Spunk Integration Specialist
Ref No.: 18-00697
Location: Hennepin County, Minnesota
 Title: Archer Spunk Integration Specialist
Client: Hennepin County IT Enterprise Architecture   
Location: Hennepin County, MN
Interview Type: In-Person
Rate: Not to exceed $50,000
Duration: 6 Months
Anticipated Start Date: March 19, 2018
Scope of services/description of work to be performed
Minimum Qualifications
·         Current knowledge of the RSA Archer V6.2 Platform within the last 2 years. Prior implementation experience integrating RSA Archer v6.2 SecOps with Splunk with outcome resulting in the creation of incident tickets within the RSA Archer platform.  Prior experience with RSA Archer use cases for SecOps, Incident Management & PCI Management.
Additional submission requirements/instructions to proposers:
·         Please include applicable RSA Archer training & certifications for candidates
Description of work to be performed
Assist with integration between RSA Archer V6.2 SecOps and Splunk V6.5.3.1. Utilizing the Splunk app for CEF resulting in the creation of incident tickets in RSA Archer. Assist with the configuration of the Archer RSA SecOps, Incident management & PCI use cases. This includes the following tasks:     
  1. Configuration of the Archer RSA Unified Connector Framework (UCF) & RSA Archer SecOps. These activities include:
    • These activities will first be conducted in Hennepin County's non-production environment. Then assist Hennepin County personal in performing necessary steps to deploy all changes into Hennepin County's production environment following standard change request processes.
    • Assisting with configuring the data models/datasets needed within Splunk app for CEF for the Archer RSA Unified Connector Framework (UCF)
    • Configuring SIEM syslog and Archer Enterprise Management endpoints to pull and push data to and from SecOps
    • Configuring transport (TLS/SSL) with the Archer GRC Platform.
    • Configuring transport (TLS/SSL) with the alert source.
  1. Assisting customer Subject Matter Expert with Splunk Enterprise integration
    • Download and installation of SecOps Splunk integration files
    • Configuration of Splunk Enterprise integration via Splunk App for CEF
    • Configuration of syslog output action
    • Assist in configuration of two (2) CEF templates to send alerts to UCF
    • Assist in configuration of out-of-the-box alert templates with output actions
    • Assist in configuration of alerts to schedule rules to run continuously
    • Configuration of up to two (2) custom alert fields to be consumed by the UCF from Splunk.
  1. Validation and Knowledge Transfer. Validation and knowledge transfer of the solution will include:
  • Conducting a Functional Overview to familiarize Hennepin County with the implemented solution, demonstrating the normal operations as installed in Hennepin County' environment. This overview will:
    • Demonstrate that alerts are visible in Archer
    • Demonstrate search capabilities for analysis in Archer
    • Reviewing the "Out of the Box” reports, dashboards and key metrics
    • Reviewing the Response Procedure Library for the configured use cases
  1. Assist with configuration and Knowledge Transfer of the basics of the  "Out of the Box” use cases for :
    • RSA Archer Regulatory compliance Module –
      • Implement exception processing
      • Ability to customize if needed the workflow processing for handling exceptions.
      • Assist with the importing and comparison of customized internal policies and standards vs the standard OOB ones.
    • RSA Archer SecOps ,
    • RSA Archer Incident management
    • RSA Archer PCI Management