Vacancy expired!
Job Description: RSA NetWitness Analyst (1 Vacancy)
THIS POSITION WILL ALLOW CONSULTANT TO WORK REMOTELY, HOWEVER, THEY MUST BE RELIABLY AVAILABLE TO VISIT DATACENTERS ACROSS NYC REGION AS NEEDED (AT THEIR OWN EXPENSE). The client is seeking a highly technical Security Architect/Administrator that will lead the deployment, configuration, administration, and content rule creation of RSA NetWitness. The Security Architect/Administrator will be responsible for all aspects of the product including, but not limited to, the successful configuration of the product to include visibility for all traffic (including perimeter traffic & east/west traffic), tuning and creation of standard security alerts, customized alerts , and log forwarding to a SIEM. In addition to being a product subject matter expert, the Architect/Administrator will correspond regularly with other security team members such as Security Monitoring and Threat Intelligence for product enhancements to keep up with dynamically evolving business/industry requirements. Responsibilities: Understand, collaborate, and solve technical/operational business requirements. Assess existing network architecture and provide recommendations for optimal visibility. Design a deployment plan that is highly resilient with failover, load balancing, and, is able to excel with given network/hardware limitations. Install hardware in a large and highly complex technical environment composed of several locations and network egress points. Troubleshoot and diagnose network configuration conflicts. Maintain and administer appliance post-deployment for patches, security content creation/engineering, and continuous refinement. Configure integration with existing security stack and design/develop playbooks for automation. Continuous collaboration with other security personnel (including training of how to use the product to its full potential) and communication with senior/executive management as needed. Skills Candidate should primarily have information with large scale architecture and network deployments. Candidate must also possess expert level skills with multiple programming languages and must demonstrate that they can reverse engineer malware code. The Candidate must be an expert in Cyber Security Incident Response processes. Must be proficient with UNIX, Windows, OSX, and Mobile Devices. Candidate should be comfortable with threat hunting across a variety of data sources including writing custom SIEM queries, EDR queries, and other technologies as required. The candidate must have experience ingesting and processing intelligence that aligns with MITRE Telecommunication&CK Framework including TTPs that align with MITRE Telecommunication&CK framework. Additional Skills and Information: Candidate should primarily have information with large scale architecture and network deployments. Candidate must also possess expert level skills with multiple programming languages and must demonstrate that they can reverse engineer malware code. The Candidate must be an expert in Cyber Security Incident Response processes. Must be proficient with UNIX, Windows, OSX, and Mobile Devices. Candidate must be proficient with the administration of Office365 and all its security features. Candidate should be comfortable with threat hunting across a variety of data sources including writing custom SIEM queries, EDR queries, and other technologies as required. The candidate must have experience ingesting and processing intelligence that aligns with MITRE Telecommunication&CK Framework including TTPs that align with MITRE Telecommunication&CK framework. #tech