Qualifications: Bachelors in Computer Science, or related discipline, or equivalent experience
Certified Information Systems Security Professional (CISSP) certification
Experience in Information Technology (IT),
6yrs Extensive experience in analyzing network packet capture data using tools such as Wireshark
Experience performing computer forensics and memory analysis using industry standard and open source tools
The candidate should have SOC experience including Event Monitoring /Incident Response and some endpoint forensics experience.
SOC experience is a must.
Desirable – Prior experience working in a 24×7 security operations center
Responsibilities: Acts as a subject matter expert in area of field.
Leads moderately to complex projects which may be cross functional.
Analyzes complex malware/exploits through forensics, observation of network traffic and using other tools and resources to determine if Client’s systems are vulnerable.
Leads development of framework for implementing tools and processes to improve quality and timeliness of reports.
Expert in area of field and applies extensive knowledge of concepts, principles, and practices.
Codes complex tasks that integrate systems, produce reports or provide output that can be leveraged by other team members or systems.
Performs proficient forensic analysis using security tools and monitoring systems to discover the source of anomalous security events.
Assists in performing basic research internally and externally.
Performs complex system administration tasks (e.g. customization, cross-tool integration) for security tools.
Develops a strategy to implement work in department.
Our client manager is looking for good process documentation skill / experience.
NERC access is required for this position.
The candidate must have SOC experience including Event Monitoring /Incident Response and some endpoint forensics experience.
SOC experience is a must.
Not looking for Security Engineering background, but more of someone that has a good understanding of traffic analysis ( PCAP/Wireshark ), incident response and some endpoint/malware analysis experience.
Prior SEIM experience – Security event and information management system, log aggregation and event notification
Network packet analysis(PCAP analysis) – Analyzing network packet for malicious / suspicious activity
Wireshark experience and WCNA( a plus) – Open source network packet analysis tool , WCNA – wireshark certificate.
Endpoint forensics – Ability to perform full investigation / forensics of endpoint / end user machine as a result of a security alert.
Memory analysis – Ability to analyze physical memory collected from computer using open source or paid application
Good analytical skills – ability to analyze and think out of the box when working a security event
Experience with IBM QRadar a plus – IBM QRadar is the SEIM our client has deployed and is using.
Good networking knowledge – Good knowledge of TCP / IP protocols, ability to differentiate various layers in networking.
Any GIAC certifications a plus – These are SANS( industry well known security course provider) certs such as GMON, GSEC, GCIH etc.