Job Description :
Location: Concord, CA, 94518
Duration: 5 months
Required:
IBM QRadar SEIM Encase
Forensics analysis tool ProofPoint IDS / IPS Palo Alto Firewalls
Open source security tools such as Suricata, SANS SIFT workstation
Open source forensics tools –Volatility etc.
Security event and information management system
Log aggregation and event notification Network packet analysis (PCAP analysis)
Analyzing network packet for malicious / suspicious activity Wireshark experience and WCNA (a plus) - Open source network packet analysis tool
WCNA – wireshark certificate.
Endpoint forensics – Ability to perform full investigation / forensics of endpoint / end user machine as a result of a security alert.
Memory analysis – Ability to analyze physical memory collected from computer using open source or paid application
Good analytical skills – ability to analyze and think out of the box when working a security event Experience with IBM QRadar a plus – IBM QRadar is the SEIM client has deployed and is using.
Good knowledge of TCP / IP protocols, ability to differentiate various layers in networking.
Any GIAC certifications a plus.
These are SANS (industry well known security course provider) certs such as GMON, GSEC, GCIH etc.
Qualifications:
Bachelors in Computer Science, or related discipline, or equivalent experience Certified Information Systems Security Professional (CISSP) certification
Experience in Information Technology (IT),
6yrs Extensive experience in analyzing network packet capture data using tools such as Wireshark Experience performing computer forensics and memory analysis using industry standard and open source tools Desirable
Prior SEIM experience – Security event and information management system, log aggregation and event notification
Network packet analysis (PCAP analysis) – Analyzing network packet for malicious / suspicious activity Endpoint forensics – Ability to perform full investigation / forensics of endpoint / end user machine as a result of a security alert.
Responsibilities:
Acts as a subject matter expert in area of field. Leads moderately to complex projects which may be cross functional.
Analyzes complex malware/exploits through forensics, observation of network traffic and using other tools and resources to determine if client’s systems are vulnerable.
Leads development of framework for implementing tools and processes to improve quality and timeliness of reports.
Expert in area of field and applies extensive knowledge of concepts, principles, and practices.
Codes complex tasks that integrate systems, produce reports or provide output that can be leveraged by other team members or systems.
Performs proficient forensic analysis using security tools and monitoring systems to discover the source of anomalous security events.
Assists in performing basic research internally and externally.
Performs complex system administration tasks (e.g. customization, cross-tool integration) for security tools.
Develops a strategy to implement work in department