Job Description:
The MTA is seeking a highly technical Security Architect/Administrator that will lead the deployment, configuration, administration, and content rule creation of RSA NetWitness. The Security Architect/Administrator will be responsible for all aspects of the product including, but not limited to, the successful configuration of the product to include visibility for all traffic (including perimeter traffic & east/west traffic), tuning and creation of standard security alerts, customized alerts for the MTA, and log forwarding to a SIEM. In addition to being a product subject matter expert, the Architect/Administrator will correspond regularly with other security team members such as Security Monitoring and Threat Intelligence for product enhancements to keep up with dynamically evolving business/industry requirements.
Responsibilities:
· Understand, collaborate, and solve technical/operational business requirements.
· Assess existing network architecture and provide recommendations for optimal visibility.
· Design a deployment plan that is highly resilient with failover, load balancing, and, is able to excel with given network/hardware limitations.
· Install hardware in a large and highly complex technical environment composed of several locations and network egress points.
· Troubleshoot and diagnose network configuration conflicts.
· Maintain and administer appliance post-deployment for patches, security content creation/engineering, and continuous refinement.
· Configure integration with existing security stack and design/develop playbooks for automation.
· Continuous collaboration with other MTA security personnel (including training of how to use the product to its full potential) and communication with senior/executive management as needed.
Mandatory Skill:
· 6+ years’ experience in Information Security.
· Candidate should primarily have information with large scale architecture and network deployments.
· Candidate must also possess expert level skills with multiple programming languages and must demonstrate that they can reverse engineer malware code.
· The Candidate must be an expert in Cyber Security Incident Response processes.
· Must be proficient with UNIX, Windows, OSX, and Mobile Devices.
· Candidate must be proficient with the administration of Office365 and all its security features.
· Candidate should be comfortable with threat hunting across a variety of data sources including writing custom SIEM queries, EDR queries, and other technologies as required.
· The candidate must have experience ingesting and processing intelligence that aligns with MITRE ATT&CK Framework including TTPs that align with MITRE ATT&CK framework.