Background and experience:
- Advanced knowledge and understanding of network protocols and devices.
- Highly proficient in intrusion analysis and incident response.
- Advanced experience with Mac OS, Windows, and Unix systems.
- Demonstrable problem solving, analytical skills and attention to detail.
- Strong verbal and written communication skills.
- Ability to handle high-pressure situations in a productive and professional manner.
- Document and conform to processes related to security monitoring.
- Provide incident investigation, handling, and response to include incident documentation.
- Conduct computer evidence seizure, computer forensic analysis, and data recovery.
- Strong time management, skills with the ability to multitask.
- Packet and log analysis.
- Ability to work a flexible work schedule, including weekends.
- Provide training and mentorship to lower-level security analysts.
- Provide tuning recommendations for security tools to tool administrators.
- Understanding and/or experience with one or more of the following programming languages: .NET, PHP, Perl, Python, Java, Ruby, C, C++.
- General knowledge and experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices, and threat modeling.
Advanced knowledge of the following:
- Packet Analysis
- SSL Decryption
- Malware Detection
- Network Monitoring Tools
- Case Management System
- Knowledge Base
- Web Security Gateway
- Email Security
- Data Loss Prevention
- Network Access Control
- Vulnerability Identification
Required experience and education:
- Bachelor’s degree in Computer Science or equivalent combination of education and experience required.
- 3+ years of experience in a security operations center (SOC) environment required.
- GCIA, GCIH, GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MSA, MCP, or MCSE preferred.
- Experience with SIEM (i.e. Arcsight, QRadar) Sourcefire, FireEye, Snort or an equivalent tool required.
- 3+ years of experience with reviewing raw log files, data correlation, and analysis (ie. System logs, netflow, firewall, IDS) required.
Experience creating Snort signatures preffered