WaveStrong, Inc

  • SIEM/RSA Content Developer

    Job Locations US-NJ-Roseland
    Posted Date 2 years ago(5/9/2016 7:44 PM)
    ID
    2016-1015
    # of Openings
    1
    Category
    Information Technology
  • Overview

    Our client is seeking a SIEM/RSA Content Developer in Roseland, NJ for a 6 months contract.

    Responsibilities

    SIEM/RSA Content Developer

    • Content development – Providing actionable intelligence to the analysts that sit in the Critical Incident Response Center (CIRC).
    • Creating parsers, rules, suppressions, metrics and dashboards for the CIRC analysts. Creating suppression inside or modification of the rules based on understanding the needs and issues of the analysts.
    • Work closely with and communicate with the analyst in the Incident Response Center and understand what an analyst goes through on a daily basis.
    • Subject Matter Expert in incident response, need to create the custom rule sets around the data and how to capture the resulting output.

     

    Role:

    • Understanding of cyber-fraud and malware is a plus
    • Creating parsers in RSA Security Analytics (SA) for log, focus on the logs more so than packets.
    • Creating parsing rules, ESA rules, and packet LUA rules.
    • Creating correlation rules for logs in the Event Stream Analysis (ESA) appliance - Language ESPER
    • Create the custom rule sets around the data and how to capture the resulting output
    • Familiarity with SA for packets
    • Working on service deliverables. SME with Incident Response
    • RSA Archer – Must know how to use Archer (no development of code or integration required).
    • Work stream start in Archer, service tickets are created in Archer.
    • Linux experience
    • Scripting languages; Perl, Python, Shell

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed