WaveStrong, Inc

SIEM/RSA Content Developer

US-NJ-Roseland
2 years ago
ID
2016-1015
# of Openings
1
Category
Information Technology

Overview

Our client is seeking a SIEM/RSA Content Developer in Roseland, NJ for a 6 months contract.

Responsibilities

SIEM/RSA Content Developer

  • Content development – Providing actionable intelligence to the analysts that sit in the Critical Incident Response Center (CIRC).
  • Creating parsers, rules, suppressions, metrics and dashboards for the CIRC analysts. Creating suppression inside or modification of the rules based on understanding the needs and issues of the analysts.
  • Work closely with and communicate with the analyst in the Incident Response Center and understand what an analyst goes through on a daily basis.
  • Subject Matter Expert in incident response, need to create the custom rule sets around the data and how to capture the resulting output.

 

Role:

  • Understanding of cyber-fraud and malware is a plus
  • Creating parsers in RSA Security Analytics (SA) for log, focus on the logs more so than packets.
  • Creating parsing rules, ESA rules, and packet LUA rules.
  • Creating correlation rules for logs in the Event Stream Analysis (ESA) appliance - Language ESPER
  • Create the custom rule sets around the data and how to capture the resulting output
  • Familiarity with SA for packets
  • Working on service deliverables. SME with Incident Response
  • RSA Archer – Must know how to use Archer (no development of code or integration required).
  • Work stream start in Archer, service tickets are created in Archer.
  • Linux experience
  • Scripting languages; Perl, Python, Shell

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed