Our client is seeking a SIEM/RSA Content Developer in Roseland, NJ for a 6 months contract.
SIEM/RSA Content Developer
Content development – Providing actionable intelligence to the analysts that sit in the Critical Incident Response Center (CIRC).
Creating parsers, rules, suppressions, metrics and dashboards for the CIRC analysts. Creating suppression inside or modification of the rules based on understanding the needs and issues of the analysts.
Work closely with and communicate with the analyst in the Incident Response Center and understand what an analyst goes through on a daily basis.
Subject Matter Expert in incident response, need to create the custom rule sets around the data and how to capture the resulting output.
Understanding of cyber-fraud and malware is a plus
Creating parsers in RSA Security Analytics (SA) for log, focus on the logs more so than packets.
Creating parsing rules, ESA rules, and packet LUA rules.
Creating correlation rules for logs in the Event Stream Analysis (ESA) appliance - Language ESPER
Create the custom rule sets around the data and how to capture the resulting output
Familiarity with SA for packets
Working on service deliverables. SME with Incident Response
RSA Archer – Must know how to use Archer (no development of code or integration required).
Work stream start in Archer, service tickets are created in Archer.