WaveStrong, Inc

SIEM/RSA Content Developer

Job Locations US-NJ-Roseland
Posted Date 2 years ago(5/9/2016 7:44 PM)
# of Openings
Information Technology


Our client is seeking a SIEM/RSA Content Developer in Roseland, NJ for a 6 months contract.


SIEM/RSA Content Developer

  • Content development – Providing actionable intelligence to the analysts that sit in the Critical Incident Response Center (CIRC).
  • Creating parsers, rules, suppressions, metrics and dashboards for the CIRC analysts. Creating suppression inside or modification of the rules based on understanding the needs and issues of the analysts.
  • Work closely with and communicate with the analyst in the Incident Response Center and understand what an analyst goes through on a daily basis.
  • Subject Matter Expert in incident response, need to create the custom rule sets around the data and how to capture the resulting output.



  • Understanding of cyber-fraud and malware is a plus
  • Creating parsers in RSA Security Analytics (SA) for log, focus on the logs more so than packets.
  • Creating parsing rules, ESA rules, and packet LUA rules.
  • Creating correlation rules for logs in the Event Stream Analysis (ESA) appliance - Language ESPER
  • Create the custom rule sets around the data and how to capture the resulting output
  • Familiarity with SA for packets
  • Working on service deliverables. SME with Incident Response
  • RSA Archer – Must know how to use Archer (no development of code or integration required).
  • Work stream start in Archer, service tickets are created in Archer.
  • Linux experience
  • Scripting languages; Perl, Python, Shell


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed