Advisory Incident Response Consultant
We would like to speak with candidates interested in the position of Incident Response Consultant, leveraging RSA’s NetWitness product suite. The NetWitness product suite is a revolutionary network monitoring platform that provides enterprises a precise and actionable understanding of activity occurring on the network. It also includes a host monitoring tool that provides for host forensic visibility of all endpoints. NetWitness solutions are deployed in customer environments to solve a wide range of challenging information security problems including: insider threats, zero-day exploits and targeted malware, advanced persistent threats, fraud, espionage, data leakage, and continuous monitoring of security controls.
The IR consultant will predominantly assist with pre and post-sale opportunities to help demonstrate advanced usage of the NetWitness product suite, while also providing an opportunity for knowledge transfer and enablement of clients and internal RSA staff. As opportunities arise, the IR consultant will also provide RSA customers with pro-active and re-active analysis into the activities taking place on their networks. Through the capture and expert analysis of live network traffic utilizing the NetWitness platform, the Consultant will determine the overall state of the network and identify and report on all areas of concern. The IR Consultant will also perform research and develop techniques to identify and mitigate threats, staying abreast of all emerging threats and developing creative solutions to solve customer issues.
+ Assist with Pre/Post sale NetWitness opportunities
+ NetWitness subject matter expert
+ Mentor internal RSA staff members on advanced security techniques utilizing RSA toolsets
+ Conduct incident response engagements
+ Summarize and report findings to key stakeholders
+ Network Security Forensics Incident response subject matter expert
+ Project management
+ Mentor junior staff members
1. Required Skills and Experience:
+ Excellent written/verbal communication and interpersonal skills
+ Network Security Forensics Analysis Experience utilizing tools such as WireShark, enCase, FTK, Netwitness, or similar
+ Host Based Forensics Analysis Experience utilizing tools such as ECAT, enCase, FTK, Mandiant, Access Data or similar
+ Prior Incident Response Security Experience
+ Network capture traffic analysis and forensics
+ Malware analysis / reverse engineering techniques and tools would be a plusAbility to distill complex technical concepts into business terms that decision makers can use to quickly take action
+ Expert level knowledge of typical attack vectors and system penetration techniques
+ Advanced Linux/Windows skills
+ Familiar with NIST guidelines (800-61, 800-86)
+ Understanding of Network Protocols and security infrastructure (proxies, firewalls, email filtering technologies, and network intrusion detection systems)
1. Desired Skills: (Nice to have)
+ Experience with network capture and analysis products and advanced flex parser development
+ Any Prior Programming in one or more language would be plus (C#.NET or Java (J2EE))
+ Red Teaming
1. Experience and Education Qualifications:
+ 3 or more years in incident response role
+ BS/MS in Computer Science or equivalent experience
+ Certifications (GIAC, CEH, etc.)
+ Active security clearance is preferred, not required
+ Up to 60% national travel required with an occasional need for international travel.
When you choose our company, you join a diverse world of innovative thought leaders. At our core is a commitment to workplace diversity, the sustainability of our planet, and community corporate involvement. We offer highly competitive salaries, bonus programs, world-class benefits, and unparalleled growth and development opportunities-all to create a compelling and rewarding work environment.
We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), sexual orientation, gender identity and/or expression, national origin, protected veteran status, disability, genetics, or citizenship status (when otherwise legally authorized to work) and will not be discriminated against on the basis of such characteristics or any other status protected by the laws or regulations in the locations where we operate. We encourage applicants of all ages.
**Critical Hiring Criteria:**
Professional Services, Consulting
400 - SECURITY
VA - Glen Allen, VA - Herndon, VA - McLean, VA - Reston, WI - Madison, WI - Pewaukee, TN - Nashville, UT - Draper, UT - Ogden, UT - Park City, UT - Pleasant Grove, UT - Roy, UT - Salt Lake City, CA - Burbank, CA - El Sagundo, CA - Irvine, CA - Pasadena, CA - Sunnyvale, CT - Fairfield, NJ - East Brunswick, NJ - Princeton, NJ - South Plainfield, NJ - Warren, NY - Melville, NY - New York, NY - Manhattan, NY - White Plains, WA - Bellevue, WA - Seattle, CA - Campbell, CA - Menlo Park, CA - Palo Alto, CA - Pleasanton, CA - San Francisco, CA - San Jose, CA - San Mateo, CA - Santa Clara