Cyber Security FPC Engineer
Our client - a multinational high-tech business, providing solutions to the defence, aerospace and security industries - is looking for a Cyber Security FPC Engineer with specialist skills in Full Packet Capture systems to support and maintain these security technologies within the deployment of a complex cyber implementation. The position requires demonstrable experience within a similar role preferably working in secure environment such as MOD/GOV/NATO environments.
· Deep configuration and administration of a range of cyber defence specialist tools, primarily focussed on Full Packet Capture (FPC).
· Investigate security events to establish if these are expected tool behaviours, events or a security threat.
· Maintain keen understanding of evolving Internet threats to ensure the security of the networks and assets.
· Write technical articles for internal knowledge base, Whitepapers based upon system integration, functionality upgrades and service improvements.
· Participate in knowledge sharing with other analysts and develop solutions efficiently
· RSA Security Analytics
· Experience with Security Analytics Packet Capture in version 10.x
· Experience with Packet Decoders, Concentrators, Hybrids, Brokers and SA Servers
· Experience of updating / creating meta keys / metatags, configuring live feeds and configuring and updating LUA Parsers.
· Excellent understanding of application protocols (HTTP, DNS, FTP, etc.) and networking protocols (TCP, UDP, IP, ARP, etc.) IPv4/IPv6
· Demonstrate experience of Network Packet Analysis and tools used, such as protocol analysers
· Experience of maintaining a secure enterprise network through configuring and managing typical Security Enforcing Devices, such as Firewalls, Proxies, IDS/IPS devices, HIDS/EPO. Knowledge of Sourcefire/Snort.
· In depth experience of other common devices, such as routers, switches, hubs
· Experienced with integrating existing IT infrastructures into a SIEM / SOC solution from inception through to support
· Understanding of various SOC standards and reporting requirements i.e. GPG13
· Experience implementing SOC reporting and governance
· Experience with SOC automation and workflow products such as Archer GRC