TEKsystems is hiring: Network Security Administrator in Phoenix

Top Skills' Details

Security Content Development
Data exfiltration experience
Close Security gaps
Firewalls, tools based, set up configurations
Linux/Unix
ReGex

Secondary Skills - Nice to Haves

Job Description

Senior: Skills equiv. to 6-10 years in comparable position. The Network Security Tools - Admin Content Developer designs, builds, and manages/maintains the security tools' incoming data feeds, tuners, and use case development tasks, documentation and the process. They design the output of data that fits the use case they are developing, configuring it for output to Splunk or other technologies. They will design, implement, monitor and maintain in-tool alerting. They will configure data within the Network Security Tools for output and integration with other technologies. Requires strong verbal and written communication skills in order to effectively communicate with Sr. Management and Threat Management & Monitoring business units. Must have, in network security tools (not only in the SIEM), network data tuning and data management experience. Must have exceptional collaboration and analytics skills. Experience with at least one of the following types of network security tools required: IDS, Full Packet Capture, Enhanced Netflow Analytics. Experience integrating data into Splunk or a similar/related technology is required. Strong verbal and written communication skills is required.

Additional Skills & Qualifications

Required Experience:- Screening Questions that MUST be attached with the resume- Direct experience performing the Tools Admin Content Developer role within Stealthwatch and Suricata, or related technology. The Network Tools Admin Content Developer designs, builds, and runs the security tools' data feeds, tuners, use cases and output of the data, configuring it for output to Splunk or a similar/related technology. Engineering and Operational Services: • Maintains host groups based on asset management data • Performs data feed tuning • Builds relationship policies • Builds maps/network diagrams (logical and physical) • Integrates Schwab-specific use cases • Implements and maintains rules and content • Internal use case evaluation, configuration and POC with the SIEM and Threat Intelligence teams. • Assists with development of custom rules and content • StealthWatch alerting and live feeds, custom rules and alerts, Syslog templates • StealthWatch, NetWitness, or similar API integration Preferred Technology Experience: *Unix/Linux OS and Command line *RegEx development LUA scripting experience Cisco Stealthwatch Suricata RSA Netwitness RSA Event Stream Analysis RSA Malware This position requires the following shift schedule: M - F 8:00 am - 5 pm (MST/AZ Time). Some after-hours work may be expected. Desired (nice to have) Experience: Engineering and operational services for rule tuning, data configuration and content tuning in Suricata, RSA Event Stream Analysis (ESA) and RSA Malware Analysis. • Creates custom rules and content • RSA Event Stream Analysis (ESA) alerting and live rules, custom ESA rules, Syslog templates • RSA Malware Capability & Configuration • Scoring module config • IOC threshold tuning • Whitelisting • Syslog templates • RSA Event Stream Analysis Appliance Tuning • Analysis and Troubleshooting using Wireshark, tcpdump, or similar utilities Screening Questions: (updated 2/3/2021) 1. As part of the job, you will build and maintain network monitoring to