Description
Cisco Cyber Security Engineer (NIPS/FPC) - Mons, Belgium - Contract -12 months plus - Rate Excellent
My client is looking to recruit Cyber Security Engineers with specialist skills in Network Intrusion Detection systems and/or Full Packet Capture systems. The specialists will be working in Mons, Belgium. The position requires demonstrable experience within a similar role preferably working in secure environment such as MOD/GOV/NATO environments.
Current Security clearance: NATO Secret/SC Cleared is essential
Requirements
A motivated, self-managed individual who is willing to help design and adapt a constantly evolving service. Someone who can demonstrate above average analytical skills and liaise professionally with peers and client stakeholders, even under pressure.
- Cisco FireSight - experience with:
- Cisco FMS in large environments utilising Cisco 8000 series hardware Sensors including virtual appliances
- Snort rule writing, rule & pre-processor tuning, rule & pre-processor performance testing and verification
- Cisco FMS report generation, log and rule correlation
- Cisco FMS and series 8000 Sensor troubleshooting including performance enhancements
- System upgrades and security updates on live systems
- 8000 Series Stacked/Clustered Sensors
- RSA Security Analytics - experience with:
- Security Analytics Packet Capture in version 10.x
- Packet Decoders, Concentrators, Hybrids, Brokers and SA Servers
- Updating/creating metakeys/metatags, configuring live feeds and configuring and updating LUA Parsers
- Application protocols (HTTP, DNS, FTP, etc.) and networking protocols (TCP, UDP, IP, ARP, etc.) IPv4/IPv6
- Network Packet Analysis and tools used, such as protocol analysers
- Software engineering including programming and/or Scripting knowledge. Python, Perl, Linux Shell Scripting
- Sound knowledge of IT security best practice, common attack types and detection/prevention methods
- Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours
- Experience of maintaining a secure enterprise network through configuring and managing typical Security Enforcing Devices, such as Firewalls, Proxies, IDS/IPS devices, HIDS/EPO. Knowledge of Sourcefire/Snort
- In depth experience of other common devices, such as Routers, Switches, hubs
- Capable of communicating clearly with team members and other analysts. Able to demonstrate reading, writing and spoken English to IS level III at least (B1 of the Council of Europe/Association of Language Testers)
- Experienced with integrating existing IT infrastructures into a SIEM/SOC solution from inception through to support
- Understanding of various SOC standards and reporting requirements ie GPG13
- Experience implementing SOC reporting and governance
- Experience with SOC automation and workflow products such as Archer GRC
Knowledge or experience of the following would be desirable:
- Exposure to IT service management best practices such as ITIL
- Experience of using and administering SIEM and Log Management tools such as ArcSight ESM and ArcSight Logger
- Solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad)
Current Security clearance: NATO Secret/SC Cleared is essential