Description
URGENTLY in search for an Intrusion detection system (IDS) expert.
1 Year rolling contract.
For every process concerned, the services to be provided will cover:
- as formal inputs, injection of improvements in the defined procedures based on Contractor reference operational experience and best practices in the field,
- and as formal output, regular (formally monthly) documentation of all tasks performed and specific technical analysis reports.
- Specialized consultant who will provide such service as SOC second line (first line being the Incident Handling Team), will work under the supervision of the Team (respectively IDS and Vulnerability Management Team leaders).
Management of the IDS Infrastructure
- apply corrections to the current design in order to ease the maintenance and deployment
- implement and maintain monitoring of the infrastructure in order to have up and running system
- monitor the IDS infrastructure and apply corrections as required
- deploy additional sensors following the development of the network or according to additional needs
- ensure necessary updates are deployed (system, rules, )
- implement and maintain IDS in test environment
- produce and maintain accurate and up-to-date technical documentation, including processes and procedures (so called playbook) related to the IDS technical capabilities
Management of the IDS rules ref. rules sources (open sources + source acquired
- ensure rule sources are optimal (extend or reduce as required)
- monitor rules parsing to avoid alerts flood due to wrong rule
- implement rules checking capacity in the test environment
Management of alerts
- continuous monitoring of alerts
- maintain the ratio of true alerts at the optimal level
Management of the Full Packet Capture (FPC) Infrastructure
- apply corrections to the current design in order to ease the maintenance and deployment
- implement and maintain monitoring of the FPC infrastructure in order to have up and running system
- monitor the FPC infrastructure and apply corrections as required
- deploy additional network traffic capture components following the development of the network or according to additional needs
- ensure necessary updates are deployed (system, rules, )
- produce and maintain accurate and up-to-date technical documentation, including processes and procedures (so called playbook) related to the FPC technical capabilities
Coordination between IDS and Incident Response Teams
Deliverables (subject to Contractor quality review):
- monthly activity reports summarizing all tasks performed and detailing monthly improvements
- specific IDS rules definition and implementation
- specific detailed technical IDS management analysis reports.
All candidates should be SC Cleared OR Have previous security clearance (Within Europe)
For immediate consideration please send your CV (see below)