Description
Candidate will support a Security Information Event Monitoring (SIEM) project.
Responsibilities:
Ensure effectiveness of logging and reporting eg logical network devices, Firewall, IDS, WinTel/UNIX platforms, web and internal application logs etc.
Assist project teams for customized reporting work, correlation rule and alert creation based on the various information security requirements by RSA enVision.
Implement security use cases in the RSA enVision platform
Perform day-to-day operational management of multiple RSA enVision SIEM systems.
Maintain issue logs, track/follow up on problems with RSA. Perform quality assurance testing of patches and updates before installing to production environment.
Required:
Good understanding of Information Security and basic concepts of Firewall, IDS, ACL etc. preventive vs. detective controls.
Extensive knowledge in the field of event logging and reporting.
Experience with security, performance or availability monitoring tools
Solid understanding of event driven systems
Prior knowledge of RSA enVision is a big plus
Scripting knowledge of PERL or VB is a plus
Candidate will have 5+ years IT experience performing security assessments of both internally developed and hosted systems, as well as third party vendor hosted and supported systems.
Excellent communication (oral, written, presentation), interpersonal and consultative skills.