Company Job Description: NetWitness Senior Consultant

As one of the most established cybersecurity companies in the world, we at NetWitness are hard at work every day helping our customers and partners better protect their organizations from cyberattacks. Our products and incident response services are used within most large enterprises, governments and militaries for incident response and threat hunting. Our Sales Professionals, Sales Engineers and Professional Services Consultants design and deliver solutions for potential and existing customers to enable better visibility, insight and action to prevent and defend against attacks. NetWitness provides the unique ability to provide one single platform with a unified view across all attack surfaces including Network, LogsSIEM, Endpoint and IoT combined with our AI-based User and Entity Behavioral Analysis (UEBA) and Security, Orchestration, Automation & Response (SOAR) capabilities.

The Senior Consultant Leverages in-depth industry knowledge of the business environment and various technical solutions to assist the customer to gain market share and increase operational efficiencies. Provides technical and consultative leadership for Consulting technical solutions opportunities on a range of complex engagements, focused on an industry or service offering. Requires an in-depth understanding of an organization’s business, industry requirements and systems. Focuses on understanding the customer’s strategic, organizational and business challenges and offers solutions as they relate to the future business environment and operational objectives.

Principal Accountabilities:

Work with customers to better enable their ability to hunt for and detect threats

Track threat actors and associated tactics, techniques, and procedures (TTPs)

Hunt for and identify threat actor groups and their techniques, tools, and processes

Provide input on cybersecurity best practices, especially as pertains to threat intel, threat hunting, and using/incorporating Network (NDR), Endpoint (EDR), and Log (SIEM) analysis.

Develop detection content and use cases within the NetWitness product for Network full packet capture, EDR, SOAR, and SIEM

Develop advanced queries and alerts to detect adversary actions

Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.

Assess customer gaps in visibility and provide next-step recommendations

Assist customers to increase visibility and detection capability, working in synergy with incident response team members and providing expert advice about how to investigate potential attacks

Support with pre and post-sale opportunities to help demonstrate advanced usage of the NetWitness product suite and Threat Hunting techniques

Support internal teams for cross-training, collaboration, innovation, and subject matter expertise Perform research and develop techniques to identify and mitigate threats, staying abreast of emerging threats and developing creative solutions to solve customer issues

Deploy NetWitness into security-conscious environments and tune it appropriately

Local DC Travel:

Although primarily remote

Skills:

Excellent written/verbal communication and interpersonal skills

Applicable experience in a threat-hunting and/or Incident Response role

An understanding and application of the MITRE ATT&CK framework

A passion for research, new ideas, and uncovering the unknown about internet threats and threat actors Expertise in at least one of the following: Network Forensics, Host Based Forensics, Log Analysis Basic threat intel understanding and analysis UNIX/Linux expertise, Specifically CentOS Understanding of baselining, tuning, and reviewing alerts generated by detection

Preferred Additional Skills:

SOAR and TIP experience SOAR Playbook Design experience NetWitness Experience

Additional Information:

There is a requirement to commute to fed office in DC. Additionally, must hold an active TS/SCI w/poly clearance.

RSA is committed to the principle of equal employment opportunity for all employees and applicants for employment and to providing employees with a work environment free of discrimination and harassment. All employment decisions at RSA are based on business needs, job requirements and individual qualifications, without regard to race, color, religion, national origin, sex (including pregnancy), age, disability, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, protected veteran status, genetic information, or any other characteristic protected by federal, state or local laws. RSA will not tolerate discrimination or harassment based on any of these characteristics. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. All RSA employees are expected to support this policy and contribute to an environment of equal opportunity.