[TriLUG] Interesting "intrusion analyst" job at NetApp

[Rodney Radford]

While looking through the open job database at NetApp for a friend, I ran across an interesting job requisition that may interest a few people here at TriLUG and though I would pass it along.

No, I don't know the hiring manager and I don't know any more about the position than which I am posting.  Normally I would not post jobs of this type, but this fits in well with the upcoming talk at TriLUG about using Metasploit, so perhaps there are enough in the target audience who would be interested.  Personally, I find it cool and if not already happy where I am, I might even apply to it.  ;-)

Here is the official HR description of the job - copy/pasted instead of a large .pdf file or an external link.  I would be happy to send your application through (not sure if it would help as I don't know the person, but it shouldn't hurt either), or you can apply directly through the external website yourself (in other words, I am not posting this to get a referral bonus).

PS: for those who replied on my previous QA posting, I am still following up on those so don't fret if you have not heard from me - I promise I will get back to you soon.

----------------------------

Business Card Title / Posting Title	Intrusion Analyst
Requisition Number	12749BR
Recruiter	Todd Smith 022019


Job Summary	In this role, you will be part of a team that is responsible for analysis of cyber threats that could impact company resources. The successful candidate will identify attack patterns and trends, assess severity levels, and coordinate remediation efforts. This position further requires ongoing collaboration with other teams to support malware analysis, intrusion detection & response, and threat intelligence.


Posting Location	USA - North Carolina - Research Triangle Park


Job Requirements	Required Skills
○ Practical experience with security incident response
○ Understanding of network protocols (TCP / UDP)
○ Experience with network analysis tools such as Wireshark and TCP Dump
○ Incident Management – analysis, detection and handling of security events
○ Comprehension of how attacks exploit operating systems and protocols
○ Must understand how to analyze network traffic for suspicious and malicious activity
○ Hands-on experience with security technologies:
§ Intrusion Detection & Prevention (IDP) – McAfee IPS, Snort, or Bro
§ Security Information & Event Management (SIEM) – ArcSight, Splunk
§ Packet Capture – NetWitness, Pcap
○ Admin experience in multiple operating systems such as Windows, Solaris, BSD, Linux
○ Knowledge of databases - Oracle, MySQL
○ Ability to write technical documentation and present technical briefings to varying audiences
○ Work with a globally distributed team and rely heavily on electronic communication
○ Due to government regulations pertaining to the nature of this work, the employee must be a US citizen


Desired Skills
○ Previous operational experience in a CIRT, SOC, or CERT
○ Programming / scripting experience
○ Analysis of event data (PCAP, logs, etc)
○ Excellent oral and written communication skills
○ Experience in Ethical Hacking or Red Team
○ Ability to reverse engineer malware
○ Management and tuning of Intrusion Detection signatures
○ Management and creation of correlation (SIEM) rules


Note: this position is located in RTP, NC and is not budgeted for relocation. Candidates local to the RTP area strongly preferred.


Education and Experience	- A minimum of 8 years of experience is required; 9 to 11 years of experience is preferred.
- A Bachelor of Arts or Sciences Degree is required; or equivalent experience. A Graduate - - Degree is preferred.
- CISSP, GIAC, GCIH, or other security related certification