RSA - Senior Threat Engineer
Primary Location: Bangalore,
Additional Location(s): Bengaluru, India
About RSA SecurID
RSA Security creates a wide range of industry-leading products that allow customers to take control of risk. Whether those risks stem from external cyber threats, identity and access management challenges, online fraud, compliance pressure or any number of other business and technology issues.
The RSA NetWitness Platform is an evolved SIEM – the centerpiece of an intelligent Security Operations Center (SOC) -- that provides end-to-end visibility across an organization’s digital ecosystem that spans networks, transactions, applications, identities and user behaviors. Engineered to immediately detect high-risk threats on devices, in the cloud and across your virtual enterprise, RSA NetWitness Platform also optimizes security response processes to reduce attacker dwell time and make analysts more efficient and effective.
This role will be part of the Threat Content team in Bangalore, India as part of the NetWitness Engineering organization.
- Researching network and/or endpoint threats
- Researching/conducting threat hunting operations using known adversary tactics, techniques and procedures to detect advanced threats.
- Develop security use cases or additional detection capabilities.
- Working with a team of engineers to develop NDR and EDR detection rules, reports and dashboards based on the latest known threats
- Work in close collaboration with Product Management, Incident Response and Sales Engineering teams to identify threats and support customers
- Work with Engineering management to lead all aspects of NetWitness Threat Content in the Bangalore, India location. This includes assigning and tracking projects and developing processes and tools.
- Work with RSA lab managers to stand and maintain a threat content lab that can be used for running threat simulations and developing detection rules
- Work with Engineering management to hire engineers and develop their knowledge of EDR and NDR threats
- 5-10 years hands-on experience with focus in areas such as systems, network, application, and information security. Industry certification such as CISSP, Security+, CEH, CCSP, CISM, CISA, SANS GREM, GCIH, GCFA, GNFA or Offensive Security OSCE a big plus
- You possess demonstrable experience in AWS and Azure
- Familiarity with existing analytical models (E.g. MITRE ATT&CK).
- Experience with sandboxing and malware analysis
- Strong knowledge of web technologies, packets, protocols, Microsoft Windows and Linux/Unix platforms and tools with related experience in corporate infrastructures
- Hands-on experience building EDR and/or NDR detection rules. RSA NetWitness experience a big plus
- Strong technical experience and familiarity of various types and techniques of cyber-attacks, with the incident response and threat hunting lifecycles
- Strong experience in network traffic decoding, analysis and processing with the goal of identifying manual or automated cyber-attacks and C2 traffic
- Hands-on experience building network and/or endpoint infrastructure (physical or virtual)
- Strong Python scripting experience. Knowledge of Esper and/or LUA a big plus
- Previous experience working in a software development Agile environment is a big plus
- Excellent analytical thinking, time management and coordination skills and excellent command in English (both written and verbal)
- Ability to work in a dynamic and multicultural environment, with a positive and professional attitude.
Job ID: R076462
RSA is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at RSA are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. RSA will not tolerate discrimination or harassment based on any of these characteristics. RSA encourages applicants of all ages