FPC/NIPS Tool Manager

工作内容

Overview

Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. As we enter our 50 th year in business, we are known for continuous innovation for government customers, both long-established and newly acquired, as our capabilities expand around the globe. Our work is state-of-the-art and made possible only through the best personnel, tools, and jobs in the national security business. We are highly collaborative in spirit and practice, and we freely share expertise across SPA in our quest for enduring solutions to critical concerns. Come work with the best!

SPA has an immediate need for a FPC/NIPS Tool Manager to provide contacting services to NATO.

Responsibilities

As Full Packet Capture (FPC) / Network Intrusion Prevention System (NIPS) Tool Manager, the incumbent will be responsible for supporting Cyber Defence operations, maintaining and updating the tool’s configurations to match the threat environment, specifically for Full Packet Capture and Network Prevention Intrusion System activities.

The FPC / NIPS Tool manager reports to the Head, Gateway Security Services Section and will work with the Security Event Analysts (SEAs) and the Engineers of the NCSC Operations and Infrastructure Branches to help tune the security tools for optimum Cyber Security Incident Detection while keeping the required performance target. The main aim is to ensure that NCSC Full Packet Capture (capability to locally store a record of the network traffic at various critical points) and NIPS (capacity to identify potential cyber-attacks and intrusions on NATO networks) are installed, configured and fully available.

Main responsibilities include, but are not limited to the following:

• Install, Configure, administrate and provide on-going support of Cyber Defence associated specialist tools (see below ) :
• Full Packet Capture (to include RSA Netwitness platform)
• Network Intrusion Prevention System (to include Cisco Sourcefire/NGIPS and Palo Alto Network Threat Prevention)
• Support the investigation of Security Events to establish if these are expected tool behaviours , events or a security threat.
• Provide technical support for performance testing of content and rules.
• Ensure that all other NCSC specialist applications related to FPC and NIPS are installed, configured, and running properly and in line with dependencies with other systems or applications and NCSC needs. This includes, but is not limited to ensuring proper setup and functioning of NIPS/FPC appliances or integration into monitoring systems.
• Support the Initiation, preparation, follow-up and defence of the specialist applications upgrades in front of the Change Management Board.
• Support the development of implementation plans for new capabilities in the NIPS/FPC areas and take ownership to ensure rapid implementation of those new tools and optimizations.
• Implement the approved changes. Proactively recommend optimizations to capabilities to provide effective and efficient service operations.
• Review security documentation and provide technical advice when requested
• Maintain awareness of new technologies and developments, industry standards and best practices within the NCSC community for FPC / NIPs tools, participating in knowledge sharing with other analysts and develop solutions efficiently
• Perform other essential duties as assigned, as preparation of technical and/or executive level reports
  

Qualifications

Required Qualifications:

• Essential to have a Bachelor’s Degree in Computer Science combined with a minimum of 2 years’ experience in Security Tools Management or a similar position involving Technical ICT Engineering knowledge, or a Secondary education and completed advanced vocational education (loading to a professional qualification or professional accreditation) with 5 years post related experience.
• Experience with enterprise Full Packet Capture solutions ( e.g. RSA/ NetWitness )
• Strong experience in enterprise level configuration and management of Network Intrusion Detection/Prevention capabilities.
• Prior experience in working with Cisco Sourcefire/Next- Generation IPS appliances and Palo Alto Networks Threat Prevention, preferably on enterprise level
• Strong experience in working with Snort, preferably also in writing custom signatures
• Practical experience in analysing packet captures
• Experience in working with the network taps and aggregators
• Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours
• Practical hands-on experience in systems and tools administration.
• Comprehensive knowledge of the principles of computer and communication security, LAN/WAN networking including protocol network architecture, and the vulnerabilities of modern operating systems and applications.
• Working and administering of Linux-based systems;
• Excellent communication abilities, both written and verbal, with the ability to clearly and successfully articulate complex issues to a variety of audiences and teams
• National of one of the 30 NATO countries
• In possession of an active National and/or NATO Secret security clearance
  

Desirable Qualifications

• Knowledge of deploying and customizing Palo Alto Networks Threat Prevention
• Software engineering including programming and/or scripting knowledge (python, shell scripting, PowerShell).
• Good knowledge of Wireshark and other tools to capture and analyse network traffic
• Industry leading certification in the area of Cybersecurity such as CISSP, CISM, MCSE/S, CISA, GSNA, SANS GIAC.
• A solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad.)
• Prior experience of working in an international environment comprising both military and civilian elements.