Please see some notes that may help
Like I mentioned on our call earlier this week I think we’re complicating this ask in two ways:
- We’re calling it “Countermeasure” but really the main ask is an Intrusion Prevention Systems staff aug. Not sure if the naming is confusing or distracting from the primary nee. This role is going to sit on this team and help mature their architecture, continue to develop operational efficiencies and validate it’s effectiveness at preventing network based attacks. This is not a specialized role and all searches for candidates should be focused on IPS and never use search terms like “countermeasure” as they’ll yield no results.
- Sourcefire IPS is a requirement but that product has gone through several rebranding exercises since it was purchased by Cisco. So if someone has Cisco IPS on their resume but not Sourcefire IPS I worry that those candidates are being ruled out. Other names you might see on resumes that are synonymous with Sourcefire are FireSIGHT, Cisco FTD, and Cisco AMP for Networks. If any of those terms are on the experience piece of someones resume chances are they have the technical competency we’re looking for.
Mainly remote; 1 week per month onsite may be required.
Length of Engagement
– 6 Months
Project Location: Atlanta, GA
CTC and 1099 Accepted
Resumes or Profiles to:
- SourceFire experience is a must.
- Must know policy, signatures (development, writing signatures) and integrating SourceFire
As a CounterMeasure resource requires proficiency in the following areas:
- IPS signatures
- YARA rules, rules for detection in cloud platforms
- Creation and implementation of custom Proxy, HIPS, NIPS, and/or DLP rule sets in order to further protect the enterprise.
- Work with SIEM team to create and implement custom alerting rules in SEIM for review and investigation.
What we would expect to see on a resume:
- Network Security (NIPS, HIPS, AV, Firewalls, etc)
- Scripting and coding experience (bash, PowerShell, python, etc.)
- Relevant security certifications a plus (such as: CISSP, GCIA, GCIH, GREM, CEH, others)