Tools & Technologies:

  • Various FOSS – Free and Open Source Software
  • IDS/IPS
  • NetFlow, and protocol collection and analysis tools like
    • Snort ,
    • Suricata ,
    • Bro ,
    • Argus ,
    • SiLK ,
    • tcpdump, and
    • WireShark

Protocol Exposure:

  • TCP/IP or OSI network protocol stack,
  • IP
  • Internet Control Message Protocol (ICMP),
  • TCP,
  • User Datagram Protocol (UDP),
  • Simple Mail Transfer Protocol (SMTP),
  • Post Office Protocol 3 (POP3),
  • Hypertext Transfer Protocol (HTTP),
  • File Transfer Protocol (FTP),
  • SSH
  • Cryptograhy and Hash protocol
    • Advanced Encryption Standard (AES),
    • Rivest, Shamir, and Adleman (RSA),
    • MessageDigest Algorithm (5) (MD5),
    • Secure Hash Algorithm (SHA),
  • Kerberos,
  • Secure Socket Layer/ Transport Layer Security (SSL/TLS), and
  • Diffe Hellman Security engineering and
  • Architecture work—analysis and engineering of security features of large, distributed systems
  • Experience with any NIDS/NIPS or HIDS/HIPS tools
  • Experience working with various log aggregation and SIEM tools such as ArcSight ,Mcafee ESM  or Splunk
    • Experience with vulnerability assessment and penetration testing tools such as Metasploit , CORE Impact , Immunity Canvas , or Kali Linux
    • Experience with programming and scripting languages and text manipulation tools, most notably Perl, but also including sed and awk , grep, Ruby , and Python
    • Knowledge of Windows and other OS internals and popular file systems and work with media forensics and analysis tools such as
      • AccessData FTK
      • EnCase Forensic
    • Experience in  Linux/UNIX system administration, along with network (router and switch), Web server, firewall, or DNS administration

Soft Skills:

  • Written and oral communication
  • Ability to thrive on high ops tempo, high-stress environments
  • Strong team player
  • Ability to provide on-the-job training and knowledge sharing to other analysts
  • Self-initiative with strong time management
  • Solid sense of integrity and identification with the mission

Certifications:

  • MCSE,CEH,ECSA.SSCP,Security Plus for Windows Security Analyst
  • RHCE,CEH,ECSA.SSCP,Security Plus,Shell scripting for Linux/Unix Security Analyst
  • Cisco Security/Checkpoint Security certification plus CEH,ECSA.SSCP,Security Plus for Network Security Analyst
  • CISSP with real SOC management experience, documentation ,ISO 27K,  RHCE,CEH,ECSA.SSCP for SOC manager