Netwitness Associate Consultant 2

General Description
As one of the most established cybersecurity companies in the world, we at NetWitness are hard at work every day helping our customers and partners better protect their organizations from cyberattacks. Our products and incident response services are used within most large enterprises, governments and militaries for incident response and threat hunting.

Our Sales Professionals, Sales Engineers and Professional Services Consultants design and deliver solutions for potential and existing customers to enable better visibility, insight and action to prevent and defend against attacks. NetWitness provides the unique ability to provide one single platform with a unified view across all attack surfaces including Network, Logs/SIEM, Endpoint and IoT combined with our AI-based User and Entity Behavioral Analysis (UEBA) and Security, Orchestration, Automation & Response (SOAR) capabilities.

The Senior Consultant Leverages in-depth industry knowledge of the business environment and various technical solutions to assist the customer to gain market share and increase operational efficiencies. Provides technical and consultative leadership for Consulting technical solutions opportunities on a range of complex engagements, focused on an industry or service offering. Requires an in-depth understanding of an organization’s business, industry requirements and systems. Focuses on understanding the customer’s strategic, organizational and business challenges and offers solutions as they relate to the future business environment and operational objectives.

General Responsibilities
• To provide technical and consultative services on NetWitness solutions on a range of complex consulting engagement projects.
• These projects may include conducting workshops, analyzing requirements, develop solution design and recommendation, documentation, deliver training of NetWitness solutions for the customer.
• Works closely with project managers (or acts as project manager), other personnel, and the customer to ensure a smooth project implementation and transition from start to completion.
• Delivers services both independently, as well as in a team environment working closely with NetWitness sales, other personnel, and clients.
• Works on complex projects and manages multiple work streams. Defines and authors deliverables. Delivers projects with approved methodology while adhering to margin, planning and SOW requirements.
• Leads project quality assurance activities, including technical QA reviews. Understands and adheres to proper escalation and change control procedures. Validates requirements, limited prototyping and functionality design and creates proposals that address current and evolving client requirements.
• May manage or function as technical lead on small to medium projects or workstreams of larger, more complex projects. Understands customer business challenges and provides strategy that addresses long term goals. Independently analyzes large amounts of data, provide logical options, create and delivery correct documentation, sound work products and deliverable to achieve customer satisfaction.
• Prepares, maintains and submits activity/progress reports and time recording/management reports in accordance with published procedures. Keeps stakeholders informed of activities and issues promptly. Completes end-of-project reports. Provides knowledge transfer and training throughout and at the completion of assigned projects.
• Able to provide advice on project and product issues to Partner engineer. And able to enable skill of Partner engineer.
• Prepares detailed project plans of an engagement within the standards of project management methodologies. Reviews and validates statement of work (SOW). Categorizes requirements into a project plan detailing schedule, controls, resources, costs, and daily tasks. Prepare risk and remediation plan. Responsible for creating one team approach, goals, and milestones within a project to ensure NetWitness’s commitments to the customer are achieved. Adheres to established standards, processes, and methods to produce solutions that conform to requirements. Strives for, maintains, and further develops excellence in processes and services.
• Articulates the full value of the NetWitness Solutions and NetWitness Services business benefit to the customer. Keeps eyes open on potential future opportunities at the customers' and communicates to sales as appropriate.

Technical Responsibilities
• Work with customers to better enable their ability to hunt for and detect threats.
• Track threat actors and associated tactics, techniques, and procedures (TTPs).
• Hunt for and identify threat actor groups and their techniques, tools, and processes.
• Provide input on cybersecurity best practices, especially as pertains to threat intel, threat hunting, and using/incorporating Network (NDR), Endpoint (EDR), and Log (SIEM) analysis.
• Develop detection content and use cases within the NetWitness product for Network full packet capture, EDR, SOAR, and SIEM.
• Develop advanced queries and alerts to detect adversary actions.
• Develop dashboards and reports to identify potential threats, suspicious/anomalous activity, malware, etc.
• Assess customer gaps in visibility and provide next-step recommendations.
• Assist customers to increase visibility and detection capability, working in synergy with incident response team members and providing expert advice about how to investigate potential attacks.
• Support with pre- and post-sale opportunities to help demonstrate advanced usage of the NetWitness product suite and Threat Hunting techniques.
• Support internal teams for cross-training, collaboration, innovation, and subject matter expertise Perform research and develop techniques to identify and mitigate threats, staying abreast of emerging threats and developing creative solutions to solve customer issues.
• Lead Instructor for technical NW classes (regions include APJ, AMER, EMEA).
• Provide assistance, technical knowledge, and troubleshooting to learners (external/internal).
• Act as technical product SME for team.
• Help with sales project scoping, provide guidance to sales/clients.
• Guide and contribute in technical NetWitness course development.
• Assist in development of knowledge checks and technical assessments.
• Participate in lab and content QA.
• Maintain Instructor documentation, illustrations, notes, questions, presentation/topic order, tips & tricks for future instructors under existing documentation.
• Assisting in gathering and building the lab use-cases.
• Assist with lab deployments/upgrades, particularly for lab images, class environments.
• Deliver or help in creating at least one webinar every 6 months.
• Participate in public customer training events (based on business need).

Requirements
• Ability to understand logging mechanisms for industry standard network, security solutions, servers, and databases.
• Good understanding of networking/Security infrastructure.
• Ability to detail out data flow in a given topology.
• Strong communication skills, i.e., verbal, written, listening, and presentation.
• Analytical thinking and problem-solving skills.
• Proficiency in understanding key difference between logs, events, packets, and incidents.
• In-depth knowledge on collection methodology such as Syslog, SNMP, ODBC, LEA, FTP, SFTP.
• Understanding of the OSI/TCP IP model.
• Added advantage with understanding of NAS/SAN, TAP, Load Balancers, and proxy solutions.
• Reasonably good analytics capability.
• Proficient in configuring industry standard network/security solution such as routers, switches, firewalls, Windows/Unix servers and virtual machines.
• Good understanding of databases (SQL, Oracle and opensource database).
• Troubleshooting connectivity & communication issues between devices.
• Good understanding of Packet Capture (PCAP) and related tools such as Wireshark and Ethereal.
• Logical reasoning/correlation capabilities between various components in the networks.
• Skillsets on writing views, triggers, shell scripts.
• Good understanding of various industry standard practices such as SOC Strategy, Incident Response, and Breach Assessment.
• An understanding and application of the MITRE ATT&CK framework.
• A passion for research, new ideas, and uncovering the unknown about internet threats and threat actors Expertise in at least one of the following: Network Forensics, Host Based Forensics, Log Analysis Basic threat intel understanding and analysis UNIX/Linux expertise, Specifically CentOS Understanding of baselining, tuning, and reviewing alerts generated by detection.
• Knowledge on various threats, security trends, security policy in the industry.
• Familiar with Security Operations Center (SOC) policies and procedures.
• Ability to work on concurrent projects.
• Bachelor's degree in Computer Science, Information technology or relevant experience.
• Excellent presentation, workshop facilitation and interpersonal skills.
• Fluent English speaking and writing.
• Based in Singapore, candidates based overseas will not be considered.
• Up to 50% travel expected, primarily within Asia Countries and may also require travel to EMEA and Middle East Countries occasionally.
• Professional security related qualification (i.e., CCNA, CISSP, GCIH, GCFA, and ECH) is preferred but not mandatory.
• Experience dealing with different global regions is highly preferred.
• NetWitness solution knowledge would be considered an advantage.
• Federal security clearance can be an added advantage.

Attributes/Behaviors
• Customer-centric, ‘can-do’ team-playing attitude
• Consultative style
• Ability to work under pressure
• Ability to manage staff where required
• Pro-active individual with good relationship skills
• Flexible but firm in driving delivery to milestones

RSA is committed to the principle of equal employment opportunity for all employees and applicants for employment and to providing employees with a work environment free of discrimination and harassment. All qualified applicants will receive consideration for employment without regard to race, color, and any other category protected by applicable country law.

If you need a reasonable accommodation during the application process, please contact the RSA Talent Acquisition Team at rsa.global.talent.acquisition@rsa.com. RSA and its approved consultants will never ask you for a fee to process or consider your application for a career with RSA. RSA reserves the right to amend or withdraw any job posting at any time, including prior to the advertised closing date.