Network Forensic Analyst – Clark Creative Solutions – Port Hueneme, CA

Job title: Network Forensic Analyst Company: Clark Creative Solutions Job description: The network forensic analysis (NFA) team member is responsible for the analysis of all corporate IT traffic as well as analysis of firewall rules and routing schemes within the environment. They will use traffic profiling suites housed in tools such as Splunk or Kibana, to search through Zeek logs to identify suspicious behavior, and pivot into packet captures (when necessary) to extract all necessary data for deeper analysis, including data need by the other teams. They will also review alerts from intrusion detection system (IDS) tools (such as Snort) and be able to write and tune rules based on credible threat information, such that they minimize false positives. An ideal candidate for this position will have experience with network administration, troubleshooting, and common network communication that occurs across large-scale corporate networks. Additionally, they will also have a strong background in what common communication patterns associated with Windows and Linux client-server-cloud environments will look like. Having experience with “normal” endpoint behavior and how/why common software communicates will be helpful as well. The primary job of the NFA team is to get a holistic view and understanding of the network architecture, common protocols and core services, and then zero in on concerning anomalies and/or patterns in the network traffic. Skills Proficiency with tools such as • Big data analysis platforms • Splunk, Elastic Stack, etc. • Low level pcap analysis tools • Wireshark, Arkime (formerly Moloch), etc. • Zeek (formerly Bro) • Snort • Suricata • Analysis of • Network maps • DNS configuration • Routing tables • Subnet isolation • Traffic flow patterns • Snort and Suricata rule match verification • Firewall and VPN logs • Analysis skillset • Clear technical documentation • Communication with EL as well as HFA and ICS analysts to dig deeper into what is being • found in network traffic, so the responsible endpoints can be investigated further to • identify the root cause Powered by JazzHR Expected salary: Location: Port Hueneme, CA Job date: Sat, 13 Aug 2022 07:35:20 GMT Apply for the job now! Apply tot his job