cFocus Software Incorporated
NetWitness Security Engineer- Packet Capture- HHS STIM
cFocus Software Incorporated, Washington, District of Columbia, us, 20022
Overview
NetWitness Security Engineer - Packet Capture for HHS STIM (cFocus Software). This role supports the Security Tools and Infrastructure Modernization (STIM) contract with the U.S. Department of Health and Human Services (HHS). Location: Atlanta, GA; Washington, DC; or Remote. Public Trust clearance will be required. Responsibilities
Serve as the enterprise expert on RSA NetWitness and other packet capture/forensics platforms. Conduct packet capture and traffic analysis for threat detection, forensic investigation, and incident response. Support integration of packet capture systems with SIEM and SOC workflows. Develop and tune packet capture policies, filters, and monitoring rules to optimize visibility. Analyze network traffic to identify Indicators of Compromise (IOCs), malware activity, and anomalous behaviors. Provide forensic reporting and technical recommendations to stakeholders and leadership. Mentor and train junior analysts in packet capture and forensic investigation techniques. Ensure compliance with NIST SP 800-61, NIST SP 800-53 Rev. 5, and DISA STIGs. Required Experience
10+ years of IT security engineering and analysis experience. Extensive hands-on expertise with RSA NetWitness or comparable packet capture tools. Experience in network forensics, intrusion detection, and advanced traffic analysis. Proven ability to support incident response teams and forensic investigations. Experience leading packet capture engineering initiatives in federal environments. Education & Certifications
Bachelors degree in Computer Science, Information Security, or a related field (or higher) with ~10+ years of packet capture work experience. Current NetWitness-related certifications such as RSA MSSP Analyst Master in Advanced Security Operations Center (ASOC), RSA MSSP Engineer Master in ASOC, and/or RSA Systems Engineer Professional in Security Analytics. Clearance
Must be eligible to obtain and maintain a Public Trust (High-Risk, Level 5) clearance. Location
Atlanta, GA (also eligible for DC or Remote work as applicable).
#J-18808-Ljbffr
NetWitness Security Engineer - Packet Capture for HHS STIM (cFocus Software). This role supports the Security Tools and Infrastructure Modernization (STIM) contract with the U.S. Department of Health and Human Services (HHS). Location: Atlanta, GA; Washington, DC; or Remote. Public Trust clearance will be required. Responsibilities
Serve as the enterprise expert on RSA NetWitness and other packet capture/forensics platforms. Conduct packet capture and traffic analysis for threat detection, forensic investigation, and incident response. Support integration of packet capture systems with SIEM and SOC workflows. Develop and tune packet capture policies, filters, and monitoring rules to optimize visibility. Analyze network traffic to identify Indicators of Compromise (IOCs), malware activity, and anomalous behaviors. Provide forensic reporting and technical recommendations to stakeholders and leadership. Mentor and train junior analysts in packet capture and forensic investigation techniques. Ensure compliance with NIST SP 800-61, NIST SP 800-53 Rev. 5, and DISA STIGs. Required Experience
10+ years of IT security engineering and analysis experience. Extensive hands-on expertise with RSA NetWitness or comparable packet capture tools. Experience in network forensics, intrusion detection, and advanced traffic analysis. Proven ability to support incident response teams and forensic investigations. Experience leading packet capture engineering initiatives in federal environments. Education & Certifications
Bachelors degree in Computer Science, Information Security, or a related field (or higher) with ~10+ years of packet capture work experience. Current NetWitness-related certifications such as RSA MSSP Analyst Master in Advanced Security Operations Center (ASOC), RSA MSSP Engineer Master in ASOC, and/or RSA Systems Engineer Professional in Security Analytics. Clearance
Must be eligible to obtain and maintain a Public Trust (High-Risk, Level 5) clearance. Location
Atlanta, GA (also eligible for DC or Remote work as applicable).
#J-18808-Ljbffr