If qualified, please apply at emerson.com
You may also contact me at paul.jaramillo@emerson.com

Job Requires Relocation to St. Louis, MO

Job ID EMR-00000224
Job Description
As a Security Engineer, the candidate must be able to detect and respond to computer incidents across a global enterprise network. Computer Incidents include, but are not limited to, intrusions, malware events, HR violations, insider threats and intellectual property cases. The candidate will be expected to perform the necessary live response tasks, such as log, memory, and registry analysis, in addition to traditional disk forensics in order to complete the investigations. Responsibilities also include monitoring intrusion detection systems and developing custom IDS signatures in response to new threats. Experience in reverse-engineering suspicious binaries is a plus for this role.

Qualifications:

To perform this job successfully, an individual must be able to perform each basic responsibility satisfactorily and meet education and experience requirements.

Education and Experience:

3+ years Experience in Intrusion Detection and Response with the following components required.

Must be able to quickly understand new threats and technical concepts
Must be passionate about information security with a desire to learn
Must be familiar with incident response methodology
Must have an in depth understanding of Windows & UNIX systems
Must have a solid knowledge of networking fundamentals.
Must have experience with log analysis, for example:
Windows, UNIX, DNS, DHCP, Antivirus, Proxy, Email, IIS, Apache, Firewall, VPN
Certifications are a plus but not required, depending on experience:
GCIH, GREM, GCIA

2+ years Experience in Forensic Investigations with the following components preferred.

Digital evidence acquisition
Artifact recovery and analysis
Creating and analyzing timelines
Windows & Unix forensic analysis
EnCase, FTK, and SIFT
Executive and Technical Reporting
Certifications are a plus but not required, depending on experience
GCFA, ACE, EnCE, CCE

Experience with Red Team engagements is a plus

Vulnerability Scanning and Ethical Hacking
Exploit Frameworks (Metasploit, CANVAS, Core Impact)
Web Application Penetration Testing (Samurai, WebInspect, Hailstorm, Burp Suite)
Certifications are a plus but not required, depending on experience
OSCP, OSCE, GPEN
EOE

For me personally, I want to see two things from an intern. The capability to learn things quickly and a passion for security. Often times I will ask them to learn about a question they missed and discuss it intelligently on the 2nd interview. I also like to see that they like to read technical books and tinker around with a home lab setup. Those to me illustrate someone who is capable of growing and adapting.
For your specific area, RevEng, which is highly technical, it makes sense that you were getting bombarded. Thats one of those jobs where if you don't have a solid tech foundation, the hill is very steep to climb. For that I want to see mastery of C++ and and at least one other language. Decent understanding of assembly, debugging with Olly and disassembly with Ida.

Just my 2cents. Good luck in your interview process!!

I think the cancellation was a given, it was marginally funny with a heavy dose of geek humor and weak tech sauce. Whats more shocking to me is the cancellation of HT and Chicago Code. I thought they were good shows.

Hey VashTS,
You pretty much run into one of the most common themes in IT Security today. Mgmt doesn't care or is ignorant of the security threatscape. That ends up going back on us as security minded individuals to show them the risk in terms they understand. Business terms, lame powerpoints, green and red metrics .... but I digress.
So I would recommend taking something like GCIA or GCIH that would enable you to find active threats in your computing environment. That is something you can leverage right away and show them the threat in action. In my experience most of the courses showing you how to securely configure Win/Nix/IOS are an expensive way to learn what is already freely available online.
Also, I make a habit of bookmarking and/or printing to pdf all the big corporate hacks to highlight the real risk. Even though they may ignore you and write off your security concerns, they usually will pay attention to a NYTimes article showing a company had their email posted to wikileaks and ended up losing massive amounts of shareholder value.

Wow that's something really useful McAfee has put together. Thanks for the link, looks like some awesome security awareness content there.

My preference is for the stand alone IPS to die and become a fully integrated module in your firewall. Similar to the Netscreen IDP, but with the quality of Tipping Point.

I have a general question for all 3 guys. I'm sure its an infrequent occurrence that you find a network you cannot hack. However in that rare occasion, what are some of the things that present the biggest obstacles to your pen test?

I'm interested in learning about when companies get security right. And not necessarily even certain technologies like WIDS or RSA authentication, it could just be use of procedures like patching, centralized logging or investments in user security awareness training.

Cheers!

Thats really weird because typically the last half of the password is cracked first, not the first half.

If your only using an alphanum table and just the first half is cracked then most likely the second half has a special character(s), alt-xxx, or is non-existent. You will need to create a bigger table with more character space using rtgen or winrtgen. Or you could always take your luck on torrent.

If there is a way to just crack the second DES hash, individually I don't know how. In theory you should be able to, but your best bet is to talk to ChrisG, he prolly knows.

All registered, should be awesome just like the last series. Also, great idea Don to have them show up on the forum for Q&A afterwards.

Excellent review Ryan. I will definitely buy this book. I'm glad there is an alternative to the crap that Syngress publishes.

I personally did not like Q1 for the simple fact that it doesn't track by hostname. So essentially everything is IP based and stateless. So you can't add notes to a host so when the event reoccurs other analysts will not see the work you already did. Yes you can whitelist events so that they don't reoccur, but there was also a bug with that as well, where everything gets whitelisted. I also didn't think the product was capable of keeping up with the amount logs generated in a large business, but you might have better luck in a medium sized one.
If I had my choice I would go with Arcsight, which is not without issues either. But in my experience with 3 different products it was the best.

sweet, thx for the heads up, downloading asap

There is not much you can do, if whitelisting the approved netblocks isn't feasible with your business. By that I mean permitting only the people you want to FTP on your server through the fw/router. Blacklisting becomes unmanageable, because you will continually be adding addresses, as I'm sure you've already seen. I would start with what you've already done and geo-block a few countries like the frequent offenders, but that also depends on your business requirements. Then make sure that server has a scheduled patching procedure, is monitored daily and probably chroot ftp if its unix. A more ideal solution would be key based SCP, but that all depends on if your business will accept it.

Ebay ....
http://search.ebay.com/netscreen-5xp_W0QQfnuZ0QQfsooZ2QQfsopZ32QQrprZ8QQxpufuZx

Rather then let you CCNA expire, I would just take one test on the pro tracks like you said. That's what I do, and the tests rarely take longer then a month to prepare for depending on your available time.