Configure and operate Snort, Suricata, and FirePOWER for network traffic analysis and intrusion detection.

Create and write efficient Snort, Suricata, and FirePOWER rules for threat detection.

Configure and run open-source Zeek to provide a hybrid traffic analysis framework.

Develop automated threat hunting correlation scripts in Zeek.

Understand TCP/IP layers to identify normal and abnormal traffic for threat detection.

Utilize traffic analysis tools to identify signs of compromise or active threats.

Perform network forensics to investigate traffic, identify TTPs (Tactics, Techniques, and Procedures), and detect active threats.

Extract files and other types of content from network traffic to reconstruct events.

Create BPF (Berkeley Packet Filter) filters to selectively examine specific traffic traits at scale.

Use Scapy to craft custom packets for network testing and analysis.

Leverage NetFlow/IPFIX tools to detect network behavior anomalies and potential threats.

Apply knowledge of network architecture and hardware to customize the placement of network monitoring sensors and sniff traffic off the wire.