Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Jobs - Senior ICS Security Operations Analyst Reston, VA Sterling, VA GCIH, GCIA, GCFE, GREM, GCFA, GRID, GPEN, GWAPT InfoSec Jobs

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Senior ICS Security Operations Analyst
Company Bechtel
Location Reston, VA/ Sterling, VA
Travel 0%
Salary Not provided
Contact Name Mandy Vitto
Contact Email mlvitto/at/
Expires 2018-10-02

Job Description

Like hard problems? Got skillz? We are building a bleeding edge computer incident response capability in industrial control systems (ICS) for our global enterprise, and you can be a critical part of this creative, fast-paced, and exciting team. We are seeking cyber security operations specialists who have expertise in coding, malware analysis, network security monitoring and incident response.
The ideal candidates will have an open mind, bring a fresh perspective to the team and be passionate about cyber security, defending and supporting our missions.
As a Senior ICS Security Operations Analyst, you will assist the team responsible for researching, developing, and implementing defenses for existing plants and affecting future design decisions to enable security in our one-of-a-kind ICS Cyber Laboratory. You will also work with a world-class team to defend Bechtel’s projects using enterprise forensics systems, log analysis systems, and network collection systems to facilitate response to incidents on a global scale. You will work with industry respected malware, network and Incident Response analysts to coordinate a best in class response to computer related incidents, getting a first-hand perspective of adversaries and their tactics.
Why Bechtel?
• Unparalleled mission
• Use of bleeding edge tools, and analysis techniques
• Opportunity to work with some of the best-in-the-industry Incident Response personnel
• Great learning environment. Continued learning is encouraged and supported
• Open research and conference presentations are encouraged
• Too many reasons to list here...
Basic Qualifications:
• 3+ years of experience an IT Security, Incident Operations or Control Systems Security role
• Bachelor’s degree in Information Technology OR 8 years of experience
• Must be a United States citizen
Required Skills:
• Strong analytical, documentation and communication skills
• Experience with SIEM (Security Information Event Management) tools such as ArcSight or Splunk
• Experience with Windows event log analysis
• Excellent written and oral communication skills
• Scripting/Coding experience in a scripting or programming language
• Experience creating and applying Regular Expressions
• Experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control
• Knowledge of Windows and Linux (command line)

Preferred Skills:
• Understanding of network traffic tools, techniques and analysis
• Understanding of host forensics tools, techniques and analysis
• Understanding of IDS & IPS technologies, both signature and behavior based
• Understanding of malware reverse engineering tools, techniques and analysis
• 2+ years of experience with live forensics tools
• Data Acquisition (SCADA) software, and Distributed Control Systems (DCS)
• Versed in various controls frameworks
• Fundamental understanding of IT and OT network communication protocols
• SANS Certifications, ideally GCIH, GCIA, GCFE, GREM, GCFA, GRID, GPEN, GWAPT
• Experience with industrial control systems and threats specific to their operational environment
• Understanding of tools and technologies used for industrial control systems and enterprise security
• Experience developing network detection signatures
• Assessing vulnerabilities, synthesizing complex concepts into understandable narratives, and preparing reports for consumption by others to respond to changing events