Threat Level: green Handler on Duty: Kevin Liston

SANS ISC: InfoSec Jobs - Senior ICS Security Operations Analyst Reston, VA GCIH, GCIA, GCFE, GREM, GCFA, GRID, GPEN, GWAPT InfoSec Jobs

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Senior ICS Security Operations Analyst
Company Bechtel
Location Reston, VA
Travel 0%
Salary Not provided
Contact Name Mandy Vitto
Contact Email mlvitto/at/
Expires 2018-10-02

Job Description

Like hard problems? Got skillz? Bechtel is building a bleeding edge computer incident response capability in industrial control systems (ICS) for our global enterprise, and you can be a critical part of this creative, fast-paced, and exciting team. We are seeking a Senior ICS Security Operations Analyst who has expertise in coding, malware analysis, network security monitoring and incident response.

The ideal candidate will have an open mind, bring a fresh perspective to the team and be passionate about cyber security, defending and supporting our missions.

As a Senior ICS Security Operations Analyst, you will assist the team responsible for researching, developing, and implementing defenses for existing plants and affecting future design decisions to enable security in our one-of-a-kind ICS Cyber Laboratory. You will also work with a world-class team to defend Bechtel’s projects using enterprise forensics systems, log analysis systems, and network collection systems to facilitate response to incidents on a global scale. You will work with industry respected malware, network and Incident Response analysts to coordinate a best in class response to computer related incidents, getting a first-hand perspective of adversaries and their tactics.

Must be a US Citizen

Why Bechtel?

• Unparalleled mission

• Use of bleeding edge tools, and analysis techniques

• Opportunity to work with some of the best-in-the-industry Incident Response personnel

• Great learning environment. Continued learning is encouraged and supported

• Open research and conference presentations are encouraged

• Too many reasons to list here...

Basic Qualifications:

• 5+ years of experience in a security or incident operations role

• 2+ years of experience with live forensics tools such as EnCase Enterprise, Mandiant Response Tools, Google Rapid Response, or FTK Imager

• Bachelor's degree in Information Technology or 8 years of experience

• Must be a United States citizen

Required Skills:

• Strong analytical, documentation and communication skills

• Experience with SIEM (Security Information Event Management) tools such as ArcSight or Splunk

• Understanding of network traffic tools, techniques and analysis

• Understanding of host forensics tools, techniques and analysis

• Understanding of malware reverse engineering tools, techniques and analysis

• Understanding of IDS & IPS technologies, both signature and behavior based

• Experience with Windows event log analysis

• Excellent written and oral communication skills

• Scripting/Coding experience in a scripting or programming language (Python, C, JavaScript, etc)

• Experience creating and applying Regular Expressions

• Knowledge of Host Forensics, Malware Reverse Engineering, or Network Forensics

• Experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS)

• Versed in various controls frameworks, including: IEC62443, NERC CIP, NIST

• Fundamental understanding of IT and OT network communication protocols (For example: TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.)

• Knowledge of Windows and Linux (command line)

Preferred Skills:

• Minimum of three years in industrial control systems or Operational Technology (OT)

• SANS Certifications, ideally GCIH, GCIA, GCFE, GREM, GCFA, GRID, GPEN, GWAPT

• Possess in-depth domain expertise working with industrial control systems in a relevant industry such as Electric Power, Oil & Gas, Chemical, Transportation, Water/Wastewater, or Manufacturing

• Experience with industrial control systems and threats specific to their operational environment

• Expert level knowledge of tools and technologies used for industrial control systems and enterprise security

• Experience developing YARA, snort or Bro signatures

• Versed in various controls frameworks, including: IEC62443, NERC CIP, NIST

• Experience testing ICS vulnerabilities

• Assessing vulnerabilities, synthesizing complex concepts into understandable narratives, and preparing reports for consumption by others to respond to changing events