Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Jobs - Senior ICS Security Operations Analyst Reston, VA GREM, GRID, GCFA, GCIA, GCIH InfoSec Jobs

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Senior ICS Security Operations Analyst
Company Bechtel
Location Reston, VA
Preferred GIAC Certifications GREM, GRID, GCFA, GCIA, GCIH
Travel 5%
Salary Not provided
Contact Name Andrew Hunt
Contact Email ahunt/at/
Expires 2018-08-14

Job Description

Senior ICS Security Operations Analyst

Requisition ID: 208782

Like hard problems? Got skillz? Bechtel is building a bleeding edge computer incident response capability in industrial control systems (ICS) for our global enterprise, and you can be a critical part of this creative, fast-paced, and exciting team. We are seeking a Senior ICS Security Operations Analyst who has expertise in coding, malware analysis, network security monitoring and incident response.

The ideal candidate will have an open mind, bring a fresh perspective to the team and be passionate about cyber security, defending and supporting our missions.

As a Senior ICS Security Operations Analyst, you will assist the team responsible for researching, developing, and implementing defenses for existing plants and affecting future design decisions to enable security in our one-of-a-kind ICS Cyber Laboratory. You will also work with a world-class team to defend Bechtel’s projects using enterprise forensics systems, log analysis systems, and network collection systems to facilitate response to incidents on a global scale. You will work with industry respected malware, network and Incident Response analysts to coordinate a best in class response to computer related incidents, getting a first-hand perspective of adversaries and their tactics.

Must be a US Citizen

Why Bechtel?

• Unparalleled mission

• Use of bleeding edge tools, and analysis techniques

• Opportunity to work with some of the best-in-the-industry Incident Response personnel

• Great learning environment. Continued learning is encouraged and supported

• Open research and conference presentations are encouraged

• Too many reasons to list here...

Basic Qualifications:

• 5+ years of experience in a security or incident operations role

• 2+ years of experience with live forensics tools such as EnCase Enterprise, Mandiant Response Tools, Google Rapid Response, or FTK Imager

• Bachelor's degree in Information Technology or 8 years of experience

• Must be a United States citizen

Required Skills:

• Strong analytical, documentation and communication skills

• Experience with SIEM (Security Information Event Management) tools such as ArcSight or Splunk

• Understanding of network traffic tools, techniques and analysis

• Understanding of host forensics tools, techniques and analysis

• Understanding of malware reverse engineering tools, techniques and analysis

• Understanding of IDS & IPS technologies, both signature and behavior based

• Experience with Windows event log analysis

• Excellent written and oral communication skills

• Scripting/Coding experience in a scripting or programming language (Python, C, JavaScript, etc)

• Experience creating and applying Regular Expressions

• Knowledge of Host Forensics, Malware Reverse Engineering, or Network Forensics

• Experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS)

• Versed in various controls frameworks, including: IEC62443, NERC CIP, NIST

• Fundamental understanding of IT and OT network communication protocols (For example: TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.)

• Knowledge of Windows and Linux (command line)

Preferred Skills:

• Minimum of three years in industrial control systems or Operational Technology (OT)

• SANS Certifications, ideally GCIH, GCIA, GCFE, GREM, GCFA, GRID, GPEN, GWAPT

• Possess in-depth domain expertise working with industrial control systems in a relevant industry such as Electric Power, Oil & Gas, Chemical, Transportation, Water/Wastewater, or Manufacturing

• Experience with industrial control systems and threats specific to their operational environment

• Expert level knowledge of tools and technologies used for industrial control systems and enterprise security

• Experience developing YARA, snort or Bro signatures

• Versed in various controls frameworks, including: IEC62443, NERC CIP, NIST

• Experience testing ICS vulnerabilities

• Assessing vulnerabilities, synthesizing complex concepts into understandable narratives, and preparing reports for consumption by others to respond to changing events

Shaping tomorrow together

Bechtel is among the most respected engineering, project management, and construction companies in the world. We stand apart for our ability to get the job done right—no matter how big, how complex, or how remote. Bechtel operates through four global business units that specialize in infrastructure; mining and metals; nuclear, security and environmental; and oil, gas, and chemicals. Since its founding in 1898, Bechtel has worked on more than 25,000 projects in 160 countries on all seven continents. Today, our 53,000 colleagues team with customers, partners, and suppliers on diverse projects in nearly 40 countries.

An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without
regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected
veteran status and will not be discriminated against on the basis of disability.