Cyber Security Analyst

Perform the Cyber Security Monitoring process for Real Time electric SCADA/ICS IT environments, analyze and investigate events, maintain required compliance evidence, and escalate potential security incidents for response.

RESPONSIBILITIES:
Complete daily Cyber Security Monitoring and Incident Response activities including but not limited to: log review, alert response and analysis, coordination with SCADA teams and users, filter modifications, event escalation and follow-up, management report schedulinglook for anomalies and follow up on alerts.
Develop, tune, and maintain tools to automate analysis capabilities for network-based, host-based and log-based security event analysis. Create signatures, rule sets, and content analysis definitions from various intelligence sources for a variety of security detection capabilities
Organize and maintain documentation of detection capabilities, alert definitions, policy configurations, and tool rule sets
Maintain adherence to Corporate Security Operations standards, policies & procedures
Remain up-to-date on the latest security information in order to validate the security analysis & identification capabilities of the security operations technologies
Support efforts to analyze & define security filters & rules for a variety of security parameters

SKILLS:

MINIMUM:
Bachelor's Degree in Computer Science or a related 4-year technical degree (or a minimum 4 years of IT experience)
Minimum 3 years of IT Security experience, to include applied monitoring and incident response experience
Minimum 3 years of SCADA/Industrial Control Systems (ICS) platform support experience (and/or monitoring of SCADA/ICS environments)
Core Technical: Intrusion Detection, Netflow Analysis, Log Analysis, Rule/Signature/Content Development, Programming or Scripting experience required.
Must exhibit understanding and application of the principles of Network Security Monitoring (NSM).
Ability to analyze log data, netflow data, alert data, network traffic and other data sources to validate security events.
Ability to create signatures and detection content in IDS, SIEM and Log analysis platforms.
Ability to consume, comprehend, utilize and create indicators of compromise.
Ability to tune detection tools for accuracy.
Execute on intelligence-driven detection capabilities.
Perform daily analysis of detection reports and alerts.
Maintain tools, scripts and applications for detection and automation capabilities.
Identify opportunities for capability and efficiency improvements.
Ability to conduct network and host analysis of compromised and baseline systems to identify anomalies.
Exhibit understanding of tools, tactics and procedures (TTP) of malicious actors such as hacktivist groups, cybercrime organizations and advanced persistent threats.
Identify and report on detection trends.
Comprehensive knowledge of common networking protocols: HTTP, DNS, DHCP, SMTP, NTP, SSH, FTP.
Platforms: Prior experience using Industrial Defender, ArcSight and/or Splunk for security event management.

PREFERRED:
General Info Security: Intelligence-Driven Detection, Security Principles, Threat Lifecycle Management, Incident Management & Lifecycle, Platform Analysis, NSM, DFIR
SCADA/ICS: Power/Gas utility SCADA platform deployment and support
Process Management: Overall Process Design & SOC Threat Management, Teamwork, Collaboration and independent contributions
Information security certifications (monitoring, incident response)
Industrial Defender/Arcsight or Splunk experience