JobHire
face icon
Register to automatically apply for this and similar jobs
Register
star

Incident Response Analyst with OT/ICS/SCADA

STEMBoard

Arlington, virginia

Job Details

Not Specified

Full Job Description

Currently hiring an experienced Incident Response Analyst with OT/ICS/SCADA experience for its' Federal Strategic Cyber program in Arlington, VA. 

(Ideal candidate needs to be amenable to travel, approximately 40%)

In this role, you will:

    • Respond to cybersecurity incidents for ICS/OT/IT environments and provide recommendations to affected entities to prevent the reoccurrence of these incidents within a variety of critical infrastructure sectors.
    • Apply specific functional knowledge to resolve cybersecurity incidents and perform proactive threat hunts. Develop or contribute to solutions to a variety of problems of moderate scope and complexity. 
    • Be involved with highly technical operations and forensic analysis and serve as consultants, continuously advising client decision makers.
    • Provide industry experience and expertise for one or multiple critical infrastructure sectors/sub-sectors, including but not limited to Water, Power, Critical Manufacturing, and Transportation
    • Follow pre-defined procedures to respond to and escalate incidents.
    • Provide expertise to define procedures for response to customer cyber security incident in the industrial control system environment.
    • Apply traditional incident response and threat hunting tradecraft to industrial control system/critical infrastructure environments—with a deep understanding of the nuance and constraints of industrial environments.
    • Seamlessly work alongside a team of host, network, and cloud forensic analysts to meet the mission requirements for both incident response and threat hunting engagements.
    • Maintain accurate records of incident response activities and findings.
    • Prepare and deliver incident reports to management and stakeholders.
    • Need to be comfortable working in a team environment and collaborating to meet mission goals.
    • Keep current with latest security trends and news to continually improve hunt and incident response operations.
    • Be a Self-starter with strong attention to detail and critical thinking ability.
    • Have a strong customer-service orientation with excellent written and oral communication skills.
    • The ability to self-teach and self-test new tools and methodologies, and to problem-solve independently.

Requirements

Required Experience: 

    • Bachelors degree and 5 years of relevant experince. (An additional 4 years will be considered in lieu of degree.) 
    • 4 years of Threat Hunting or Digital Forensics & Incident Response (DFIR) experience.
    • 2 years of Threat Hunting or DFIR experience directly supporting Critical Infrastructure (CI) / Industrial Control System (ICS) environments.
    • Experience with security site assessments and scoping—including but not limited to the analysis of network security architecture, baseline ports, protocols, and services, and characterize network assets.
    • Scripting in Python, Bash, PowerShell, and/or JavaScript.
    • Experience using a SIEM tool for pattern identification, anomaly detection, and trend analysis.
    • Experience analyzing a variety of industrial control systems network protocols, including but not limited to: ModBus, ENIP/CIP, BACnet, DNP3, etc..
    • Experience with the common open source and commercial tools used in security event analysis, incident response, computer forensics, malware analysis, or other areas of security operations.
    • Experience with collection and detection tools, including OSS/COTS host-based and network-based tools.
    • U.S. citizenship and an Active Top Secret Security Clearance required.
      • In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation for continued employment.
  • Desired: 
    • Certifications: GISCP and either GFCA or GNFA.
    • Experience on DoD Cyber Protection Teams, a plus.
    • Experience performing digital forensics and analysis on a variety of vendor/OEM equipment—including but not limited to laptop/desktops, PLC’s, HMI’s, Historians, and related SCADA systems.
    • Experience with SIEM (Splunk) —threat hunting, analytic development, dashboards, and reporting.
    • Familiarity with regulatory standards and frameworks relevant to critical infrastructure (e.g., NIST, IEC 62443).
    • Ability to automate simple/repeatable but critical tasks.

Benefits

  • Healthcare, Vision, and Dental Insurance
  • 20 Days of Paid Time Off
  • 11 Observed Federal Holidays
  • Military Leave
  • 401K Matching
  • Training/Certification Reimbursement
  • Short term/Long term disability
  • Parental/Maternity Leave
  • Life Insurance

STEMBoard is committed to hiring and retaining a diverse workforce. All qualified candidates will receive consideration for employment without regard to disability, protected veteran status, race, color, religious creed, national origin, citizenship, marital status, sex, sexual orientation/gender identity, age, or genetic information. Selected applicant will be subject to a background investigation. STEMBoard is an Equal Opportunity/Affirmative Action employer.

Get 10x more interviews and get hired faster.

JobHire.AI is the first-ever AI-powered job search automation platformthat finds and applies to relevant job openings until you're hired.

Registration