Description
Perform the Cyber Security Monitoring process for Real Time electric SCADA/ICS IT environments, analyze and investigate events, maintain required compliance evidence, and escalate potential security incidents for response.Responsibilities:
- Complete daily Cyber Security Monitoring and Incident Response activities including but not limited to: log review, alert response and analysis, coordination with SCADA teams and users, filter modifications, event escalation and follow-up, management report scheduling & running, compliance evidence generation, and vulnerability management activities
- Generate evidence, reports and support compliance activities associated with security monitoring and log management/review
- Develop, tune, and maintain tools to automate analysis capabilities for network-based, host-based and log-based security event analysis. Create signatures, rule sets, and content analysis definitions from various intelligence sources for a variety of security detection capabilities
- Organize and maintain documentation of detection capabilities, alert definitions, policy configurations, and tool rule sets
- Maintain adherence to Corporate Security Operations standards, policies & procedures
- Remain up-to-date on the latest security information in order to validate the security analysis & identification capabilities of the security operations technologies
- Support efforts to analyze & define security filters & rules for a variety of security parameters
Minimum:
- Bachelor's Degree in Computer Science or a related 4-year technical degree (or a minimum 4 years of IT experience)
- Minimum 3 years of IT Security experience, to include applied monitoring and incident response experience
- Minimum 3 years of SCADA/Industrial Control Systems (ICS) platform support experience (and/or monitoring of SCADA/ICS environments)
- Core Technical: Intrusion Detection, Netflow Analysis, Log Analysis, Rule/Signature/Content Development, Programming or Scripting experience required.
- Must exhibit understanding and application of the principles of Network Security Monitoring (NSM).
- Ability to analyze log data, netflow data, alert data, network traffic and other data sources to validate security events.
- Ability to create signatures and detection content in IDS, SIEM and Log analysis platforms.
- Ability to consume, comprehend, utilize and create indicators of compromise.
- Ability to tune detection tools for accuracy.
- Execute on intelligence-driven detection capabilities.
- Perform daily analysis of detection reports and alerts.
- Maintain tools, scripts and applications for detection and automation capabilities.
- Identify opportunities for capability and efficiency improvements.
- Ability to conduct network and host analysis of compromised and baseline systems to identify anomalies.
- Exhibit understanding of tools, tactics and procedures (TTP) of malicious actors such as hacktivist groups, cybercrime organizations and advanced persistent threats.
- Identify and report on detection trends.
- Comprehensive knowledge of common networking protocols: HTTP, DNS, DHCP, SMTP, NTP, SSH, FTP.
- Platforms: Prior experience using Industrial Defender, ArcSight and/or Splunk for security event management.
- General Info Security: Intelligence-Driven Detection, Security Principles, Threat Lifecycle Management, Incident Management & Lifecycle, Platform Analysis, NSM, DFIR
- SCADA/ICS: Power/Gas utility SCADA platform deployment and support
- Process Management: Overall Process Design & SOC Threat Management, Teamwork, Collaboration and independent contributions
- Information security certifications (monitoring, incident response)