Incident Response Analyst with OT/ICS/SCADA

Currently hiring an experienced Incident Response Analyst with OT/ICS/SCADA experience for its' Federal Strategic Cyber program in Arlington, VA.

(Ideal candidate needs to be amenable to travel, approximately 40%)

In this role, you will:

• Respond to cybersecurity incidents for ICS/OT/IT environments and provide recommendations to affected entities to prevent the reoccurrence of these incidents within a variety of critical infrastructure sectors.
• Apply specific functional knowledge to resolve cybersecurity incidents and perform proactive threat hunts. Develop or contribute to solutions to a variety of problems of moderate scope and complexity.
• Be involved with highly technical operations and forensic analysis and serve as consultants, continuously advising client decision makers.
• Provide industry experience and expertise for one or multiple critical infrastructure sectors/sub-sectors, including but not limited to Water, Power, Critical Manufacturing, and Transportation
• Follow pre-defined procedures to respond to and escalate incidents.
• Provide expertise to define procedures for response to customer cyber security incident in the industrial control system environment.
• Apply traditional incident response and threat hunting tradecraft to industrial control system/critical infrastructure environments—with a deep understanding of the nuance and constraints of industrial environments.
• Seamlessly work alongside a team of host, network, and cloud forensic analysts to meet the mission requirements for both incident response and threat hunting engagements.
• Maintain accurate records of incident response activities and findings.
• Prepare and deliver incident reports to management and stakeholders.
• Need to be comfortable working in a team environment and collaborating to meet mission goals.
• Keep current with latest security trends and news to continually improve hunt and incident response operations.
• Be a Self-starter with strong attention to detail and critical thinking ability.
• Have a strong customer-service orientation with excellent written and oral communication skills.
• The ability to self-teach and self-test new tools and methodologies, and to problem-solve independently.

Requirements

Required Experience:

• Bachelors degree and 5 years of relevant experince. (An additional 4 years will be considered in lieu of degree.)
• 4 years of Threat Hunting or Digital Forensics & Incident Response (DFIR) experience.
• 2 years of Threat Hunting or DFIR experience directly supporting Critical Infrastructure (CI) / Industrial Control System (ICS) environments.
• Experience with security site assessments and scoping—including but not limited to the analysis of network security architecture, baseline ports, protocols, and services, and characterize network assets.
• Scripting in Python, Bash, PowerShell, and/or JavaScript.
• Experience using a SIEM tool for pattern identification, anomaly detection, and trend analysis.
• Experience analyzing a variety of industrial control systems network protocols, including but not limited to: ModBus, ENIP/CIP, BACnet, DNP3, etc..
• Experience with the common open source and commercial tools used in security event analysis, incident response, computer forensics, malware analysis, or other areas of security operations.
• Experience with collection and detection tools, including OSS/COTS host-based and network-based tools.
• U.S. citizenship and an Active Top Secret Security Clearance required.
• In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation for continued employment.
• Desired:
• Certifications: GISCP and either GFCA or GNFA.
• Experience on DoD Cyber Protection Teams, a plus.
• Experience performing digital forensics and analysis on a variety of vendor/OEM equipment—including but not limited to laptop/desktops, PLC’s, HMI’s, Historians, and related SCADA systems.
• Experience with SIEM (Splunk) —threat hunting, analytic development, dashboards, and reporting.
• Familiarity with regulatory standards and frameworks relevant to critical infrastructure (e.g., NIST, IEC 62443).
• Ability to automate simple/repeatable but critical tasks.

Benefits

• Healthcare, Vision, and Dental Insurance
• 20 Days of Paid Time Off
• 11 Observed Federal Holidays
• Military Leave
• 401K Matching
• Training/Certification Reimbursement
• Short term/Long term disability
• Parental/Maternity Leave
• Life Insurance

STEMBoard is committed to hiring and retaining a diverse workforce. All qualified candidates will receive consideration for employment without regard to disability, protected veteran status, race, color, religious creed, national origin, citizenship, marital status, sex, sexual orientation/gender identity, age, or genetic information. Selected applicant will be subject to a background investigation. STEMBoard is an Equal Opportunity/Affirmative Action employer.