Incident Response Analyst with OT/ICS/SCADA
Arlington, Virginia, United States
Full Time Entry-level / Junior Clearance required USD 86K - 138K *
STEMBoard
STEMBoard is an award-winning woman-owned small business specializing in professional advisory services for elite organizations.Currently hiring an experienced Incident Response Analyst with OT/ICS/SCADA experience for its' Federal Strategic Cyber program in Arlington, VA.
(Ideal candidate needs to be amenable to travel, approximately 40%)
In this role, you will:
- Respond to cybersecurity incidents for ICS/OT/IT environments and provide recommendations to affected entities to prevent the reoccurrence of these incidents within a variety of critical infrastructure sectors.
- Apply specific functional knowledge to resolve cybersecurity incidents and perform proactive threat hunts. Develop or contribute to solutions to a variety of problems of moderate scope and complexity.
- Be involved with highly technical operations and forensic analysis and serve as consultants, continuously advising client decision makers.
- Provide industry experience and expertise for one or multiple critical infrastructure sectors/sub-sectors, including but not limited to Water, Power, Critical Manufacturing, and Transportation
- Follow pre-defined procedures to respond to and escalate incidents.
- Provide expertise to define procedures for response to customer cyber security incident in the industrial control system environment.
- Apply traditional incident response and threat hunting tradecraft to industrial control system/critical infrastructure environments—with a deep understanding of the nuance and constraints of industrial environments.
- Seamlessly work alongside a team of host, network, and cloud forensic analysts to meet the mission requirements for both incident response and threat hunting engagements.
- Maintain accurate records of incident response activities and findings.
- Prepare and deliver incident reports to management and stakeholders.
- Need to be comfortable working in a team environment and collaborating to meet mission goals.
- Keep current with latest security trends and news to continually improve hunt and incident response operations.
- Be a Self-starter with strong attention to detail and critical thinking ability.
- Have a strong customer-service orientation with excellent written and oral communication skills.
- The ability to self-teach and self-test new tools and methodologies, and to problem-solve independently.
Requirements
Required Experience:
- Bachelors degree and 5 years of relevant experince. (An additional 4 years will be considered in lieu of degree.)
- 4 years of Threat Hunting or Digital Forensics & Incident Response (DFIR) experience.
- 2 years of Threat Hunting or DFIR experience directly supporting Critical Infrastructure (CI) / Industrial Control System (ICS) environments.
- Experience with security site assessments and scoping—including but not limited to the analysis of network security architecture, baseline ports, protocols, and services, and characterize network assets.
- Scripting in Python, Bash, PowerShell, and/or JavaScript.
- Experience using a SIEM tool for pattern identification, anomaly detection, and trend analysis.
- Experience analyzing a variety of industrial control systems network protocols, including but not limited to: ModBus, ENIP/CIP, BACnet, DNP3, etc..
- Experience with the common open source and commercial tools used in security event analysis, incident response, computer forensics, malware analysis, or other areas of security operations.
- Experience with collection and detection tools, including OSS/COTS host-based and network-based tools.
- U.S. citizenship and an Active Top Secret Security Clearance required.
- In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation for continued employment.
- Desired:
- Certifications: GISCP and either GFCA or GNFA.
- Experience on DoD Cyber Protection Teams, a plus.
- Experience performing digital forensics and analysis on a variety of vendor/OEM equipment—including but not limited to laptop/desktops, PLC’s, HMI’s, Historians, and related SCADA systems.
- Experience with SIEM (Splunk) —threat hunting, analytic development, dashboards, and reporting.
- Familiarity with regulatory standards and frameworks relevant to critical infrastructure (e.g., NIST, IEC 62443).
- Ability to automate simple/repeatable but critical tasks.
Benefits
- Healthcare, Vision, and Dental Insurance
- 20 Days of Paid Time Off
- 11 Observed Federal Holidays
- Military Leave
- 401K Matching
- Training/Certification Reimbursement
- Short term/Long term disability
- Parental/Maternity Leave
- Life Insurance
STEMBoard is committed to hiring and retaining a diverse workforce. All qualified candidates will receive consideration for employment without regard to disability, protected veteran status, race, color, religious creed, national origin, citizenship, marital status, sex, sexual orientation/gender identity, age, or genetic information. Selected applicant will be subject to a background investigation. STEMBoard is an Equal Opportunity/Affirmative Action employer.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Bash Clearance Clearance Required Cloud DFIR DNP3 DoD Forensics GNFA ICS IEC 62443 Incident response Industrial JavaScript Malware Modbus Network security NIST Open Source PowerShell Python SCADA Scripting Security Clearance SIEM Splunk Top Secret
Perks/benefits: Gear Insurance Parental leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs