Job Description
The OT Cyber Security Analyst is responsible for monitoring cyber security solutions in support of manufacturing operations, detection and analysis of potentially compromised systems, root cause analysis, and supporting remediation efforts. The successful candidate has a good technical knowledge of IT cyber security, experience with SIEM solution, hands on experience with Incident Response process, is aware of latest threats within industry, and an interest in becoming an expert in OT security. The role leverages technical knowledge in multiple disciplines within Infrastructure and Information Security such as assessing threats, hunting and Incident Response. The applicant will be responsible for researching potential impact to the organization, and communicating the risks. The OT Cyber Security Analyst will closely cooperate with various Cyber Fusion Center teams and operational staff on a manufacturing sites.
Day to Day:
1) Triage events from our new Claroty deployment and determine what response team(s) need to be involved for either awareness or remediation.
2) Help work with us, Claroty and our Manufacturing area to tune the events coming from Claroty so that the most important and useful events are handled by various interested parties (e.g. SOC, Manufacturing IT, Vulnerability Mgmt team, etc)
3) Work with our SOC and Manufacturing IT team to put together a process for OT Incident and Event support and make recommendations on how this service should move forward after this engagement.
4) Help troubleshoot or oversee infrastructure or deployment issues with Claroty (should be minimal)
Required Skills & Experience
-At least 3-5 years of experience in cyber security responsibilities with a focus/interest in Operational Technology (OT) and working with a SOC.
-Experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS)
-Understanding of IT and OT network communication protocols (including TCP/IP, UDP, DNP3, Modbus, OPC) and ability to perform packet analysis
-Understanding of threats, vulnerabilities, and exploits in ICS environments and appropriate mitigation techniques
-Experience with OT Cyber Security Solution (eg. Dragos, Claroty, Nozomi, Indegy, etc.)
-Experience with security technologies such as firewall logs, IDS/IPS, endpoint security solutions, proxies and other related security technologies
-Experience working in security operations environments, experience with key security operations technologies such as SIEM and log aggregation (e.g., ArcSight, Splunk ES, IBM QRadar etc.)
-Experience with cyber, security engineering, security operations, computer network operations, information operations, information warfare, or topical cyber
-Experience with Incident Response (IR), Cyber Threat Intelligence (CTI) and Threat Defense Operation (TDO) functions, Understand the NIST Incident Response framework
Nice to Have Skills & Experience
-Security certifications (e.g. GICSP,GRID, GCIP) for Operational Technology
-Other Certifications: Security+, GCIA, GCIH, OSCP, CEH
-Experience with Digital Forensics
-Experience creating Indicators of Compromise from technical sources and/or experience with Snort, YARA, or other detection technologies
-In depth understanding of operating systems, network/system architecture, and IT architecture design
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.