The Security Analyst is a hands-on technical lead, performing cyber security functions, especially related to investigating cybersecurity alerts, incident response, and threat hunting in our Operational Technology (OT) systems and environments that includes Industrial Control Systems (ICS) in Electric Transmission and Distribution, Gas, Power Operations, and Nuclear and the associated networks and communications. Utilizes information security technologies such as antivirus, IDS/IPS, SIEM, threat detection, configuration management, vulnerability management, as well as security policies and procedures, and incident response. Provides technical expertise and support to clients, IT management and staff in cybersecurity threat risk assessments, development, testing and the implementation and operation of appropriate information security plans, procedures, and control techniques designed to prevent, minimize or quickly recover from cyber-attacks or other serious events.
Utilizes information security technologies.
Provides technical expertise in threat/risk assessments.
Defines, designs, and implements strategies to protect against emerging threats using security tools.
Responds to security incidents.
Performs threat hunting function to discover potential cybersecurity events.
Bachelor's degree in Computer Science, Information Systems, Cyber Security, Engineering or related discipline and minimum of 4 years of experience in Information Security or related field.
In lieu of a degree, minimum of 8 years of experience in information security role.
Hands-on technical lead performing cyber security functions and maintaining systems, while providing technical guidance to the team.
Has experience with cyber investigations and/or threat hunting.
Utilizes information security technologies such as antivirus, IDS/IPS, SIEM, threat detection, configuration management, vulnerability management, as well as security policies and procedures, and incident response.
Incident response and threat analysis experience, including SIEM technology. Proficient in defining processes and procedures for incident response.
Technical experience includes: information / data / network / computer security design, administration and/or assessment.
Broad knowledge of information systems including Windows and Linux OS security, network security, systems development, communication networks, security software/hardware and operating systems.
Experience with key information security technologies such as SIEM, firewalls, intrusion detection/prevention systems, vulnerability assessment, anti-malware, and security event analysis in OT environments.
Nice to Have:
CompTIA Security+ or equivalent.
(ISC)2 Certified Information Systems Security Professional (CISSP), SANS Global Industrial Cyber Security Professional (GICSP), or equivalent.
Experience with the implementation of NIST Cyber Security Framework (CSF), North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54).
Experience of IT/OT technologies and utility industry experience preferred with an awareness of utility specific security threats.
Security certifications in incident response, cyber investigation, forensics, or threat hunting.
Experience with cloud computing and can implement strong security to protect cloud first environment.