Apply on Employer Site

GrammaTech · 3 months ago

ICS Incident Response Analyst

US-VA-Arlington

Full-time

Hybrid

Senior Level, Lead/Staff

$161K/yr - $200K/yr

8+ years exp

GrammaTech is a provider of software solutions and research, focused on solving complex security problems. They are seeking an Incident Response Analyst to respond to cybersecurity incidents in ICS/OT/IT environments, providing recommendations and participating in forensic analysis.

Cyber SecurityDeveloper PlatformSoftware

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Respond to cybersecurity incidents for ICS/OT/IT environments and provide recommendations to affected entities to prevent the reoccurrence of these incidents within a variety of critical infrastructure sectors

Apply traditional incident response and threat hunting tradecraft to industrial control system/critical infrastructure environments

Participate in highly technical operations and forensic analysis

Provide industry experience and expertise in sectors such as: Water, Power and Transportation

Work in a team environment to meet the mission requirements for both incident response and threat hunting engagements

Maintain accurate records of incident response activities and findings

Prepare and deliver incident reports to management and stakeholders

Keep current with latest security trends and news to continually improve hunt and incident response operations

Qualification

Threat HuntingIncident ResponseIndustrial Control SystemsPythonSIEM ToolsSecurity AssessmentsForensic AnalysisIncident ReportingSecurity Trends AwarenessTeam Collaboration

Required

Bachelor's degree and 8+ years related technical experience, or Master's degree and minimum of 6 years' experience or PhD and 3 years' experience. 12 years of experience may be substituted in lieu of degree

1-2 years of Threat Hunting or DFIR experience directly supporting Critical Infrastructure (CI) / Industrial Control System (ICS) environments

Python, Bash, PowerShell, and/or JavaScript scripting experience

Experience examining malicious applications on operating systems such as Linux, Mac, Windows, IOS, Android and IOT network devices

Experience conducting security site assessments and scoping

Experience with a variety of the following tools: Ida-Pro, Ollydbg, X64dbg, Scyllax64, Objdump, Readelf, Ghidra, Process Explorer, CFF Explorer, Wireshark, Fiddler, Regshot, Process Monitor, and Process Hacker

Experience with the common open source and commercial tools used in security event analysis and other areas of security operations

Prior experience using a SIEM tool for pattern identification, anomaly detection, and trend analysis

Prior experience analyzing a variety of industrial control systems network protocols, including but not limited to: ModBus, ENIP/CIP, BACnet, DNP3

US citizenship with ability to obtain TS SCI

Able to obtain and maintain a favorably adjudicated DHS background investigation (EOD)