Job ID: (9127)
Title: IT- Cyber Security Threat Analyst/Specialist – Senior
Location: Concord, CA
Duration: 4 month contract.
Major Areas of Responsibility/Tasks • Perform hunting for malicious activity across the network and digital assets • Respond to computer security incidents and conduct threat analysis as directed • Identify and act on malicious or anomalous activity • Conducts analysis using a variety of tools and data sets to identify indicators of malicious activity on the network • Perform initial investigation and triage for potential security incidents • Provide accurate and priority driven analysis on cyber activity/threats • Perform payload analysis of packets • Detonate malware to assist with threat research • Provides input to assist with implementation of counter-measures or mitigating controls • Ensures all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment • Collaborates with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity • Resolve or coordinate the resolution of cyber security events • Monitor incoming event queues for potential security incidents • Create, manage, and dispatch incident tickets • Monitor external event sources for security intelligence and actionable incidents • Maintain incident logs with relevant activity • Document investigation results, ensuring relevant details are passed to senior analysts and stakeholders • Participate in root cause analysis or lessons learned sessions • Write technical articles for knowledge sharing • Establish and maintain excellent working relationships/partnerships with the cyber security and infrastructure support teams throughout the Information Technology organization, as well as business units
This is a challenging and fast passed position in PG&E's Security Intelligence and Operations Center (SIOC) which is responsible for detecting, analyzing and responding to any suspicious cyber security activity across PG&E's business and operational networks. The SOC is a critical team within PG&E's broader Information Security team which is led by PG&E's Vice President - Chief Information Security Officer. Education Required: • Formal education or training in Computer Science, Network and Security, or a related field under way or completed; or equivalent experience in IT Security related roles Training, Licenses or Certifications Required: • Formal IT Security/Network Certification such as Chappell Univ's WCNA, CompTIA Security +, Cisco CCNA, SANS GIAC Certified Intrusion Analyst (GCIA), SANS GIAC Continuous Monitoring (GMON) certification, or related certification/degree Prior Experience Required: • 3 years of Information Technology experience, with at least 2 years of experience in information security working within security operations, security intelligence or equivalent functions Desired: • Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) experience • Utility Industry experience Knowledge, Skills, and Abilities/ Technical Competencies Required: • Working knowledge of log, network, and system forensic investigation techniques • Working knowledge of diverse operating systems, networking protocols, and systems administration • Working knowledge of commercial forensic tools • Working knowledge of common indicators of compromise and of methods for detecting these incidents • Substantial knowledge of IT core infrastructure and cyber security components/devices • Working knowledge of TCP/IP Networking and knowledge of the OSI model • Working knowledge of OS management and Network Devices • Working knowledge of Intrusion Detection/Prevention Systems • Working knowledge of Antivirus Systems • Experience monitoring threats via a SIEM console • Experience performing analysis of log files from a variety of sources, to include individual host logs, network traffic logs, firewall logs, or intrusion prevention logs • Excellent problem solving, critical thinking, and analytical skills - ability to de-construct problems • Strong customer service skills and decision-making skills • Experience with packet analysis (Wireshark) and Malware analysis preferred • Working knowledge of PG&E infrastructure preferred • IBM QRadar and Dell SecureWorks experience preferred • Candidate must have familiarity with regulatory requirements, such as NERC/CIP, NIST SP 800, SOX, etc. Desired: • Experience with scripting in Perl/Python/Ruby • Experience with both desktop-based and server-based forensics • Reverse engineering skills Personal Attributes • Strong sense of professionalism and ethics. • Acts with integrity and communicates honestly and openly • Ability to build rapport and cooperation among teams and internal stakeholders • Respects others and demonstrates fair treatment to all • Methodical and detail oriented • Self-motivated • Actively seeks to enhance the group through the sharing of knowledge
Saurabh Singh| Trainee Recruitment Executive