Summary
The Cyber Security Analyst will work in SRP's Security Operations Center (SOC) which is responsible for detection, response, and remediation of cyber security events across the enterprise. The Analyst will respond to security events, participate in incident response activities, and support tools used by the SOC team. This role will focus on SRP's Operational Technology environments, and ensuring adequate monitoring and security controls are deployed to support detection and response objectives. Applicants should have excellent analytical, communication and problem-solving skills.
What You'll Do
- Identify, triage, and respond to cyber security events in SRP's operational technology (OT) environments
- Analyze data from multiple sources and tools to discover anomalous and adversarial behavior
- Maintain awareness of current threat landscape utilizing threat intelligence from government and industry partners, as well as information security community resources
- Develop alerts, reports, and dashboards within the SIEM to facilitate detection and triage
- Create playbooks and procedures to support detection and response scenarios
- Advise and support implementation of security controls and new defensive capabilities
- Provide technical and NERC/CIP compliance support for OT monitoring systems
- Develop thorough understanding of relationship between IT/OT environments, business value of OT systems, and potential attack vectors in OT environments
- Interface with OT technology/security support staff on other teams, foster relationships, and develop processes for monitoring and response
- Participate in department on-call rotation to respond to after-hours events
What It Takes To Succeed
Ideal candidates should have 2+ years of experience in an Operation Technology focused role, Security Operations Center or cyber security incident response role, or 3 to 5 years of Information Technology and/or InfoSec experience.
The applicant should have a moderate to strong understanding of two or more of the areas listed below and have at least basic knowledge across most areas.
- SIEM technologies (Splunk experience a plus)
- Knowledge of common OT/ICS communication protocols, control systems used in electric generation, transmission, and distribution environments.
- Windows and Linux architectures, administration, and hardening
- Thorough understanding of the TCP/IP network stack, including common protocols and network topologies
- Network traffic analysis and packet capture tools (Wireshark, Bro/Zeek, etc)
- IDS/IPS technologies
- Enterprise antimalware/Endpoint Detection & Response (EDR) platforms
- Microsoft Azure/M365 architectures and security features
- Incident response and forensic analysis tools and procedures
- Vulnerability management and mitigation concepts
- Programming or scripting experience (PowerShell, Python, etc)
Industry security certifications are beneficial but not required. Examples of relevant certifications include CISSP, SANS/GIAC (GSEC, GICSP, GRID, GCIP, GMON, GCIA, GCFA, etc), Security+, CCNA/CCNP Security.
SRP
Arizona United States
www.srpnet.com
