Responsibilities, authorities and accountabilities
in this role, you will:
* lead technical aspects of digital security incident detection and response, focusing on very unstructured incidents and high-risk events.
* specialize in network-centric analysis (nsm), host-centric analysis (live response, digital forensics), malware analysis, and/or log-centric analysis (siem)
* perform daily response operations with a schedule that may involve nontraditional working hours - act as escalation points for event triage analysts
* mentor and train event analysts as required.
* the best candidates for the role work well with other people and have strong verbal and written communication skills, a sense of diplomacy, and decision making skills to handle the often fast-paced role of an incident handler
required qualifications
* bachelor's degree in computer science or "stem" majors (science, technology, engineering and math). A minimum 4 years of professional experience in stem related degree, political science/government/international affairs.
desired characteristics
technical expertise:
* the best candidates for the role work well with other people and have strong verbal and written communication skills, a sense of diplomacy, and decision making skills to handle the often fast-paced role of an incident handler
* strong verbal and written communication skills
* detailed understanding of apt, cyber crime and other associated tactics
* strong track record of understanding and interest in recognized it and ot security-related standards and technologies, demonstrated through training, job experience and/or industry
* knowledge of and/or working on baker hughes ot products
* professional experience with cyber security, operations security, product security, industrial control systems (ics), information assurance, and information technology
* experience with host based detection and prevention suites (microsoft defender, ossec, yara, mir, carbonblack, tanium, etc.)
* experience with host-centric tools for forensic collection and analysis (microsoft defender, sleuthkit, volatility framework, ftk, encase, etc.)
* experience with network forensics and/or network security monitoring (nsm) tools (snort, bro-ids, pcap, tcpdump, etc.) and analysis techniques (alert, flow/session and pcap analysis)
* experience with malware and reverse engineering (dynamic and static analysis)
* strong it infrastructure background including familiarity with the following:
* networking (tcp/ip, udp, routing)
* applications (http, smtp, dns, ftp, ssh, etc.)
* encryption (des, aes, rsa) and hashing algorithms (md5, sha-1, etc.)
* system/application vulnerabilities and exploitation
* operating systems (windows, *nix, and mac)
* cloud technology (saas, iaas, paas) and associated digital forensics and incident response techniques
* cissp, cism or related sans certifications preferred
* active us government security clearance
* working knowledge of secure communication methods, including secure shell, s/mime and pgp/gpg