IT- Cyber Security Threat Analyst - 9615
- Bachelors in Computer Science, or related discipline, or equivalent experience
- Certified Information Systems Security Professional (CISSP) certification
- Experience in Information Technology (IT),
- 6yrs Extensive experience in analyzing network packet capture data using tools such as Wireshark
- Experience performing computer forensics and memory analysis using industry standard and open source tools
Desirable: Prior experience working in a 24x7 security operations center
Keywords and experience in candidates resumes:
- Prior SEIM experience
- Security event and information management system, log aggregation and event notification
- Network packet analysis(PCAP analysis)
- Analyzing network packet for malicious / suspicious activity Wireshark experience and WCNA( a plus)
- Open source network packet analysis tool , WCNA - wireshark certificate.
- Endpoint forensics – Ability to perform full investigation / forensics of endpoint / end user machine as a result of a security alert.
- Memory analysis – Ability to analyze physical memory collected from computer using open source or paid application
- Good analytical skills – ability to analyze and think out of the box when working a security event
- Experience with IBM QRadar a plus – IBM QRadar is the SEIM PG&E has deployed and is using.
- Good networking knowledge – Good knowledge of TCP / IP protocols, ability to differentiate various layers in networking.
- Any GIAC certifications a plus – These are SANS( industry well known security course provider) certs such as GMON, GSEC, GCIH etc.
- Tools( experience with the below tools will be a huge plus, at least one of these are need to have)- IBM QRadar SEIM Encase – Forensics analysis tool ProofPoint IDS / IPS Palo Alto Firewalls Open source security tools such as Suricata, SANS SIFT workstation, Open source forensics tools – Volatility etc.
- Acts as a subject matter expert in area of field.
- Leads moderately to complex projects which may be cross functional.
- Analyzes complex malware/exploits through forensics, observation of network traffic and using other tools and resources to determine if systems are vulnerable.
- Leads development of framework for implementing tools and processes to improve quality and timeliness of reports.
- Expert in area of field and applies extensive knowledge of concepts, principles, and practices.
- Codes complex tasks that integrate systems, produce reports or provide output that can be leveraged by other team members or systems.
- Performs proficient forensic analysis using security tools and monitoring systems to discover the source of anomalous security events.
- Assists in performing basic research internally and externally.
- Performs complex system administration tasks (e.g. customization, cross-tool integration) for security tools.
- Develops a strategy to implement work in department.
PLEASE NOTE: Our client manager is looking for good process documentation skill / experience. NERC access is required for this position. No in-person interview needed.