IR / SOC Analyst - Oshkosh Corp United States Bookmark Share Print 704 1 2

Listing Description

Oshkosh Corporation owns significant assets in the form of information. Some of these assets lose substantial value if they are improperly disclosed, and similar disclosure of other assets could result in significant harm to the organization. This role will support the Global Information Security (InfoSec) Office Mission by working with the business as a trusted advisor to reduce information security risk to acceptable levels. Specifically. by acting as the organization’s mechanism to appropriately identify, select, maintain, and improve security controls by using risk based approach.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

·         Participate in the Security Incident Response Team (SIRT). Help SIRT to employ strategy, standards, processes and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence or re-occurrence by using risk-based triage.

·         Serve as a security resource in network or application design, operating systems, endpoint protection, mobile devices, and foundational InfoSec technical controls. Maintain and roadmap InfoSec hosted systems (e.g. SIEM, DLP) and drive continuous improvements.

·         Work with other functional area analysts ensuring InfoSec solutions are in place throughout all IT systems to mitigate identified risks sufficiently, while meeting business objectives and regulatory requirements. Help project teams comply with InfoSec policies, industry regulations, and best practices.

·         Ensure that business and technical requirements are aligned to policy and are implemented within regulatory and contractual compliance. Advocate for cyber risk mitigation during planning sessions and implementation of new services.

·         Maintain awareness of all aspects of information security and compliance, including PCI, SOX, and HIPAA requirements for information systems and industry best practices; such as, NIST 800-53, 800-171.

·         Participate in, as required, forensic investigations/analysis, including collaboration with governmental agencies, as needed.

MINIMUM QUALIFICATIONS:

·         Bachelor’s degree in Information Systems or equivalent.

·         Two (2) or more years of Information Security experience.

·         Experience with Network protocols (TCP/IP), network apps and services, sniffers, DLP, and understanding network security issues.

·         Experience with Host/System security issues including identifying, analyzing and mitigating security vulnerabilities and weaknesses (malicious code, implementation flaws, hardening, etc.).

·         Familiarity with identifying intruder techniques (new vulnerability, attack vectors, exploits, etc.).

·         Familiarity with Intrusion Detection/Prevention Systems, SIEM, and other InfoSec systems.

PREFERRED QUALIFICATIONS: 

·         Relevant industry recognized certifications (CISSP, CEH, GIAC, Security+, etc.)