Listing Description
The ideal candidates will have an open mind, bring a fresh perspective to the SOC team and be passionate about protecting, defending and responding to information security related events.
Why Bechtel SOC?
Use of bleeding edge tools, and analysis techniques
Opportunity to work with some of the best-in-the-industry Incident Response personnel
Great learning environment; continued learning is encouraged and supported
As an Incident Response Analyst you will assist the team responsible for situational security awareness by pulling together information from a variety of systems and normalizing and correlating the information. The team provides real-time (or near real-time) detection and reaction services for information security incidents within the Bechtel enterprise.
Must be a US Citizen.
Security Operations Center (SOC) personnel duties include but are not limited to:
Provide detection and response to security events and incidents within the Bechtel Enterprise Network
Thorough investigation of security alerts generated by our detection mechanisms (IDS, user reported, custom alerts, etc.)
Utilize industry standard network and host forensic tools in order to fully understand the scope of an incident
Work the full ticket lifecycle; handle every step of the alert, from detection to remediation
Handle user reported cases of potential phishing, and spear phishing campaigns
Research, and analyze wide variety of commodity and APT based malware and techniques
Search our existing infrastructure for signs of malware, and malicious events not detected by our existing security controls
Help develop, implement, and maintain SOC policies, processes and procedures
Incident Response Analysts will be working with enterprise forensic capable systems, log analysis systems, and network collection systems to facilitate response to incidents on a global scale. You will work with industry respected malware, network and Incident Response analysts to coordinate a best in class response to computer related incidents.Basic Qualifications:
For Level 1:
At least 3 months of experience with at least two of the following:
Network traffic tools, techniques and analysis
Host forensics tools, techniques and analysis
Malware reverse engineering tools, techniques and analysis
IDS & IPS technologies, both signature and behavior based
Windows event log analysis
Level 2:
At least one year of Scripting/Coding experience in Python, C, or JavaScript
At least one year of experience of Host Forensics, Malware Reverse Engineering, or Network Forensics
Bachelor’s degree in Information Security, Computer Science, Information Technology or a related degree
Required Skills:
Passion for all things Information Technology and Information Security
Natural curiosity and ability to learn new skills quickly
Strong analytical, documentation, and communication skills
Experience with trouble ticketing and change management tools
Must be able to computer
Preferred Skills:
SANS Certifications, ideally GCIH, GCFE, GREM, GCFA
Knowledge of Regular Expressions
Experience with SIEM (Security Information Event Management) tools such as ArcSight or Splunk
Listing Details
- Citizenship: Us Citizen
- Incentives: Not Provided
- Education: No Requirements
- Travel: No Travel
- Telework: No Telecommute