Incident Response Analyst

Responsibilities, authorities and accountabilities

In this role, you will:

• Lead technical aspects of digital security incident detection and response, focusing on very unstructured incidents and high-risk events.
• Specialize in network-centric analysis (NSM), host-centric analysis (live response, digital forensics), malware analysis, and/or log-centric analysis (SIEM)
• Perform daily response operations with a schedule that may involve nontraditional working hours - act as escalation points for Event Triage Analysts
• Mentor and train Event Analysts as required.
• The best candidates for the role work well with other people and have strong verbal and written communication skills, a sense of diplomacy, and decision making skills to handle the often fast-paced role of an incident handler

Required Qualifications

• Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math). A minimum 4 years of professional experience in STEM related degree, Political Science/Government/International Affairs.

Desired Characteristics

Technical Expertise:

• The best candidates for the role work well with other people and have strong verbal and written communication skills, a sense of diplomacy, and decision making skills to handle the often fast-paced role of an incident handler
• Strong verbal and written communication skills
• Detailed understanding of APT, Cyber Crime and other associated tactics
• Strong track record of understanding and interest in recognized IT and OT security-related standards and technologies, demonstrated through training, job experience and/or industry
• Knowledge of and/or working on Baker Hughes OT products
• Professional experience with Cyber Security, Operations Security, Product Security, Industrial Control Systems (ICS), Information Assurance, and Information Technology
• Experience with host based detection and prevention suites (Microsoft Defender, OSSEC, Yara, MIR, CarbonBlack, Tanium, etc.)
• Experience with host-centric tools for forensic collection and analysis (Microsoft Defender, SleuthKit, Volatility Framework, FTK, Encase, etc.)
• Experience with Network Forensics and/or Network Security Monitoring (NSM) tools (Snort, Bro-IDS, PCAP, tcpdump, etc.) and analysis techniques (alert, flow/session and PCAP analysis)
• Experience with malware and reverse engineering (Dynamic and static analysis)
• Strong IT infrastructure background including familiarity with the following:
• Networking (TCP/IP, UDP, Routing)
• Applications (HTTP, SMTP, DNS, FTP, SSH, etc.)
• Encryption (DES, AES, RSA) and hashing algorithms (MD5, SHA-1, etc.)
• System/Application vulnerabilities and exploitation
• Operating systems (Windows, *Nix, and Mac)
• Cloud technology (SaaS, IaaS, PaaS) and associated digital forensics and incident response techniques
• CISSP, CISM or related SANs certifications preferred
• Active US government security clearance
• Working knowledge of secure communication methods, including Secure Shell, S/MIME and PGP/GPG