OT/ICS Incident Response Analyst - Travel-Ready

Cyber Incident Response Analyst with OT/ICS/SCADA / travel & active TS job at Peraton. Arlington, VA. Program Overview About The Role Peraton is currently seeking an experienced Incident Response Analyst with OT/ICS/SCADA experience for its Federal Strategic Cyber program in Arlington, VA. Location: On-site role in Arlington, VA. Ideal candidates need to be amenable to travel - approximately 40%. In this role, you will: Respond to cybersecurity incidents for ICS/OT/IT environments and provide recommendations to affected entities to prevent the reoccurrence of these incidents within a variety of critical infrastructure sectors. Apply specific functional knowledge to resolve cybersecurity incidents and perform proactive threat hunts. Develop or contribute to solutions to a variety of problems of moderate scope and complexity. Be involved with highly technical operations and forensic analysis and serve as consultants, continuously advising client decision makers. Provide industry experience and expertise for one or multiple critical infrastructure sectors/sub-sectors, including but not limited to Water, Power, Critical Manufacturing, and Transportation Follow pre-defined procedures to respond to and escalate incidents. Provide expertise to define procedures for response to customer cyber security incidents in the industrial control system environment. Apply traditional incident response and threat hunting tradecraft to industrial control system/critical infrastructure environments—with a deep understanding of the nuance and constraints of industrial environments. Seamlessly work alongside a team of host, network, and cloud forensic analysts to meet the mission requirements for both incident response and threat hunting engagements. Maintain accurate records of incident response activities and findings. Prepare and deliver incident reports to management and stakeholders. Need to be comfortable working in a team environment and collaborating to meet mission goals. Keep current with latest security trends and news to continually improve hunt and incident response operations. Be a Self-starter with strong attention to detail and critical thinking ability. Have a strong customer service orientation with excellent written and oral communication skills. The ability to self-teach and self-test new tools and methodologies, and to problem-solve independently. There is an onsite requirement for minimum one day (1) week, with up to 3 days depending on situational requirements. Estimated 40% travel. If you are passionate about safeguarding critical infrastructure and have the expertise to respond to cyber incidents in ICS and SCADA environments, we encourage you to apply for this challenging and rewarding position.

#CISA

Qualifications Required: LU Bachelor’s degree and 5 years of relevant experience. Master’s degree and 3 years’ experience. PhD and 1 years’ experience. A minimum of 9 years will be considered in lieu of degree. 1-2 years of Threat Hunting or DFIR experience directly supporting Critical Infrastructure (CI) / Industrial Control System (ICS) environments. Experience with security site assessments and scoping - including but not limited to the analysis of network security architecture, baseline ports, protocols, and services, and characterize network assets. Experience using a SIEM tool for pattern identification, anomaly detection, and trend analysis. Experience analyzing a variety of industrial control systems network protocols, including but not limited to: ModBus, ENIP/CIP, BACnet, DNP3, etc.. Experience with the common open source and commercial tools used in security event analysis, incident response, computer forensics, malware analysis, or other areas of security operations. Experience with collection and detection tools, including OSS/COTS host-based and network-based tools. U.S. citizenship required. An Active Top Secret Security Clearance required. Must be able to obtain a TS/SCI for continued employment. Must be able to obtain and maintain a favorably adjudicated DHS background investigation for continued employment. Desired: Certifications: GISCP, GCFA, GNFA, GRID, and any OT Sensor certifications 2 years of Threat Hunting or Digital Forensics & Incident Response (DFIR) experience preferred. Experience on DoD Cyber Protection Teams, a plus. Experience performing digital forensics and analysis on a variety of vendor/OEM equipment—including but not limited to laptop/desktops, PLC’s, HMI’s, Historians, and related SCADA systems. Experience with SIEM (Splunk) —threat hunting, analytic development, dashboards, and reporting. Familiarity with regulatory standards and frameworks relevant to critical infrastructure (e.g., NIST, IEC 62443). Ability to automate simple/repeatable but critical tasks. Scripting in Python, Bash, PowerShell, and/or JavaScript. SCA / Union / Intern Rate or Range Details Target Salary Range: $86,000 - $138,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Benefits Statement: Peraton offers eligible employees a variety of benefits including medical, dental, vision, life, health savings account, short/long term disability, EAP, parental leave, 401(k), paid time off (PTO) for vacation, and company paid holidays. A full listing of available benefits can be viewed at Application Duration Statement: The application period for the job is estimated to be 30 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates. EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law. #J-18808-Ljbffr Peraton