Expert Incident Response Analyst

Requisition ID # 79382 

Job Category : Information Technology 

Job Level : Individual Contributor

Business Unit: Information Technology

Job Location : Concord

Department Summary

The Cybersecurity function is led by PG&E’s Senior VP and Chief Information Officer and is responsible for cybersecurity and risk management across the organization.

The Security Intelligence and Operations Center (SIOC) is responsible for ensuring that PG&E proactively identifies and assesses threats to its user and operational network and data, monitors its network for malicious activity, investigates intrusions and other relevant events, and has a sophisticated and detailed understanding of the evolving threat landscape.

Position Summary

This is a challenging and fast passed position in PG&E’s Security Intelligence and Operations Center (SIOC) which is responsible for detecting, analyzing and responding to any suspicious cyber security activity across PG&E's business and operational networks. The SIOC is a critical team within PG&E’s broader Information Security team.

Job Responsibilities

• Utilizes digital forensic tools including Guidance EnCase to execute digital investigations and perform incident response activities
• Conduct investigations of computer-based events and other security issues
• Establishes links between suspects and other violators by piecing together evidence uncovered from a variety of sources
• Establishes and maintains defensible evidentiary process for all investigations
• Uses & maximizes relevant investigative tools, software and hardware
• Experience with / daily use of EDR
• Familiarity with cloud service providers (AWS) and associated security tools desired
• Collection and examination of images of various platforms/devices (including Windows, Mac, mobile devices)
• Coordinates with IT to leverage skills and resources in support of investigations
• Advances the practice and science of information security investigation
• Perform hunting for malicious activity across the network and digital assets
• Respond to computer security incidents and conduct threat analysis
• Conducts analysis using a variety of tools and data sets to identify indicators of malicious activity on the network
• Perform detailed investigation and response activities for potential security incidents
• Provide accurate and priority driven analysis on cyber activity/threats
• Perform payload analysis of packets
• Perform dynamic analysis on suspected malware samples
• Recommends implementation of countermeasures or mitigating controls
• Ensures all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment
• Collaborates with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity
• Develop innovative monitoring and detection solutions using PG&E tools and other skillsets such as scripting
• Mentor junior staff in cybersecurity techniques and processes
• Resolve or coordinate the resolution of cyber security events
• Maintain incident logs with relevant activity
• Document investigation results, ensuring relevant details are passed to senior analysts and stakeholders
• Participate in root cause analysis or lessons learned sessions
• Write technical articles for knowledge sharing
• Establish and maintain excellent working relationships/partnerships with the cyber security and infrastructure support teams throughout the Information Technology organization, as well as business units

Qualifications

Minimum:

• High school diploma or equivalent
• 6 years of related IT work experience to include information security working within incident response/forensics or equivalent functions within Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) experience

Desired:

• Bachelor’s degree in Cybersecurity, Intelligence, or a related field or equivalent work experience; or a combination of education, training, and relevant work experience.
• Formal IT Security/Network Certification such as WCNA, CompTIA Security , Cisco CCNA, SANS GCIH, GMON, or other relevant Cyber Security certifications
• Utility Industry experience
• SANS GIAC Certified Forensic Analyst (GCFA) or SANS GIAC Certified Forensic Examiner (GCFE) or SANS GIAC Reverse Engineering Malware (GREM) or related Degree
• Experience with scripting in Perl/Python/Ruby/PowerShell
• Experience with both desktop-based and server-based forensics
• Malware reverse engineering skills

Knowledge, Skills, and Abilities/Technical Competencies:

• Previous experience with a variety of cyber investigation tools
• Strong technical skills including malware analysis, memory forensics, live response techniques, registry analysis, scripting, and other relevant technical security skills such as memory forensics
• Experience investigating and mitigating APT style attacks
• Strong case management and forensic procedural skills- Intelligence driven defense utilizing the Cyber Kill Chain
• Deep knowledge of log, network, and system forensic investigation techniques
• Deep knowledge of diverse operating systems, networking protocols, and systems administration
• Deep knowledge of commercial forensic tools – working knowledge of Axiom preferred
• Deep knowledge of common indicators of compromise and of methods for detecting these incidents
• Deep knowledge of IT core infrastructure and cyber security components/devices
• Deep knowledge of TCP/IP Networking and knowledge of the OSI model
• Significant experience performing analysis of log files from a variety of sources, to include individual host logs, network traffic logs, firewall logs, or intrusion prevention logs
• Excellent problem solving, critical thinking, and analytical skills - ability to de-construct problems
• Strong customer service skills and decision-making skills
• Significant experience with packet analysis (Wireshark) and malware analysis preferred
• Working knowledge of PG&E infrastructure preferred
• IBM QRadar experience preferred