Expert Incident Response Analyst
Concord, CA, US, 94518
Full Time Senior-level / Expert USD 136K - 232K
Pacific Gas and Electric Company
Pacific Gas and Electric Company (PG&E) provides natural gas and electric service to residential and business customers in northern and central California.Requisition ID # 157239
Job Category: Information Technology
Job Level: Individual Contributor
Business Unit: Information Technology
Work Type: Hybrid
Job Location: Concord
Department Overview
The Cybersecurity function is led by PG&E’s Senior VP and Chief Information Officer and is responsible for cybersecurity and risk management across the organization.
The Security Intelligence and Operations Center (SIOC) is responsible for ensuring that PG&E proactively identifies and assesses threats to its user and operational network and data, monitors its network for malicious activity, investigates intrusions and other relevant events, and has a sophisticated and detailed understanding of the evolving threat landscape.
Position Summary
The Expert Incident Response Analyst will be curious and knowledgeable regarding cyber security standards and technologies, specifically focused on infrastructure within an industrial control system (ICS) environment, able to work independently or with appropriate stakeholders as needed. You will provide the opportunity to focus on threat identification, proactive threat hunting, incident response, and cyber threat intelligence fusion. You will be part of a highly collaborative, dynamic, responsive, and agile team providing incident response and cyber defense services to IT & OT infrastructure.
You will primarily be responsible for system-based defense to support forensic analysis of compromised devices, endpoint log analysis, development, delivery, and enforcement of response and remediation activities across the organization. You will also be responsible for development of advanced mitigations to ensure defensive resiliency. Daily activities will include collection and analysis of potentially compromised systems, malware analysis, root cause analysis, and remediation efforts. In this role, you will work multi-functionally in a diverse teaming environment with various internal points of contacts and handoffs.
The role is hybrid and is expected to be in-person at least one day per week in the SIOC in Concord, CA.
PG&E is providing the salary range that the company in good faith believes it might pay for this position at the time of the job posting. This compensation range is specific to the locality of the job. The actual salary paid to an individual will be based on multiple factors, including, but not limited to, specific skills, education, licenses or certifications, experience, market value, geographic location, and internal equity. Although we estimate the successful candidate hired into this role will be placed between the entry point and the middle of the range, the decision will be made on a case-by-case basis related to these factors. This job is also eligible to participate in PG&E’s discretionary incentive compensation programs.
A reasonable salary range is:
Bay Area Minimum: $136,000
Bay Area Maximum: $232,000
Job Responsibilities
- Maintain knowledge of adversary activities, including intrusion tactics, attack techniques and operational procedures.
- Investigate and respond to potential cybersecurity incidents
- Analysis of security event logs from a variety of sources
- Forensic analysis of potential evidence
- Static and dynamic malware analysis
- Network packet capture analysis
- Lead incident response efforts, coordinating resources as needed
- Documentation of analysis, including summarization for executive review
- Perform proactive threat hunting
- Work cross-functionally to recommend, facilitate, and test security control improvements
- Create and refine security operations workflows for new and existing tools
- Provide guidance to junior analysts
- Share on-call responsibility outside of business hours, onsite and remote
Qualifications
Minimum:
- High School or GED-General Educational Development-GED Diploma
- 6 years’ experience in IT-Information Technology security, including working in Security Operations Centers
Desired:
- Bachelor’s Degree in Computer Science or job-related discipline or equivalent experience
- Previous experience supporting cyber defense analysis of Operational Technology (OT) Networks, including Integrated Controls Systems (ICS), SCADA, and Process Control Networks (PCN).
- Formal IT Security/Network Certification, such as WCNA, CompTIA Security +, Cisco CCNA, GIAC GCIH, GMON, GCFA, GCFE, GREM, GICSP, GRID, or other relevant certifications
- Utility Industry experience
- Experience with compliance standards: NERC-CIP, SOX, TSA
- Previous experience working with various SIEM, EDR, and digital forensic technologies
- Experience with scripting in Python, PowerShell
- Malware reverse engineering skills
Tags: Agile Compliance CompTIA Computer Science Cyber defense EDR GCFA GCFE GCIH GIAC GICSP GREM ICS Incident response Industrial Log analysis Malware PowerShell Python Reverse engineering Risk management SCADA Scripting SIEM SOX Threat intelligence
Perks/benefits: Equity Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Security Consultant jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open DoD-related jobs