Expert OT Cyber Incident Responder - Concord, United States - PG&E Corporation

    PG&E Corporation
    PG&E Corporation Concord, United States

    4 weeks ago

    Default job background
    Description

    Requisition ID# 157239Job Category:
    Information Technology

    Job Level:
    Individual Contributor

    Business Unit:
    Information Technology

    Work Type:
    Hybrid

    Job Location:

    Concord Department OverviewThe Cybersecurity function is led by PG&E's Senior VP and Chief Information Officer and is responsible for cybersecurity and risk management across the organization.

    The Security Intelligence and Operations Center (SIOC) is responsible for ensuring that PG&E proactively identifies and assesses threats to its user and operational network and data, monitors its network for malicious activity, investigates intrusions and other relevant events, and has a sophisticated and detailed understanding of the evolving threat landscape.

    Position SummaryThe Expert OT Cyber Incident Responder will be curious and knowledgeable regarding cyber security standards and technologies, specifically focused on infrastructure within an industrial control system (ICS) environment, able to work independently or with appropriate stakeholders as needed.

    You will provide the opportunity to focus on threat identification, proactive threat hunting, incident response, and cyber threat intelligence fusion.

    You will be part of a highly collaborative, dynamic, responsive, and agile team providing incident response and cyber defense services to IT & OT infrastructure.

    You will primarily be responsible for system-based defense to support forensic analysis of compromised devices, endpoint log analysis, development, delivery, and enforcement of response and remediation activities across the organization.

    You will also be responsible for development of advanced mitigations to ensure defensive resiliency. Daily activities will include collection and analysis of potentially compromised systems, malware analysis, root cause analysis, and remediation efforts.

    In this role, you will work multi-functionally in a diverse teaming environment with various internal points of contacts and handoffs.

    The role is hybrid and is expected to be in-person at least one day per week in the SIOC in Concord, CA.PG&E is providing the salary range that the company in good faith believes it might pay for this position at the time of thejob posting.

    This compensation range is specific to the locality of the job.

    The actual salary paid to an individual will bebased on multiple factors, including, but not limited to, specific skills, education, licenses or certifications, experience,market value, geographic location, and internal equity.

    Although we estimatethe successful candidate hiredinto this rolewill beplaced between the entry point and the middle of the range, the decisionwill be made on a case-by-casebasis related tothese factors.?This job is also eligible to participate inPG&E's discretionary incentive compensation programs.


    A reasonable salary range is:

    • Bay Area Minimum:
    $136,000

    Bay Area Maximum:
    $232,000Job ResponsibilitiesMaintain knowledge of adversary activities, including intrusion tactics, attack techniques and operational procedures.

    Investigate and respond to potential cybersecurity incidentsAnalysis of security event logs from a variety of sourcesForensic analysis of potential evidenceStatic and dynamic malware analysisNetwork packet capture analysisLead incident response efforts, coordinating resources as neededDocumentation of analysis, including summarization for executive reviewPerform proactive threat huntingWork cross-functionally to recommend, facilitate, and test security control improvementsCreate and refine security operations workflows for new and existing toolsProvide guidance to junior analystsShare on-call responsibility outside of business hours, onsite and remoteQualificationsMinimum:High School or GED-General Educational Development-GED Diploma6 years' experience in IT-Information Technology security, including working in Security Operations CentersDesired:Bachelor's Degree in Computer Science or job-related discipline or equivalent experiencePrevious experience supporting cyber defense analysis of Operational Technology (OT) Networks, including Integrated Controls Systems (ICS), SCADA, and Process Control Networks (PCN).

    Formal IT Security/Network Certification, such as WCNA, CompTIA Security +, Cisco CCNA, GIAC GCIH, GMON, GCFA, GCFE, GREM, GICSP, GRID, or other relevant certificationsUtility Industry experienceExperience with compliance standards:
    NERC-CIP, SOX, TSAPrevious experience working with various SIEM, EDR, and digital forensic technologiesExperience with scripting in Python, PowerShellMalware reverse engineering skills