It Security Analyst (Ics/Scada)

Details:

• Will need to travel to Travis Airforce base once a month to maintain compliance
• Understanding compliance requirements specifically NIST framework
• Replace an existing employee who is retiring in September. This person can start asap
• Understanding AD, how to go about doing monthly patching. They have an external firm who does the patching so good if they have the understanding.
• Need this person to be well versed in OT environment (What is operational technology (OT)? | Tenable®)
• Security clearance is nice to have
• Be able to work with people from various backgrounds
• Carbon black, they use for vulnerability scanning.
• Doesn’t have to be a Sr. open to mid level as well.

Summary

• This position is located in San Jose, California, and will require some travel.
• The SeniorIT Security Analyst plays a pivotal role in securing and protecting the Company’s Industrial Control Systems (ICS) and corporate network that are responsible for providing drinking water to approximately two million customers. This position is part of the I.T. Security and Compliance team and will work closely with the Network Architecture and Engineering teams to ensure the proper detective, incident response, and recovery controls are in place to protect the Company’s infrastructures. In addition, the position will act as the project manager and/or technical lead on initiatives related tosoftware/hardware implementation, security audit, training, and policy/procedure definition for the OT environment.

Essential Job Functions:

• Define logging aggregation, alerting, patching, backup, and restoration capabilities for Industrial Control Systems (ICS) network.
• Research emerging ICS technologies and SCADA protocols.
• Analyze 0 days and new security threats to SCADA and ICS.
• Define requirements, implement and maintain National Institute of Standards and Technology (NIST) compliance for Industrial Control Systems.
• Participate in the security incident response team through all remediation and recovery phases.
• Own the Defense Acquisition Regulation Supplement (DFARS) compliance efforts to support DoD entities
• Performs threat hunting, triaging, and reporting information security events.
• Participate in the annual tabletop exercise.
• Implement and manage Carbon Black Protect (CbP) and vulnerability management programs in the OT environment.
• Performs other similar duties as assigned
• Performs information security policy review for third-party/vendor relationships as it relates to the OT environment and monitors the service level agreements per agreed-upon terms.
• Provide system to project-level technical and administrative oversight for the system design, engineering, prototyping, and installation for systems in the SCADA environment.
• Capture network traces from exploits for testing IPS and IDS security effectiveness.

Minimum Qualifications:

• Strong understanding of enterprise, network, system, and application-level security principles
• Ability to project manage and can successfully complete projects from inception to closure
• Bachelor’s degree in Computer Science or equivalent relevant experience
• Global Industrial Cyber Security Professional (GICSP) or Certified SCADA Security Architect (CSSA) certification is highly desirable
• Working knowledge of NIST, ISO 27002, and/or other security frameworks
• Solid written and verbal communication skills
• Excellent troubleshooting skill
• Valid California Driver’s License
• At least 5 years of work experience with Industrial Control Systems in relation to utility practices for operational technologies and service delivery.