Operational Technology Cyber Security Analyst at SRP Tempe, AZ

Operational Technology Cyber Security Analyst job pe, AZ.

Requisition : 18887

The Cyber Security Analyst will work in SRP's Security Operations Center (SOC) which is responsible for detection, response, and remediation of cyber security events across the enterprise. The Analyst will respond to security events, participate in incident response activities, and support tools used by the SOC team. This role will focus on SRP's Operational Technology environments and ensuring adequate monitoring and security controls are deployed to support detection and response objectives.

Applicants should have excellent analytical, communication, and problem-solving skills.

• Identify, triage, and respond to cyber security events in SRP's operational technology (OT) environments
• Analyze data from multiple sources and tools to discover anomalous and adversarial behavior
• Maintain awareness of current threat landscape utilizing threat intelligence from government and industry partners, as well as information security community resources
• Develop alerts, reports, and dashboards within the SIEM to facilitate detection and triage
• Create playbooks and procedures to support detection and response scenarios
• Advise and support implementation of security controls and new defensive capabilities
• Provide technical and NERC/CIP compliance support for OT monitoring systems
• Develop thorough understanding of relationship between IT/OT environments, business value of OT systems, and potential attack vectors in OT environments
• Interface with OT technology/security support staff on other teams, foster relationships, and develop processes for monitoring and response
• Participate in department on-call rotation to respond to after-hours events

Ideal candidates should have 2+ years of experience in an Operation Technology focused role, Security Operations Center or cyber security incident response role, or 3 to 5 years of Information Technology and/or Info Sec experience.

The applicant should have a moderate to strong understanding of two or more of the areas listed below and have at least basic knowledge across most areas.

• SIEM technologies (Splunk experience a plus)
• Knowledge of common OT/ICS communication protocols, control systems, and architectures used in electric generation, transmission, and distribution environments
• Windows and Linux architectures, administration, and hardening
• Thorough understanding of the TCP/IP network stack, including common protocols and network topologies
• Network traffic analysis and packet capture tools (Wireshark, Bro/Zeek, etc)
• Internal Network Security Monitoring technologies for OT (Dragos, Ember
  
  OT, Nozomi, Claroty, etc or experience using Elastic Search)
• IDS/IPS technologies
• Enterprise antimalware/Endpoint Detection & Response (EDR) platforms
• Microsoft Azure/M365 architectures and security features
• Incident response and forensic analysis tools and procedures
• Vulnerability management and mitigation concepts
• Programming or scripting experience (Power Shell, Python, etc)

We are targeting an Associate to Journey level candidate:

• For a Level 1 (Associate), a minimum of no previous years of experience to two years related experience is required (if no degree, four-six years of relevant experience or equivalent combination of education and related experience totaling four-six years).
• For a Level 2 (Journey), a minimum of two years of experience to four years related experience is required (if no degree, six-eight years of relevant experience or equivalent combination of education and related experience totaling six-eight years).
• Computer Information Systems, Computer Science, Cyber Security or degree in a similar technical discipline is preferred.
• Industry security certifications are beneficial but not required. Examples of relevant certifications include CISSP, SANS/GIAC (GSEC, GICSP, GRID, GCIP, GMON, GCIA, GCFA, etc), Security+, CCNA/CCNP Security.

A bachelor’s degree related to the assignment from an accredited institution is preferred.

SRP currently offers a hybrid workplace, which allows employees whose jobs can be performed remotely, and who have sufficient technical capability, to telework up to three days per week. Although teleworking is available, all employees must live and work in Arizona.

To promote the safety and well-being of our employees, customers, and the communities we serve, SRP is committed to maintaining a drug/alcohol free work environment. Although marijuana may now be legal in Arizona, except as otherwise specified under Arizona law, SRP considers it to be an illegal drug for the purpose of our drug/alcohol policy because marijuana remains illegal at the federal level.

Any candidate found to be impaired during the hiring process or who has the presence of an illegal drug or unauthorized substance in their system during the pre-employment drug/alcohol test may be disqualified from further consideration in the hiring…