Please contact email@example.com OR call at 973-348-9445
Job Title: Security ICS Analyst
Location: NYC, NY
Duration: 12 Months
No of Positions: 1
OT Incident Response Preparedness
This position will interface with various Client -IT (Information Technology) and Agency operational technology (OT) departments to organize and conduct workshops with key managers, team members, stakeholders, and technical leaders within the organization to layout step by step process for incident response plan as it relates to cyber security and ICS/SCADA OT systems. These workshops will review existing Client -IT and OT incident response plans, technologies deployed and log sources in place to detect, analyze, and respond to various types of breaches.
The candidate will Provide procedures and recommendations on necessary steps to keep these documents up to date:
1. Identify and document all critical assets in OT environment
2. Layout dependencies of various systems and components in OT and IT environments.
3. Identify and document critical data sources for logging and monitoring various use cases.
4. Setup meetings with various IT and OT departments to identify and document interdependencies and key stakeholders.
5. Document step by step incident response plan from OT and IT prospective.
6. Metrics for measuring response and restoration capability and capacity of OT systems
7. Assess backup and restoration capabilities for OT systems and provide recommendations for improvement
8. Assess patching and vulnerability remediation capabilities for OT systems and provide recommendations for improvement
9. Where applicable, determine scope and capabilities of vendors/third parties when not managed in-house.
10. Document IR plan roles contact and gaps of all third party vendors supporting ICS/SCADA systems.
11. Proper containment, remediation and recovery procedures for OT technology (software and hardware) deployment.
OT Incident Response Plan and Playbook Development
The candidate will work to develop custom deliverables specific to the Client OT environment. The Client's existing IT IR Plan could be leveraged to develop a specific OT IR Plan, with Playbooks and proper OT containment, remediation and recovery procedures. Playbooks to be developed will include but are not limited to the following US-CERT Categories:
1. Playbook 1: CAT 1 – Unauthorized Access / Accounts compromised
2. Playbook 2: CAT 2 –DOS
3. Playbook 3: CAT 3 – Ransomware
4. Playbook 4: CAT 4 – Improper Usage (USB Infections, Policy Violations, Equipment Theft or Loss)
5. Playbook 5: CAT 5 – Scans / Probes / Attempted Access / CVE Exploits / SQL Injections / Protocol Abuse
As part of IR Plan and playbook development, the candidate will identify existing processes and controls associated with investigation and remediation of OT security incidents and adapt and customize the playbook(s) to be in-line with technology, staffing and skillset level as well as industry best practices. The candidate will also develop the process for maintaining the incident playbook(s).
The following desired knowledge, skills, and abilities are required for this position.
Excellent organizational, decision making and communications skills.
Excellent knowledge of cyber security and ICS-SCADA operations with a solid understanding of the technology used within the transportation industry. Good to excellent attention to detail.
Excellent creative problem-solving abilities coupled with a desire to take on responsibility.
Strong team player and people skills with the ability to engage and motivate fellow staff members to drive results.
Ability to handle multiple tasks in a fast-paced environment and prioritize highly varied work in order to maintain required productivity levels.
Ability to communicate technical info and ideas so others will understand.
Ability to make appropriate decisions considering the relative costs and benefits of potential actions.
Ability to apply varying team player traits that create solutions and results to unexpected situations.
Ability to assist and motivate less experienced team members to achieve our goals.
1075 Easton Ave, Tower 1 Ste 4 Somerset, NJ, 08873