Overview & ResponsibilitiesOVERVIEW
This role is responsible for leading the overall development and implementation of General Mills' cyber security detection and response procedures and technologies for plant floor systems and ensuring the Cyber Security Incident Response Team (CSIRT) is prepared to perform investigations safely, efficiently and effectively on plant floor systems. As part of the Detection and Response team, this role develops plant-floor focused detective controls, executes threat hunts, and handles incidents escalated from CSIRT. RESPONSIBILITIES
- Develop & document process and procedures for responding to plant floor cybersecurity incidents and train others on the process
- Create detection rules using existing technology to detect cybersecurity incidents in the plant floor environment
- Develop methodology for threat hunting in the plant floor environment
- Partner across Cyber Security & Controls Engineering to implement changes and tools to improve our ability to detect incidents
- Handle escalations of cybersecurity incidents in the plant floor environment
- Work with others in the detection and response team to improve our ability to detect and respond to cybersecurity incidents
- Build and test detective controls
- Participate in monthly threat hunts
- Assist with support tools for detection and response
- On-call, once a month, for escalations from CSIRT
- Maintain existing and develops new contacts within the candidate's professional network of cyber security peers and leading security consultants/vendors.
- Continuously develops knowledge of evolving best practices through peer benchmarking, industry events/associations, and educational opportunities.
- Leverages partnership and relationships to benchmark existing and proposed cyber security solutions.
- Associates Degree
- 5 years in a related field (e.g. ICS, Cybersecurity, IT)
- Background in incident response processes and tools to detect, analyze, respond and contain cyber security threats quickly and correctly.
- Familiarity with Unix and Windows operating systems and administrative tools
- Knowledge in tools and techniques used by attackers to gain unauthorized access to systems.
- Prior experience with information security and associated technologies, including boundary protection (e.g. firewalls, proxies, IDS/IPS), endpoint protection, remote access, and security information and event management.
- Demonstrated success working closely with leaders, including influencing without direct authority.
- Demonstrated ability to get things done both independently and in a collaborative, team-oriented environment.
- Able to independently drive structure out of ambiguity, connect dots across disparate insights, and structure synthesized output.
- Bachelors Degree
- Hands-on experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, Human Machine Interfaces (HMIs) and industrial networking devices
- Well-versed in various control frameworks, including: IEC62443, NERC CIP, NIST
- Fundamental understanding of IT and OT network communication protocols (For example: TCP/IP, Ethernet/IP, CIP, Modbus, OPC, OPC UA, PROFINET, etc.)
- Experience in forensic techniques used to analyze threats (including malware), to extract key indicators of attack and compromise.
- Experience with automating and scripting processes.