ICS Incident Response Analyst

GrammaTech is a provider of software solutions and software research development and engineering services solving some of the worlds most complex security problems.

GrammaTech is looking for an Incident Response Analystto work onsite at customer locations.

Location: Arlington VA. Hybrid Role available to be on-site as needed.

Important: Candidates must be a US citizen with ability to obtain a TS SCI and must be willing to work onsite as required.

• Respond to cybersecurity incidents for ICS/OT/IT environments and provide recommendations to affected entities to prevent the reoccurrence of these incidents within a variety of critical infrastructure sectors.
• Apply traditional incident response and threat hunting tradecraft to industrial control system/critical infrastructure environments.
• Participate in highly technical operations and forensic analysis.
• Provide industry experience and expertise in sectors such as: Water Power and Transportation.
• Work in a team environment to meet the mission requirements for both incident response and threat hunting engagements.
• Maintain accurate records of incident response activities and findings.
• Prepare and deliver incident reports to management and stakeholders.
• Keep current with latest security trends and news to continually improve hunt and incident response operations.

Required

• Bachelors degree and 8 years related technical experience or Masters degree and minimum of 6 years experience or PhD and 3 years experience. 12 years of experience may be substituted in lieu of degree.
• 1-2 years of Threat Hunting or DFIR experience directly supporting Critical Infrastructure (CI) / Industrial Control System (ICS) environments.
• Python Bash PowerShell and/or JavaScript scripting experience.
• Experience examining malicious applications on operating systems such as Linux Mac Windows IOS Android and IOT network devices.
• Experience conducting security site assessments and scoping.
• Experience with a variety of the following tools: Ida-Pro Ollydbg X64dbg Scyllax64 Objdump Readelf Ghidra Process Explorer CFF Explorer Wireshark Fiddler Regshot Process Monitor and Process Hacker.
• Experience with the common open source and commercial tools used in security event analysis and other areas of security operations.
• Prior experience using a SIEM tool for pattern identification anomaly detection and trend analysis.
• Prior experience analyzing a variety of industrial control systems network protocols including but not limited to: ModBus ENIP/CIP BACnet DNP3.
• US citizenship with ability to obtain TS SCI.
• Able to obtain and maintain a favorably adjudicated DHS background investigation (EOD).

Preferred:

• Active Top Secret Security Clearance

The base salary range for this position is $161000 to $200000 per year. This range is based on the Companys good faith estimate at the time of posting. Actual salary will take into consideration various factors such as role level experience expertise and education.

We offer a generous benefits package that include medical dental vision short- and long term disability benefits life insurance and a 401(k) plan with company contribution. The total rewards package includes paid holiday and PTO and may include merit increases and incentive compensation plans.

About the Company

Innovation is at the heart of GrammaTech and we are constantly pushing the boundaries of software research and development - from software assurance and cybersecurity to software synthesis and maintenance. We develop new technologies and see the results of our research incorporated into tools used by engineers and security professionals worldwide.

GrammaTech was founded in 1988 with the firmly grounded purpose of helping todays organizations develop tomorrows software. With a focus on the evolving cybersecurity landscape software hardening and intelligent systems we tackle the most challenging software issues through a constant stream of highly innovative research and commercial development.

GrammaTech Inc. is an Equal Opportunity/Disability/Veterans employer