Deloitte Jobs

The Cyber Analyst team member is responsible for the analysis of all technology devices which will include Operational Technology (OT) and Industrial Control Systems (ICS) with-in enterprise. This includes analytical analysis of device communication, forensic analysis of Windows or Linux systems and servers, timeline analysis of activity on these endpoints, user permission and authentication audits, log analysis, and malware identification/triage. As journeyman the role may also encompasses the development and engineering of legacy, current, or emerging solutions. An ideal candidate for this position will be a proactive worker who has experience not only with system or network administration, but also with the nuances of OT, ICS and Building Automation Services (BAS). Proficiency in Windows and Linux operating systems (OS) mechanics and filesystem structures, disk and memory forensics, and commonly abused tools/vectors for persistence, privilege escalation, and lateral movement are crucial. In the context of OT and ICS, understanding operating system log analysis and triaging suspicious file artifacts for unusual behavior with a good understanding on how controls systems manage and operate infrastructure supporting functions like water, power, energy, manufacturing, and other critical services. This role requires a familiarity with what routine OS activities and common software/user behavior look like in the context of forensic artifacts or timelines, particularly in OT and ICS environments. Analysts should also be familiar with common categories and formats of host-based indicators of compromise (IOCs) and how/where they can be leveraged to identify known-bad files/activity on an endpoint. This includes understanding the specific challenges and threats associated with OT and ICS systems. The candidate will utilize the Cyber Kill Chain to synthesize the entire attack life cycle, including potential impacts on OT and ICS systems. They should be capable of creating detailed reports on how impacts may or have occurred, especially in relation to OT and ICS, as well as proposing preventive measures for these specific

Work you'll do

• The selected candidate will have several responsibilities from day to day drawn from a wide array of activities and experience working in the following areas:

• Validating and verifying system security requirements and establishing system security designs for systems, major system elements, and interfacing systems that are part of a network environment with geographically distributed components.

• Identifying and implementing appropriate information security architectures and functionality to ensure uniform application of security policy and enterprise solutions.

• Recommending and developing technical solutions, products, and standards based on current and desired system security architecture.

• Communicating with Program Managers and POCs from customer organizations when necessary, regarding Security issues of significant importance.

• Analyzing and assessing system implementation against multiple security compliance policies and recommending and implementing enhancements

• Administration of multiple systems of different architectures (Windows, Linux, Mac, etc)

• Supporting risk assessment, risk management, security control assessment, continuous monitoring, service design, and other Information Assurance (IA) program support functions.

  Qualifications

Required:

• Must have an active Secret Clearance to be considered

• Bachelor's Degree in IT/Cybersecurity related field

• At least 3 years, (Junior level) applicable 1 to 2 years of experience in security operations or industrial control automation/management and demonstrating analytical duties and preforming host or network security analysis

• Support SOC team in operating and preforming duties in a Security Operations Center (SOC) to provide a secure environment that facilitates incident response and threat hunting activities.

• Build and create a test bed of Operational Technology (OT) Industrial Control Systems (ICS)

• Engineer future solutions, network enhancements, and system infrastructures

• Manage the SIEM platform to monitor for security alerts and coordinate vulnerability assessments and artifact collection across servers and network devices

• Evaluate network structures and device configurations for security risks, offering recommendations based on best practices, and gather data to identify and respond to network intrusions

• Analyze network traffic and system logs to identify malicious activities, vulnerabilities exploited, and methods used, and develop processes to enhance SOC response and efficiency

• Conduct comprehensive technical analyses of computer evidence, research and integrate new security tools into the SOC, and synthesize findings into reports for both technical and non-technical audiences

  Preferred:

• Knowledge of Operational Technology (OT) or Industrial Control Systems (ICS) are a plus

• Strong analytical and troubleshooting skills

• Able to provide expert content development in Splunk Enterprise Security using tstats and data models

• Understands how to utilize knowledge of latest threats and attack vectors to develop correlation rules for continuous monitoring on various security appliances

• Experience in other tools and communication languages as applicable such as Nessus, Endgame, CrowdStrike, Gray Noise, Shodan, Bacnet, MODBus, SCADA systems, and PCAP

• Review logs to determine if relevant data is present to accelerate against data models to work with existing use cases

• Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), or relevant IT technology certification

• Examples of other certifications include:

• CERT Certified Computer Security Incident Handler,

• ECC CEH (Electronic Commerce Council Certified Ethical Hacker)

• GCIH (GIAC Certified Incident Handler)

• GISF (GIAC Information Security Fundamentals)

• CISSP (Certified Information System Security Professional)

• Additional certifications at an equivalent may also be considered.

  The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $97,875 to $163,125 .

You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.

Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.