Job Description
This position will be a part of the Industrial Cyber-Security team and will participate in delivering and developing cyber security services for a wide range of industrial global customers. The position will have a direct reporting relationship to the Global Security Operation Center Manager and Incident Response Lead and work as part of a global managed services team. The position requires very good cyber security knowledge, excellent analytical skills and proficient handling of specific tools such as SIEMs and Security Orchestration, Automation and Response platforms. A successful candidate would be able to evaluate security incidents and determine true positives situations within an environment and provide context enrichment service before escalation to Level 3 Cyber Security Incident Response team as needed.
Responsibilities
- Monitors SIEM, trouble tickets / email notifications and in-person escalations, logs from ICS infrastructure components ( SCADA, HMI, PLC, RTU, Control Servers), applications or network devices such as switches, firewalls, IDS/IPS;
- Design, implement, test Security Orchestration, Automation and Response processes and procedures;
- SOAR playbook development and troubleshoot automation capabilities;
- Examine the escalated tickets to determine if they are true positive or false positives.
- Performs malware analysis, threat hunting and threat modeling activities;
- Assist forensic investigation by providing reports and other information;
- Reviews and suggests improvements to control deployment process and installation procedures
- Develops and documents remediation recommendations for business owners to improve the control environment in which a security incident occurs. Recommendations must be easily understood by non-technical staff;
- Provide recommendations and direction on the tuning of signatures, rules, alerts, parsers, and custom scripts within the monitoring solutions;
- Participates in root cause analysis and helps with the orchestration of remediation;
- Understand defense in depth strategies and apply those to Client's environment;
- Creates and disseminates security related notifications for internal staff (for example: trends, developments, changes in capabilities);
- Acts as L2 Escalation layer in the SOC.
- Mentors Level 1 SOC Analysts;
- Creates manuals, guides and knowledge base entries;
- Keep abreast of latest security and privacy legislation, emerging threats, regulations, advisories, alerts, and vulnerabilities pertaining to HCE OT IR SOC and its customers;
- Remains knowledgeable of our current solution portfolio and the technical specificities of our offerings.
Qualifications
- Bachelor's degree in a computer related field such as Computer Science, Computer information systems or electronics;
- Minimum of 3 years experience in cyber security SOC industry;
- Minimum of 5 years experience in Information Technology;
- Strong diagnostic and analytical skills including problem solving, trouble shooting, management of priorities and self-direction to resolve complex issues;
- Effective written and verbal skill to enable strong communication capabilities;
- Information Technology certifications: ITIL Foundations;
- Security Certifications: CCNA, CompTIA Security+, GCIH, or other similar certifications ;
- Experience to automate tasks and integrate systems with Python;
- Experience with SPLUNK or CHRONICLE SIEM platforms and logging solutions.
- Other Nice to Have Skills & Certifications
- GCFA or CEH or other similar certifications;
- Understand Advanced SOAR methodology;
- Understand ICS communication protocols such as Modbus, Profibus, DNP3, S7comm and others.
About Us
Honeywell helps organizations solve the world's most complex challenges in automation, the future of aviation and energy transition. As a trusted partner, we provide actionable solutions and innovation through our Aerospace Technologies, Building Automation, Energy and Sustainability Solutions, and Industrial Automation business segments – powered by our Honeywell Forge software – that help make the world smarter, safer and more sustainable.
