Currently hiring an experienced Incident Response Analyst with OT/ICS/SCADA experience for its' Federal Strategic Cyber program in Arlington, VA. (Ideal candidate needs to be amenable to travel, approximately 40%) In this role, you will: + Respond to cybersecurity incidents for ICS/OT/IT environments and provide recommendations to affected entities to prevent the reoccurrence of these incidents within a variety of critical infrastructure sectors. + Apply specific functional knowledge to resolve cybersecurity incidents and perform proactive threat hunts. Develop or contribute to solutions to a variety of problems of moderate scope and complexity. + Be involved with highly technical operations and forensic analysis and serve as consultants, continuously advising client decision makers. + Provide industry experience and expertise for one or multiple critical infrastructure sectors/sub-sectors, including but not limited to Water, Power, Critical Manufacturing, and Transportation + Follow pre-defined procedures to respond to and escalate incidents. + Provide expertise to define procedures for response to customer cyber security incident in the industrial control system environment. + Apply traditional incident response and threat hunting tradecraft to industrial control system/critical infrastructure environments—with a deep understanding of the nuance and constraints of industrial environments. + Seamlessly work alongside a team of host, network, and cloud forensic analysts to meet the mission requirements for both incident response and threat hunting engagements. + Maintain accurate records of incident response activities and findings. + Prepare and deliver incident reports to management and stakeholders. + Need to be comfortable working in a team environment and collaborating to meet mission goals. + Keep current with latest security trends and news to continually improve hunt and incident response operations. + Be a Self-starter with strong attention to detail and critical thinking ability. + Have a strong customer-service orientation with excellent written and oral communication skills. + The ability to self-teach and self-test new tools and methodologies, and to problem-solve independently. Requirements Required Experience: + Bachelors degree and 5 years of relevant experince. (An additional 4 years will be considered in lieu of degree.) + 4 years of Threat Hunting or Digital Forensics & Incident Response (DFIR) experience. + 2 years of Threat Hunting or DFIR experience directly supporting Critical Infrastructure (CI) / Industrial Control System (ICS) environments. + Experience with security site assessments and scoping—including but not limited to the analysis of network security architecture, baseline ports, protocols, and services, and characterize network assets. + Scripting in Python, Bash, PowerShell, and/or JavaScript. + Experience using a SIEM tool for pattern identification, anomaly detection, and trend analysis. + Experience analyzing a variety of industrial control systems network protocols, including but not limited to: ModBus, ENIP/CIP, BACnet, DNP3, etc.. + Experience with the common open source and commercial tools used in security event analysis, incident response, computer forensics, malware analysis, or other areas of security operations. + Experience with collection and detection tools, including OSS/COTS host-based and network-based tools. + U.S. citizenship and an Active Top Secret Security Clearance required. + In addition, selected candidate must be able to obtain and maintain a favorably adjudicated DHS background investigation for continued employment. + Desired: + Certifications: GISCP and either GFCA or GNFA. + Experience on DoD Cyber Protection Teams, a plus. + Experience performing digital forensics and analysis on a variety of vendor/OEM equipment—including but not limited to laptop/desktops, PLC’s, HMI’s, Historians, and related SCADA systems. + Experience with SIEM (Splunk) —threat hunting, analytic development, dashboards, and reporting. + Familiarity with regulatory standards and frameworks relevant to critical infrastructure (e.g., NIST, IEC 62443). + Ability to automate simple/repeatable but critical tasks. Benefits + Healthcare, Vision, and Dental Insurance + 20 Days of Paid Time Off + 11 Observed Federal Holidays + Military Leave + 401K Matching + Training/Certification Reimbursement + Short term/Long term disability + Parental/Maternity Leave + Life Insurance STEMBoard is committed to hiring and retaining a diverse workforce. All qualified candidates will receive consideration for employment without regard to disability, protected veteran status, race, color, religious creed, national origin, citizenship, marital status, sex, sexual orientation/gender identity, age, or genetic information. Selected applicant will be subject to a background investigation. STEMBoard is an Equal Opportunity/Affirmative Action employer.