Current jobs related to Journeyman Cybersecurity Analyst - Oxnard - Clark Creative Solutions

We are seeking a Building Automations Analyst (Journeyman)

Clearance: Secret

Location: Pt. Hueneme, Ventura County

Schedule: Onsite in Pt. Hueneme, with flexibility based on mission support requirements

LCAT Level: Journeyman IT Analyst

Position Description

The Defensive Cyber team is responsible for the analysis of all technology devices which may include Operational Technology (OT) and Industrial Control Systems (ICS) within enterprise. This includes analytical analysis of device communication, investigation of systems and servers, timeline analysis of activity on these endpoints, user permission and authentication audits, log analysis, configuration implementation and malware identification/triage.

An ideal candidate for this position will be a proactive self-starter who would possess a high school diploma or GED and have at least five years of experience in installing, troubleshooting, or commissioning building automation controllers or mechanical systems. They should have exposure to control software development or maintenance and be proficient in reading and interpreting control diagrams as well as mechanical and electrical drawings. Excellent verbal and written communication skills are essential. The role requires a willingness to travel and has a desire to learn new Information Technology (IT) skills that are note typical in a traditional building automation role and may include cyber security standards, cyber defense tools, cyber analytics and analysis.

Responsibilities for this position include:

• engineering support, investigating building automation systems and communications, configuring and programming controllers, acting as a technical resource, providing training on energy management solutions and products, conducting system surveys, preparing technical documentation, and troubleshooting issues related to control software and diagnosing controls, electrical, and mechanical systems with a focus on cyber security.
• Support SOC team in operating and performing duties in a Security Operations Center (SOC) to provide a secure environment that facilitates incident response and threat hunting activities.
• Manage data from the security information and event management (SIEM) platform to monitor for security alerts and coordinate vulnerability assessments and artifact collection across servers and network devices
• Provide subject matter expertise in the installation, commissioning, and troubleshooting of building automation systems; contribute to technical training and documentation with the cyber team; and deliver tier 2 technical support for internal and external users of the platform
• Evaluate network structures and device configurations for security risks, offering recommendations based on best practices, and gather data to identify and respond to network intrusions
• Analyze network traffic and system logs to identify malicious activities, vulnerabilities exploited, and methods used, and develop processes to enhance SOC response and efficiency
• Conduct comprehensive technical analyses of computer evidence, research and integrate security tools into the SOC, and synthesize findings into reports for both technical and non-technical audiences

Qualifications

• At least 3-5 years of experience (Journeyman) in Building automation services and tools. Demonstrating ability to troubleshoot complex configurations and preforming system analysis
• Proficient and experience with installing, troubleshooting, or commissioning building automation controllers or mechanical systems
• Applied knowledge of network topologies, protocols (e.g., TCP/IP, ICMP, HTTP/S, DNS, SSH, SMTP, SMB), and understands or willing to learn tools like Palo Alto, Elastic SIEM, Cribl, Splunk, VMware, Security Center, log collectors
• Exposure to control software development or control software maintenance
• Capable of troubleshooting issues, including identifying bugs in control software and diagnosing controls, electrical, and mechanical systems

Desired Skill sets

• Knowledge of Operational Technology (OT) or Industrial Control Systems (ICS)
• Strong analytical and troubleshooting skills
• Able to provide expert content development in Splunk Enterprise Security using tstats and data models
• Understands how to utilize knowledge of latest threats and attack vectors to develop correlation rules for continuous monitoring on various security appliances
• Experience in other tools and communication languages as applicable such as Bacnet, MODBus, SCADA systems, PPCL and PCAP
• Review logs to determine if relevant data is present to accelerate against data models to work with existing use cases
• Knowledge of engineering fundamentals, HVAC, mechanical, and electrical systems

Certifications at an equivalent and relevant topic may be considered.