Threat Hunter/Cyber Data Analyst – Industrial Control Systems

CRI Advantage, Inc.
CRI Advantage, Inc.

Job Overview

CRI Advantage is looking for a Remote Cyber Data Analyst to work with a small internal team in a Cyber Security Operations Technology Environment analyzing data, securing critical systems, and using SIEM tools in an effort for overall data integrity and oversight. Skillsets include Splunk, Docker, Ansible, SIEM, Gravwell, Linux, MITRE ICS (Industrial Control Systems), ELK and VM. The client is federal government involving national security, candidates must be s. Clearances from DOE and DoD, DHS maintained for the work. The work is remote. Below are some of the responsibilities Searching and assisting in standing up Gravwell Creating Gravwell Dashboards and efficient searches for specific data with Operation Technologies data Assisting in architecture of a Splunk instance Automation of Ubuntu 18.04 administration using Ansible Automation of UNX servers using Ansible Creating multiple Ansible automation playbooks in order to create individual user profile pertaining to the Security Policy Assisting in building a Docker container for the CATT gateway in the DOE Cloud Setting up multiple sandbox VMs for testing new tools Ingesting 7TB worth of OT data within a Splunk instance Configuring and standing up of Splunk UFs Configuring and standing up standalone Splunk Indexers Configuring and standing up Splunk Searchhead and Splunk Deployment Server Importing premade Splunk application into the new Splunk instance Writing OT Data Analysis Technical Report Hunting TTPs within the ICS Environment Assisting in presentation of the Data Analysis of Utility data Providing background and research on the difference between the ICS and Enterprise MITRE matrices Providing maintenance and troubleshooting issues within the environment Providing research of Software and Threat groups that have been identified on the MITRE ICS matrix Assisting weaker team members during Analysis to help them ask a good question to the data and provided input to better their reports. Training team members in how to work around the environment along with briefing them in the current implemented Security tools Assisting in helping form the Security Policy within the environment Participating in Splunk conferences Participating in the DHS BIRTHIRT training Assisting in providing input on how to better optimize our current plan of analyzing OT data and ingestion within our SIEM solutions Requirements Candidates should possess a majority of the following or possess similar skill sets to those listed SIEM, Splunk, VM, MITRE, Industrial Control Systems (ICS), and ELK. , preference provide for those with active clearances.

View More
Job Detail
Shortlist Never pay anyone for job application test or interview.