General Electric Senior Cyber Investigator in Wilmington, North Carolina
Job Description Summary
The Senior Cyber Investigator will be responsible for identifying, tracking, and analyzing digital security threats and leverage response strategies as part of the operations leadership team across the network, endpoint, email, cloud, and identity areas, playing an integral role in defending against adversarial activity. The ideal candidate will work cross-functionally with analysts from different parts of the organization, and their analytic insights will be applied to make GE and its users more secure.
Roles and Responsibilities:
In this role, you will:
Specialize in network-centric analysis (NSM), host-centric analysis (live response, digital forensics), malware analysis, and log-centric analysis (SIEM)
Perform daily response operations on a schedule that may involve nontraditional working hours
Curate signatures, tune systems/tools, and develop scripts and correlation rules
Analyze host and network forensic artifacts and identify patterns and behaviors related to threat actors
Lead technical aspects of incident detection and response
Mentor and train incident responder and incident responder specialists
Build sustainable identification and investigative processes and workflows
Assist in the development and execution of the detection analytics capabilities within the insider threat program, including risk scoring models, thresholds, baselines, key indicators, and reporting
Execute risk-based analysis of insider events and report on potential threats & vulnerabilities
Possess proven knowledge of cyber adversary tactics, techniques, and procedures (TTPs)
Demonstrated ability to synthesize tactical information into strategic reporting
Perform daily response operations with a schedule that may involve occasional nontraditional working hours
Lead knowledge sharing initiatives with partner organizations in DFIR-focused spaces
Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math)
Minimum 5 years of related professional experience
Additional Eligibility Qualifications:
- GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable). This role is restricted to U.S. persons (i.e., U.S. citizens, permanent residents, and other protected individuals under the Immigration and Naturalization Act, 8 U.S.C. 1324b(a)(3)) due to access to export-controlled technology. GE will require proof of status prior to employment.
Working knowledge of various operating systems (Microsoft Windows, Linux, MacOS, Android, etc.)
Working knowledge of TCP/IP Protocols, Network analysis, Packet capture, Routing/Switching, Network segmentation, Network/System/Host level operating principals, and security controls.
Working knowledge of various relational database technologies (Microsoft SQL, MySQL, Oracle, etc.)
Working knowledge of various security methodologies, processes, and technical security solutions (e.g. Firewalls, Intrusion Detection/Prevention systems, Access Control Lists, Network Segmentation, SIEMs, Auditing/Logging and Identity & Access Management solutions, etc.)
Detail understanding of CND-based analytical models (Kill Chain, ATT&CK, Pyramid of Pain, etc.)
Understanding of APT, Cyber Crime and other associated tactics
Understanding of host forensics and network analysis techniques and tools
Understanding of malware and reverse engineering
·Understanding of vulnerabilities, vulnerability management, remediation, scoring / prioritization, and implementation techniques.
Experience responding to cyber security incidents
Experience in scripting languages such as Powershell, VBscript, Bash, Python, or Ruby
Experience using or supporting MacOS and Windows OS on end user workstations
Strong written, verbal, analytical and organizational skills, and the ability to speak confidently when dealing with internal constituents
General knowledge of cloud-based technologies and cloud security architecture basics.
Process oriented, capable of documenting guidelines, policies and procedures within work area
Ability to identify risks areas for potential data loss exposures
Experience in working with Agile methodologies
Working knowledge of data protection tools such as Digital Guardian, Symantec, Intel Security (McAfee), Websense, or Proofpoint
Working knowledge of database connectivity and data integration methods using Microsoft SQL, MySQL, HQL, KQL, and SplunkWorking knowledge of how authentication, authorization, and access management systems function.
Ability to clearly articulate technical concepts/issues to both technical and non-technical peers and management
Knowledge of recognized IT Security-related standards and technologies
·Strong interpersonal, analytical, organizational, written and verbal communication skills
Demonstrated ability to communicate in a team-based setting
Experience with logging and analytics applications such as Digital Guardian, Symantec, Splunk, RSA Archer, Exabeam, Securonix, Hadoop, or SOF-ELK
Experience in data modeling
CISSP, OSCP orNetwork+, Security+, CEH or related SANS, or vendor specific (e.g. CISCO, Microsoft, RedHat, AWS, etc.) certifications are a plus
Understanding of responding to threats in cloud platforms (AWS, Azure, Google, etc.)
Excellent verbal and written communication skills
Excellent organizational and analytical skills
Detail oriented with the ability to multi-task and prioritize efforts
This role is restricted to U.S. persons (i.e., U.S. citizens, permanent residents, and other protected individuals under the Immigration and Naturalization Act, 8 U.S.C. 1324b(a)(3)) due to access to export-controlled technology. GE will require proof of status prior to employment.
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer (https://assets.phenompeople.com/CareerConnectResources/GE11GLOBAL/en_global/desktop/assets/images/poster_screen_reader_optimized_w_supplement.pdf) . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).
Relocation Assistance Provided: No