Security Operations Center Cyber Analyst (Active Secret Clearance, Pt. Hueneme, CA)

Technology and Innovation | Technology Innovation

Los Angeles, California, United States

Back to search results
Back to search results

Position Summary

The Cyber Analyst team member is responsible for the analysis of all technology devices which will include Operational Technology (OT) and Industrial Control Systems (ICS) with-in enterprise. This includes analytical analysis of device communication, forensic analysis of Windows or Linux systems and servers, timeline analysis of activity on these endpoints, user permission and authentication audits, log analysis, and malware identification/triage. As journeyman the role may also encompasses the development and engineering of legacy, current, or emerging solutions.
An ideal candidate for this position will be a proactive worker who has experience not only with system or network administration, but also with the nuances of OT, ICS and Building Automation Services (BAS). Proficiency in Windows and Linux operating systems (OS) mechanics and filesystem structures, disk and memory forensics, and commonly abused tools/vectors for persistence, privilege escalation, and lateral movement are crucial. In the context of OT and ICS, understanding operating system log analysis and triaging suspicious file artifacts for unusual behavior with a good understanding on how controls systems manage and operate infrastructure supporting functions like water, power, energy, manufacturing, and other critical services.
This role requires a familiarity with what routine OS activities and common software/user behavior look like in the context of forensic artifacts or timelines, particularly in OT and ICS environments. Analysts should also be familiar with common categories and formats of host-based indicators of compromise (IOCs) and how/where they can be leveraged to identify known-bad files/activity on an endpoint. This includes understanding the specific challenges and threats associated with OT and ICS systems.
The candidate will utilize the Cyber Kill Chain to synthesize the entire attack life cycle, including potential impacts on OT and ICS systems. They should be capable of creating detailed reports on how impacts may or have occurred, especially in relation to OT and ICS, as well as proposing preventive measures for these specific

Work you’ll do 

  • The selected candidate will have several responsibilities from day to day drawn from a wide array of activities and experience working in the following areas:
    • Validating and verifying system security requirements and establishing system security designs for systems, major system elements, and interfacing systems that are part of a network environment with geographically distributed components.
    • Identifying and implementing appropriate information security architectures and functionality to ensure uniform application of security policy and enterprise solutions.
    • Recommending and developing technical solutions, products, and standards based on current and desired system security architecture.
    • Communicating with Program Managers and POCs from customer organizations when necessary, regarding Security issues of significant importance.
    • Analyzing and assessing system implementation against multiple security compliance policies and recommending and implementing enhancements
    • Administration of multiple systems of different architectures (Windows, Linux, Mac, etc)
    • Supporting risk assessment, risk management, security control assessment, continuous monitoring, service design, and other Information Assurance (IA) program support functions.

Qualifications

Required:

  • Must have an active Secret Clearance to be considered
  • Bachelor’s Degree in IT/Cybersecurity related field
  • At least 3 years, (Junior level) applicable 1 to 2 years of experience in security operations or industrial control automation/management and demonstrating analytical duties and preforming host or network security analysis
  • Support SOC team in operating and preforming duties in a Security Operations Center (SOC) to provide a secure environment that facilitates incident response and threat hunting activities.
  • Build and create a test bed of Operational Technology (OT) Industrial Control Systems (ICS)
  • Engineer future solutions, network enhancements, and system infrastructures
  • Manage the SIEM platform to monitor for security alerts and coordinate vulnerability assessments and artifact collection across servers and network devices
  • Evaluate network structures and device configurations for security risks, offering recommendations based on best practices, and gather data to identify and respond to network intrusions
  • Analyze network traffic and system logs to identify malicious activities, vulnerabilities exploited, and methods used, and develop processes to enhance SOC response and efficiency
  • Conduct comprehensive technical analyses of computer evidence, research and integrate new security tools into the SOC, and synthesize findings into reports for both technical and non-technical audiences
Preferred: 
  • Knowledge of Operational Technology (OT) or Industrial Control Systems (ICS) are a plus
  • Strong analytical and troubleshooting skills
  • Able to provide expert content development in Splunk Enterprise Security using tstats and data models
  • Understands how to utilize knowledge of latest threats and attack vectors to develop correlation rules for continuous monitoring on various security appliances
  • Experience in other tools and communication languages as applicable such as Nessus, Endgame, CrowdStrike, Gray Noise, Shodan, Bacnet, MODBus, SCADA systems, and PCAP
  • Review logs to determine if relevant data is present to accelerate against data models to work with existing use cases
  • Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), or relevant IT technology certification
  • Examples of other certifications include:
    • CERT Certified Computer Security Incident Handler,
    • ECC CEH (Electronic Commerce Council Certified Ethical Hacker)
    • GCIH (GIAC Certified Incident Handler)
    • GISF (GIAC Information Security Fundamentals)
    • CISSP (Certified Information System Security Professional)
    • Additional certifications at an equivalent may also be considered.

The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $97,875 to $163,125.

You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.

Information for applicants with a need for accommodation: https://www2.deloitte.com/us/en/pages/careers/articles/join-deloitte-assistance-for-disabled-applicants.html
Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.
Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Our people and culture

Our diverse, equitable, and inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our client most complex challenges. This makes Deloitte one of the most rewarding places to work. Learn more about our inclusive culture.
Our purpose

Deloitte’s purpose is to make an impact that matters for our clients, our people, and in our communities. We are creating trust and confidence in a more equitable society. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. We are focusing our collective efforts to advance sustainability, equity, and trust that come to life through our core commitments. Learn more about Deloitte's purpose, commitments, and impact.
Professional development

From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

As used in this posting, "Deloitte" means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance. See notices of various ban-the-box laws where available.

Requisition code: 205205

SCAM ALERT

Caution against fraudulent job offers!

We have been informed of instances where jobseekers are led to believe of fictitious job opportunities with Deloitte US (“Deloitte”). In one or more such cases, false promises of actual or potential selection, or initiation or completion of the recruitment formalities appear to have been or are being made. Some jobseekers appear to have been asked to pay money to specified bank accounts of individuals or entities as a condition of their selection for a ‘job’ with Deloitte. These individuals or entities are in no way connected with Deloitte and do not represent or otherwise act on behalf of Deloitte.

We would like to clarify that:

  • At Deloitte, ethics and integrity are fundamental and not negotiable.
  • We are against corruption and neither offer bribes nor accept them, nor induce or permit any other party to make or receive bribes on our behalf.
  • We have not authorized any party or person to collect any money from jobseekers in any form whatsoever for promises of getting jobs in Deloitte.
  • We consider candidates on merit and that we provide an equal opportunity to eligible applicants.
  • No one other than designated Deloitte personnel (e.g., a Deloitte recruiter or Deloitte hiring partner) is permitted to extend any job offer from Deloitte.

Anyone who at any time has made or makes any payment to any party in exchange for promises of job or selection for a job with Deloitte or any matter related to this (including those for ‘registration’, ‘verification’ or ‘security deposit’) or otherwise engages with any such person who has made or makes fraudulent promises or offers, does so (or has done so) entirely at their own risk. Deloitte takes no responsibility or liability for any such unauthorized or fraudulent actions or engagements. We encourage jobseekers to exercise caution.