Cyber Security Analyst
Business Unit: Information Technology
Requisition Number: 226592
Primary Location: United States-Illinois-Buffalo Grove
Assignment Category: Full-time regular
Experience Level: Mid level
Education Required Level: Associate's Degree / College Diploma
Travel Required: 5%
Siemens is a global technology powerhouse that has stood for engineering excellence, innovation, quality, reliability and internationally for more than 165 years. As a global technology company, Siemens is rigorously leveraging the advantages that this setup provides. To tap business opportunities in both new and established markets, the Company is organized in nine Divisions: Power and Gas, Wind Power and Renewables, Energy Management, Building Technologies, Mobility, Digital Factory, Process Industries and Drives, Healthineers and Financial Services.
Our support functions are split into two organizations, Corporate Core and Corporate Services. These organizations provide essential services to better enable responsible and profitable growth.
For more information, please visit: http://www.siemens.com/businesses/us/en/
The Cyber Security Analyst will be part of the Cyber Defense Center for the Americas (CDC), which is tasked with the primary mission to detect, analyze, investigate, and defend against sophisticated digital attacks.
In this position, the Cyber Security Analyst will report to the Head of the Cyber Defense Center for the Americas and be part of the Threat Detection and Analysis team. The Cyber Security Analyst will work alongside peers and actively contribute to alert triage, investigations, and provide input to different approaches to threat detection and response.
The analyst will be expected to contribute to the following activities:
• Correlate actionable security events from various log sources which either feed or supplement the Security Information and Event Management (SIEM) solution
• Review threat data from various sources, and develop custom signatures for open source Intrusion Detection Systems (IDS) or other custom detection capabilities
• Perform network traffic analysis
• Employ advanced forensic tools
• Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats
• May conduct malware analysis of attacker tools providing indicators for enterprise defensive measures, and reverse engineer attacker encoding protocols
• Interface with remote team members located across the globe
Required Knowledge/Skills, Education, and Experience:
• Associate degree in a Computer Science/Engineering or Information Technology related field required, Bachelor’s degree preferred
• 5+ years of successful work experience in IT technologies including networking, operating systems, or a related field
• Knowledge of networking protocols (such as TCP, UDP, DNS, FTP, SMTP, DHCP, etc.)
• Knowledge of Windows operating system functionality (file system structure, registry keys, scheduled tasks, processes, services, memory management, data storage, etc.)
• Capable of learning new concepts and processes quickly, and adapting to a constantly changing environment
• Ability to apply advanced skill set to resolve complex problems
• Excellent analytical and critical thinking skills
• Excellent interpersonal and communication skills (verbal & written)
• Team player
• Required Travel: <10%
Preferred Knowledge/Skills, Education, and Experience:
The following knowledge/skills, education, and experiences are preferred but NOT required to be considered for this position:
• Experience managing an investigation; understanding the methodologies for investigative triage, case/investigation definition, etc.
• Application of common Cyber Security concepts including Intrusion Detection Systems, Host Intrusion Prevention Systems, and Anti-Virus Solutions
• Understanding of the Windows File System structure, and ability to recover deleted files, search hidden files, and access registry keys
• Knowledge of Operational Security (OpSec) principles for cyber operations with an emerging understanding of the relationships between the cyber domain disciplines
• Ability and experience capturing and analyzing volatile (in-memory) data
• Experience with network signature development with tools such as SNORT, NetFLOW, WireShark, tcpdump or related tools
• Experience with central log collection, indexes, searching and analysis
• Ability to interpret logs in the context of security events/intrusions and make accurate conclusions
Qualified Applicants must be legally authorized for employment in the Unites States. Qualified Applicants will not require employer sponsored work authorization now or in the future for employment in the United States.