Organization: Corporate Technology
Business Unit: Cybersecurity
Requisition Number: 246853
Primary Location: United States-Ohio-Milford
Assignment Category: Full-time regular
Experience Level: Entry level
Education Required Level: Associate's Degree / College Diploma
Travel Required: 5%
Siemens is a global technology powerhouse that has stood for engineering excellence, innovation, quality, reliability and internationally for more than 165 years. As a global technology company, Siemens is rigorously leveraging the advantages that this setup provides. To tap business opportunities in both new and established markets, the Company is organized in seven Divisions: Power and Gas, Power Generation Services, Energy Management, Building Technologies, Digital Factory, Process Industries and Drives, and Financial Services.
Our support functions are split into two organizations, Corporate Core and Corporate Services. These organizations provide essential services to better enable responsible and profitable growth.
For more information, please visit: http://www.siemens.com/us/en/home/company/about/businesses.html
The Cyber Security Analyst will be part of the Cyber Defense Center for the Americas (CDC), which is tasked with the primary mission to detect, analyze, investigate, and defend against sophisticated digital attacks.
In this position, you will report to the Head of the Cyber Defense Center for the Americas and be part of the Threat Detection and Analysis team. You will work alongside peers and actively contribute to alert triage, investigations, and provide input to different approaches to threat detection and response.
You will be expected to contribute to the following activities:
• Correlate actionable security events from various log sources which either feed or supplement the Security Information and Event Management (SIEM) solution
• Review threat data from various sources, and develop custom signatures for open source Intrusion Detection Systems (IDS) or other custom detection capabilities
• Perform network traffic analysis
• Employ advanced forensic tools
• Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats
• May conduct malware analysis of attacker tools providing indicators for enterprise defensive measures, and reverse engineer attacker encoding protocols
• Interface with remote team members located across the globe
Required Knowledge/Skills, Education, and Experience:
• Associate degree in a Computer Science/Engineering or Information Technology related field required or equivalent experience will be considered.
• 2+ years of successful work experience in IT technologies including networking, operating systems, or a related field
• Knowledge of networking protocols (such as TCP, UDP, DNS, FTP, SMTP, DHCP, etc.)
• Knowledge of Windows operating system functionality (file system structure, registry keys, scheduled tasks, processes, services, memory management, data storage, etc.)
• Capable of learning new concepts and processes quickly, and adapting to a constantly changing environment
• Ability to apply advanced skill set to resolve complex problems
• Excellent analytical and critical thinking skills
• Excellent interpersonal and communication skills (verbal & written)
• Team player
• Required Travel: <10% (domestic and international)
Preferred Knowledge/Skills, Education, and Experience:
The following knowledge/skills, education, and experiences are preferred but NOT required to be considered for this position:
• Preference will be given to those with experience in analyzing and/or reversing malware
• Experience managing an investigation; understanding the methodologies for investigative triage, case/investigation definition, etc.
• Application of common Cyber Security concepts including Intrusion Detection Systems, Host Intrusion Prevention Systems, and Anti-Virus Solutions
• Understanding of the Windows File System structure, and ability to recover deleted files, search hidden files, and access registry keys
• Knowledge of Operational Security (OpSec) principles for cyber operations with an emerging understanding of the relationships between the cyber domain disciplines
• Ability and experience capturing and analyzing volatile (in-memory) data
• Experience with network signature development with tools such as SNORT, NetFLOW, WireShark, tcpdump or related tools
• Experience with central log collection, indexes, searching and analysis
• Ability to interpret logs in the context of security events/intrusions and make accurate conclusions
Qualified Applicants must be legally authorized for employment in the Unites States. Qualified Applicants will not require employer sponsored work authorization now or in the future for employment in the United States.