WHY HONEYWELL?
Honeywell changes the way the world works.
For more than 130 years, weve solved the toughest customer challenges through a rare combination of our industrial expertise and our innovations in groundbreaking software and technology, and industry-leading automation.
This perfection is built on a foundation of inclusion, diversity and driving a performance culture that values integrity and ethics.
Are you ready to help us make the future?
Thisposition will be a part of the Industrial Cyber-Security team and willparticipate in delivering and developing cyber security services for a widerange of industrial global customers. The position will have a direct reportingrelationship to the Global Security Operation Center Manager and IncidentResponse Lead and work as part of a global managed services team. The position requiresvery good cyber security knowledge, excellent analytical skills and proficienthandling of specific tools such as SIEMs and Security Orchestration, Automationand Response platforms. A successful candidate would be able to evaluatesecurity incidents and determine true positives situations within anenvironment and provide context enrichment service before escalation to Level 3Cyber Security Incident Response team as needed.
Monitors SIEM, trouble tickets / email notifications and in-person escalations, logs from ICS infrastructure components (SCADA, HMI, PLC, RTU, Control Servers), applications or network devices such as switches, firewalls, IDS/IPS;
Design, implement, test Security Orchestration, Automation and Response processes and procedures;
SOAR playbook development and troubleshoot automation capabilities;
Examine the escalated tickets to determine if they are true positive or false positives.
Performs malware analysis, threat hunting and threat modeling activities;
Assist forensic investigation by providing reports and other information;
Reviews and suggests improvements to control deployment process and installation procedures
Develops and documents remediation recommendations for business owners to improve the control environment in which a security incident occurs.Recommendations must be easily understood by non-technical staff;
Provide recommendations and direction on the tuning of signatures, rules, alerts, parsers, and custom scripts within the monitoring solutions;
Participates in root cause analysis and helps with the orchestration of remediation;
Understand defense in depth strategies and apply those to Clients environment;
Creates and disseminates security related notifications for internal staff (for example: trends, developments, changes in capabilities);
Acts as L2 Escalation layer in the SOC.
Mentors Level 1 SOC Analysts;
Creates manuals, guides and knowledge base entries;
Keep abreast of latest security and privacy legislation, emerging threats, regulations, advisories, alerts, and vulnerabilities pertaining to HCE OT IR SOC and its customers;
U.S. PERSON REQUIREMENTS
Due to compliance with U.S. export control laws and regulations, candidate must be a U.S. Person, which is defined as, a U.S. citizen, a U.S. permanent resident, or have protected status in the U.S. under asylum or refugee status.
YOU MUST HAVE:
Bachelors degree in a computer related field such as Computer Science, Computer information systems or electronics;
Minimum of 2 years experience in cyber security industry;
Minimum of 5 years experience in Information Technology;
Strong diagnostic and analytical skills including problem solving, trouble shooting, management of priorities and self-direction to resolve complex issues;
Effective written and verbal skill to enable strong communication capabilities;
Information Technology certifications: ITIL Foundations;
Security Certifications: CCNA, CompTIA Security+, GCIH, or other similar certifications;
Experience to automate tasks and integrate systems with Python;
Experience with SIEM platforms and logging solutions.
WE VALUE:
GCFA or CEH or other similar certifications;
Understand Advanced SOAR methodology;
Understand ICS communication protocols such as Modbus, Profibus, DNP3, S7comm and others.
