Glen Allen, Van Buren Township
The Staff Incident Responder will be part of a dynamic, growing team, planning, preparing, hunting for, and responding to cyber incidents stemming from internal and external threat actors. Demonstration of leadership abilities in a large corporate environment as well as a strong comprehension of malware, emerging threats and calculating risk will be critical to success. Finally, this role requires the ability to work with minimal direction from Incident Response and company leadership.
· Lead technical aspects of digital security incident detection and response, focusing on very unstructured incidents and high-risk events.
· Specialize in network-centric analysis (NSM), host-centric analysis (live response, digital forensics), malware analysis, and/or log-centric analysis (SIEM).
· Perform daily response operations with a schedule that may involve nontraditional working hours - act as an escalation point for Incident Responders.
· Write signatures, tune systems/tools, and develop scripts and correlation rules.
· Mentor and train Incident Responders as required.
· The best candidates for the role work well with other people and have strong verbal and written communication skills, a sense of diplomacy, and decision making skills to handle the often fast-paced role of an incident handler
· 4 year degree in Computer Science or a related technical degree, or equivalent IT experience
· Minimum of 6 years of total IT experience
· 1+ years of experience detecting and responding to cyber intrusions
· Legal authorization to work in the US is required. GE may agree to sponsor an individual for an employment visa now or in the future if there is a shortage of individuals with particular skills.
· The best candidates for the role work well with other people and have strong verbal and written communication skills, a sense of diplomacy, and decision making skills to handle the often fast-paced role of an incident responder
· Detailed understanding of APT, Cyber Crime and other associated tactics including the Cyber Kill Chain and ATT&CK Framework
· Experience with host based detection and prevention suites (CrowdStike Falcon, McAfee EPO, OSSEC, CarbonBlack, Tanium, etc.)
· Experience with host-centric tools for forensic collection and analysis (SleuthKit, Volatility Framework, FTK, Encase, etc.)
· Experience with Network Forensics and/or Network Security Monitoring (NSM) tools (Suricata, Bro-IDS, PCAP, tcpdump, etc.) and analysis techniques (alert, flow/session and PCAP analysis)
· Experience with software development, scripting and related technologies preferred (Python, PowerShell, git, etc.)
· Experience with malware and reverse engineering (Dynamic and static analysis)
· Strong IT infrastructure background including familiarity with the following:
· Networking (TCP/IP, UDP, Routing)
· Applications (HTTP, SMTP, DNS, FTP, SSH, etc.)
· Encryption (DES, AES, RSA) and hashing algorithms (MD5, SHA-1, etc.)
· System/Application vulnerabilities and exploitation
· Operating systems (Windows, *Nix, and Mac)
· Familiarity with Cloud technology (SaaS, IaaS, PaaS)
· CISSP, SANs or other technical certifications preferred
· Active US government security clearance
GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is anEqual Opportunity Employer . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
Additional Eligibility Qualifications
GE will only employ those who are legally authorized to work in the United States for this opening.