Information Security Incident Analyst

GE (NYSE: GE) is the world’s Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. GE is organized around a global exchange of knowledge, the "GE Store,"? through which each business shares and accesses the same technology, markets, structure and intellect. Each invention further fuels innovation and application across our industrial sectors.

The Incident Analyst will be part of a dynamic, growing team, planning, preparing, hunting for, and responding to cyber incidents stemming from internal and external threat actors. Demonstration of leadership abilities in a large corporate environment as well as a strong comprehension of malware, emerging threats and calculating risk will be critical to success. The role will work with direction from IR and company leadership.

* Perform daily incident detection and response operations with a schedule that may involve nontraditional working hours – act as an escalation point for Information Security Event Analysts * Specialize in network-centric analysis (NSM), host-centric analysis (live response, digital forensics), malware analysis, and/or log-centric analysis (SIEM) * Ability to identify compromised computers using logs, live response, and related computer centric evidence sources * The ideal candidate for this role will have strong analytical skills and the ability to clearly and concisely document findings to report and/or escalate cyber incidents to constituents * Regularly collect host based artifacts and perform forensics analysis of those artifacts to determine if the asset has been compromise * Write signatures, tune systems and tools, and develop scripts and correlation rules

* 2+ years of experience detecting and responding to cyber intrusions * 4 year degree in Computer Science or a related technical degree, or minimum of 5 years of IT experience * Due to U.S. Government regulations pertaining to the nature of this work, the employee must be a US citizen (non-Green Card holder). GE will require proof of status prior to employment * Must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act * Must be willing to work on different time shifts in a 24/7/365 environment Additional Eligibility Qualifications GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a background investigation and drug screen. Desired Characteristics * GIAC Certifications desired: GSEC, GCIH, GCFA, GSE * An understanding of APT, Cyber Crime and other associated tactics * Familiarity with scripting / programming (Python, Perl, C, etc.) * Strong verbal and written communication skills * Experience with host based detection and prevention suites (McAfee EPO, OSSEC, Yara, MIR, CarbonBlack, Tanium, etc.) * Experience with host-centric tools for forensic collection and analysis (SleuthKit, Volatility Framework, FTK, Encase, etc.) * Experience with Network Forensics and/or Network Security Monitoring (NSM) tools (Snort, Bro-IDS, PCAP, tcpdump, etc.) SIEM tools (QRADAR, Splunk, Security Onion) and analysis techniques (alert, flow/session and PCAP analysis) * Experience with malware and reverse engineering (Dynamic and static analysis) * Strong IT infrastructure background including familiarity with the following: * Networking (TCP/IP, UDP, Routing) * Applications (HTTP, SMTP, DNS, FTP, SSH, etc.) * Encryption (DES, AES, RSA) and hashing algorithms (MD5, SHA-1, etc.) * System/Application vulnerabilities and exploitation * Operating systems (Windows, *Nix, and Mac) * Cloud technology (SaaS, IaaS, PaaS, O365, Azure, AWS) and associated digital forensics and incident response techniques * CISSP, CISM or related SANs certifications preferred * Active US government security clearance * Experience with host-centric tools or other forensic software and techniques * Experience with malware and reverse engineering * Experience with host-centric detection and response skills * Working knowledge of secure communication methods, including Secure Shell, SILC, and PGP/GPG * Strong verbal and written communication skills