Senior Analyst - Information Security, Detection Operations

Job Number: 1754400 Business: GE Corporate Business Segment: Corporate IT and Initiatives About Us: At GE, ensuring the security of our data is, and always will be, a top priority. That's why we hire the best and brightest experts in the information security field. If you are looking for a challenging career on the cutting edge of security and technology, with an opportunity to be a part of a diverse, dynamic and global team, then GE's Information Security Technology Center in Glen Allen, VA is the place for you! Join our GE team today, where you'll find endless learning opportunities to make the most of your talents. Our culture of innovation and imagination, coupled with industry leaders who will inspire you, make GE an exciting place to grow your career.
Posted Position Title: Senior Analyst - Information Security, Detection Operations Career Level: Experienced Function: Information Technology Function Segment: Information Security Location: United States : Michigan City: Van Buren Twp Postal Code: 48111-5711 Relocation Assistance: No Role Summary/Purpose: GE is an equal opportunity employer, offering a great work environment, challenging career opportunities, professional training and competitive compensation.

The Senior Analyst - Detection Operations will primarily work to develop signatures to detect APT and other threat actors for deployment to a variety of tools within the GE network and will also be responsible for leading and working on projects that will support tactical and strategic business objectives. Demonstration of leadership abilities in a large corporate environment as well as a strong comprehension of malware, emerging threats and calculating risk will be critical to success. Essential Responsibilities:

Create and implement enterprise - class intel-driven detection strategies

Architect, develop and maintain detection oriented tools and applications to automate daily operations

Perform daily response operations, with a schedule that may involve nontraditional working hours

Specialize in network, host and log centric analysis (Network Security Monitoring, SIEM, HIPS, HIDS, etc )

Ability to identify compromised computers using logs and other related computer centric evidence sources

Write signatures, tune systems and tools and develop scripts and correlation rules

Lead medium to large size projects as directed by management

As requested, develop and deliver metrics to leadership Qualifications/Requirements: Basic Qualifications:

Bachelor's Degree in Computer Science or a related technical degree, or minimum 4 years of IT experience

Minimum 5 year experience in the information security field

Minimum 5 year of Scripting or programming experience

Eligibility Requirements:

Due to U.S. Government restrictions to certain types of technology and technical data involved with this position as well as the need to periodically visit domestic military bases to consult with DoD personnel on Extranet tools, this position is limited to U.S. Citizens

GE will only employ those who are legally authorized to work in the United States. Any offer of employment is conditioned upon the successful completion of a background investigation and drug screen

Must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act

Must be willing to work off-shift hours Additional Eligibility Qualifications: GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a background investigation and drug screen. Desired Characteristics:

CISSP, CISM or related SANs certifications preferred

Active US government security clearance

Experience with host-centric tools or other forensic software and techniques

Working knowledge of secure communication methods, including Secure Shell, SILC and PGP/GPG

Strong oral and written communication skills

Detailed understanding of Cyber Crime and/or APT and associated tactics

Expert level experience in Network Security Monitoring practices, with direct hands-on experience with one or more NSM related technologies: Security Onion, Snort, Bro, Sguil, Snorby, or similar

Experience with host based detection and IR technologies such as McAfee EPO, OSSEC, Yara, MIR, CarbonBlack, Tanium, HBgary ActiveDefense or similar

Experience with SIEM, log aggregation and correlation engine tools such as Splunk, ELSA, ArcSight

Experience with Python and Object Oriented software development practices in Python