Expert Incident Response Analyst (Concord, CA, US, 94518)

Pacific Gas And Electric Company Test

Requisition ID # 79382 

Job Category : Information Technology 

Job Level : Individual Contributor

Business Unit: Information Technology

Job Location : Concord

Department Summary

The Cybersecurity function is led by PG&E’s Senior VP and Chief Information Officer and is responsible for cybersecurity and risk management across the organization.


The Security Intelligence and Operations Center (SIOC) is responsible for ensuring that PG&E proactively identifies and assesses threats to its user and operational network and data, monitors its network for malicious activity, investigates intrusions and other relevant events, and has a sophisticated and detailed understanding of the evolving threat landscape.


Position Summary


This is a challenging and fast passed position in PG&E’s Security Intelligence and Operations Center (SIOC) which is responsible for detecting, analyzing and responding to any suspicious cyber security activity across PG&E's business and operational networks. The SIOC is a critical team within PG&E’s broader Information Security team.


Job Responsibilities


  • Utilizes digital forensic tools including Guidance EnCase to execute digital investigations and perform incident response activities
  • Conduct investigations of computer-based events and other security issues
  • Establishes links between suspects and other violators by piecing together evidence uncovered from a variety of sources
  • Establishes and maintains defensible evidentiary process for all investigations
  • Uses & maximizes relevant investigative tools, software and hardware
  • Experience with / daily use of EDR
  • Familiarity with cloud service providers (AWS) and associated security tools desired
  • Collection and examination of images of various platforms/devices (including Windows, Mac, mobile devices)
  • Coordinates with IT to leverage skills and resources in support of investigations
  • Advances the practice and science of information security investigation
  • Perform hunting for malicious activity across the network and digital assets
  • Respond to computer security incidents and conduct threat analysis
  • Conducts analysis using a variety of tools and data sets to identify indicators of malicious activity on the network
  • Perform detailed investigation and response activities for potential security incidents
  • Provide accurate and priority driven analysis on cyber activity/threats
  • Perform payload analysis of packets
  • Perform dynamic analysis on suspected malware samples
  • Recommends implementation of countermeasures or mitigating controls
  • Ensures all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment
  • Collaborates with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity
  • Develop innovative monitoring and detection solutions using PG&E tools and other skillsets such as scripting
  • Mentor junior staff in cybersecurity techniques and processes
  • Resolve or coordinate the resolution of cyber security events
  • Maintain incident logs with relevant activity
  • Document investigation results, ensuring relevant details are passed to senior analysts and stakeholders
  • Participate in root cause analysis or lessons learned sessions
  • Write technical articles for knowledge sharing
  • Establish and maintain excellent working relationships/partnerships with the cyber security and infrastructure support teams throughout the Information Technology organization, as well as business units





  • High school diploma or equivalent
  • 6 years of related IT work experience to include information security working within incident response/forensics or equivalent functions within Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) experience



  • Bachelor’s degree in Cybersecurity, Intelligence, or a related field or equivalent work experience; or a combination of education, training, and relevant work experience.
  • Formal IT Security/Network Certification such as WCNA, CompTIA Security +, Cisco CCNA, SANS GCIH, GMON, or other relevant Cyber Security certifications
  • Utility Industry experience
  • SANS GIAC Certified Forensic Analyst (GCFA) or SANS GIAC Certified Forensic Examiner (GCFE) or SANS GIAC Reverse Engineering Malware (GREM) or related Degree
  • Experience with scripting in Perl/Python/Ruby/PowerShell
  • Experience with both desktop-based and server-based forensics
  • Malware reverse engineering skills


Knowledge, Skills, and Abilities/Technical Competencies:

  • Previous experience with a variety of cyber investigation tools
  • Strong technical skills including malware analysis, memory forensics, live response techniques, registry analysis, scripting, and other relevant technical security skills such as memory forensics
  • Experience investigating and mitigating APT style attacks
  • Strong case management and forensic procedural skills- Intelligence driven defense utilizing the Cyber Kill Chain
  • Deep knowledge of log, network, and system forensic investigation techniques
  • Deep knowledge of diverse operating systems, networking protocols, and systems administration
  • Deep knowledge of commercial forensic tools – working knowledge of Axiom preferred
  • Deep knowledge of common indicators of compromise and of methods for detecting these incidents
  • Deep knowledge of IT core infrastructure and cyber security components/devices
  • Deep knowledge of TCP/IP Networking and knowledge of the OSI model
  • Significant experience performing analysis of log files from a variety of sources, to include individual host logs, network traffic logs, firewall logs, or intrusion prevention logs
  • Excellent problem solving, critical thinking, and analytical skills – ability to de-construct problems
  • Strong customer service skills and decision-making skills
  • Significant experience with packet analysis (Wireshark) and malware analysis preferred
  • Working knowledge of PG&E infrastructure preferred
  • IBM QRadar experience preferred
Job Overview

The domain is for sale!


Receive job alerts twice per week:

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Choose one or more global alerts or browse to the USA and UK alert pages:

USA Specific Job Alerts
UK Specific Job Alerts

Our marketing platform's terms of use