About Us: GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.
At GE Aviation, we are imagination at work. Whether we’re manufacturing components for our GEnx engines or driving innovation in fuel and noise reduction, the GE Aviation teams are dedicated to turning imaginative ideas into advances in aviation that solve some of the world’s toughest problems. Join us and you’ll find yourself in a dynamic environment where our ongoing, substantial investment in research and development keeps us moving forward and looking ahead. At GE, developing people is embedded in our culture and integral to our growth. Here you’ll work collaboratively and across functions with the highest caliber talent, utilizing cutting-edge technology and processes. Whether it’s the next generation of ecomagination products or the future of aircraft engines, we’ve got the state-of-the-art resources to make those innovations a reality. If you’re passionate about aviation and looking for a career rich with challenges and unlimited opportunities for growth and advancement, then join GE in reengineering the sky through aviation innovations that will impact the globe for generations to come.
GE is diversity. We aim to employ the worlds’ brightest minds to help us create an unlimited source of ideas and opportunities. We believe in hiring talented people of varied backgrounds, experiences and styles - people like you!
Role Summary: The Senior Incident Responder will be part of a dynamic, growing team, planning, preparing, hunting for, and responding to cyber incidents stemming from internal and external threat actors. Demonstration of leadership abilities in a large corporate environment as well as a strong comprehension of malware, emerging threats and calculating risk will be critical to success. Finally, this role requires the ability to work with minimal direction from Incident Response and company leadership.
• Considerable knowledge and demonstrable experience of Universal Forwarders, rysyslog and deployment server proficiency in Splunk Processing Language (SPL). • Understanding of developing dashboards and alerts in Splunk and able to write correlation rules for Splunk ES. Splunk system administration and management are key elements to this role. • Responsible for configuring and administering security tools, analyzing and responding to various forms of security alerts to provide threat mitigation. • Lead technical aspects of digital security incident detection and response, focusing on very unstructured incidents and high-risk events. • Perform daily response operations with a schedule that may involve non-traditional working hours - act as escalation points for Information Security Incident Analysts • Write signatures, tune systems/tools, and develop scripts and correlation rules • The best candidates for the role will work well with other people and have strong verbal and written communication skills, a sense of diplomacy, and decision making skills to handle the often fast-paced role of an incident handler • Engage in the day-to-day operational support of logging, auditing and alerting security systems • Maintain and update software and hardware upgrades • Create, modify, and review of technical documentation (SOP’s, support flows) • Connect with support teams and client/business partners during incident resolution and root cause analysis/corrective action restoration processes • Implement identified infrastructure changes /operational processes related to S&C • Leverage expertise to provide feasibility analysis, and implementation recommendations for operational service level improvements
• Bachelors or Master’s degree in Computer Science or a related technical degree with substantial experience in digital technology or equivalent knowledge and experience • Demonstrable experience detecting and responding to cyber intrusions in an Operations Technology environment • Splunk, SANS 503 / 504 certification(s) • Experience with Microsoft, Unix and Mac OS environments.
UK Security Clearance (SC) is required and must be maintained for this role. Candidates who do not meet the minimum requirements for UK Security Clearance are not eligible for this role on grounds of national security. If UK Security Clearance is not obtained, any offer of employment may be withdrawn on grounds of national security.
We always welcome part-time or job share applications.
Applications from job seekers who require sponsorship to work in the UK are welcome and will be considered alongside all other applications. However, non-EU/EEA candidates may not be appointed to a post if a suitably qualified, experienced and skilled EU/EEA candidate is available to take up the post, as the employing body is unlikely, in these circumstances, to satisfy the Resident Labour Market Test. For further information please visit the UK Border Agency website
Baseline Personnel Security Standard (BPSS) clearance is required and must be maintained for this role. Please note that in the event that BPSS clearance cannot be obtained, you may not be eligible for the role and/or any offer of employment may be withdrawn on grounds of national security. Please see the link below for further details regarding the requirements for BPSS clearance
• Strong verbal and written communication skills • Detailed understanding of APT, Cyber Crime and other associated tactics • Strong track record of understanding and interest in recognized IT and OT security-related standards and technologies, demonstrated through training, job experience and/or industry • Knowledge of and/or working on GE OT products (Internal candidates only) • Professional experience with Cyber Security, Operations Security, Product Security, Industrial Control Systems (ICS), Information Assurance, and Information Technology • Strong IT infrastructure background including familiarity with the following: • Networking (TCP/IP, UDP, Routing) • Applications (HTTP, SMTP, DNS, FTP, SSH, etc.) • Encryption (DES, AES, RSA) and hashing algorithms (MD5, SHA-1, etc.) • System/Application vulnerabilities and exploitation • Operating systems (Windows, *Nix, and Mac) • CISSP, CISM or related SANs certifications preferred • Working knowledge of secure communication methods, including Secure Shell, S/MIME and PGP/GPG
We are in the process of transitioning to an improved job application system and in the interim we are operating with two systems. Have your Job ID ready (from the email you received when you applied) to log in and check your application status.
Click the appropriate button. If you don't know your job ID, you can still check your status: use both buttons.