Senior Plant Floor Detection and Response Analyst

Job Number: 14405
Location(s): Minneapolis, MN

General Mills is reshaping the future of food. We believe food makes us better. It nourishes our bodies, brings us joy and connects us to each other. As one of the world’s leading food companies, General Mills operates in more than 100 countries and markets more than 100 consumer brands, including Cheerios, Nature Valley, Betty Crocker, Yoplait, Annie’s Homegrown, Old El Paso, Epic Provisions, Blue Buffalo and more. Are you passionate about the future of food? You’ve come to the right table. We want the very best talent to help lead something big.

Job Details

Overview & Responsibilities

OVERVIEW

This role is responsible for leading the overall development and implementation of General Mills’ cyber security detection and response procedures and technologies for plant floor systems and ensuring the Cyber Security Incident Response Team (CSIRT) is prepared to perform investigations safely, efficiently and effectively on  plant floor systems. As part of the Detection and Response team, this role develops plant-floor focused detective controls, executes threat hunts, and handles incidents escalated from CSIRT.

RESPONSIBILITIES

  • Develop & document process and procedures for responding to plant floor cybersecurity incidents and train others on the process
  • Create detection rules using existing technology to detect cybersecurity incidents in the plant floor environment
  • Develop methodology for threat hunting in the plant floor environment
  • Partner across Cyber Security & Controls Engineering to implement changes and tools to improve our ability to detect incidents
  • Handle escalations of cybersecurity incidents in the plant floor environment
  • Work with others in the detection and response team to improve our ability to detect and respond to cybersecurity incidents
  • Build and test detective controls
  • Participate in monthly threat hunts
  • Assist with support tools for detection and response
  • On-call, once a month, for escalations from CSIRT
  • Maintain existing and develops new contacts within the candidate’s professional network of cyber security peers and leading security consultants/vendors.
  • Continuously develops knowledge of evolving best practices through peer benchmarking, industry events/associations, and educational opportunities.
  • Leverages partnership and relationships to benchmark existing and proposed cyber security solutions.
Qualifications

MINIMUM QUALIFICATIONS

  • Associates Degree
  • 5 years in a related field (e.g. ICS, Cybersecurity, IT)
  • Background in incident response processes and tools to detect, analyze, respond and contain cyber security threats quickly and correctly.
  • Familiarity with Unix and Windows operating systems and administrative tools
  • Knowledge in tools and techniques used by attackers to gain unauthorized access to systems.
  • Prior experience with information security and associated technologies, including boundary protection (e.g. firewalls, proxies, IDS/IPS), endpoint protection, remote access, and security information and event management.
  • Demonstrated success working closely with leaders, including influencing without direct authority.
  • Demonstrated ability to get things done both independently and in a collaborative, team-oriented environment.
  • Able to independently drive structure out of ambiguity, connect dots across disparate insights, and structure synthesized output.

PREFERRED QUALIFICATIONS

  • Bachelors Degree
  • Hands-on experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, Human Machine Interfaces (HMIs) and industrial networking devices
  • Well-versed in various control frameworks, including: IEC62443, NERC CIP, NIST
  • Fundamental understanding of IT and OT network communication protocols (For example: TCP/IP, Ethernet/IP, CIP, Modbus, OPC, OPC UA, PROFINET, etc.)
  • Experience in forensic techniques used to analyze threats (including malware), to extract key indicators of attack and compromise.
  • Experience with automating and scripting processes.

Overview & Responsibilities

OVERVIEW

This role is responsible for leading the overall development and implementation of General Mills’ cyber security detection and response procedures and technologies for plant floor systems and ensuring the Cyber Security Incident Response Team (CSIRT) is prepared to perform investigations safely, efficiently and effectively on  plant floor systems. As part of the Detection and Response team, this role develops plant-floor focused detective controls, executes threat hunts, and handles incidents escalated from CSIRT.

RESPONSIBILITIES

  • Develop & document process and procedures for responding to plant floor cybersecurity incidents and train others on the process
  • Create detection rules using existing technology to detect cybersecurity incidents in the plant floor environment
  • Develop methodology for threat hunting in the plant floor environment
  • Partner across Cyber Security & Controls Engineering to implement changes and tools to improve our ability to detect incidents
  • Handle escalations of cybersecurity incidents in the plant floor environment
  • Work with others in the detection and response team to improve our ability to detect and respond to cybersecurity incidents
  • Build and test detective controls
  • Participate in monthly threat hunts
  • Assist with support tools for detection and response
  • On-call, once a month, for escalations from CSIRT
  • Maintain existing and develops new contacts within the candidate’s professional network of cyber security peers and leading security consultants/vendors.
  • Continuously develops knowledge of evolving best practices through peer benchmarking, industry events/associations, and educational opportunities.
  • Leverages partnership and relationships to benchmark existing and proposed cyber security solutions.

Qualifications

MINIMUM QUALIFICATIONS

  • Associates Degree
  • 5 years in a related field (e.g. ICS, Cybersecurity, IT)
  • Background in incident response processes and tools to detect, analyze, respond and contain cyber security threats quickly and correctly.
  • Familiarity with Unix and Windows operating systems and administrative tools
  • Knowledge in tools and techniques used by attackers to gain unauthorized access to systems.
  • Prior experience with information security and associated technologies, including boundary protection (e.g. firewalls, proxies, IDS/IPS), endpoint protection, remote access, and security information and event management.
  • Demonstrated success working closely with leaders, including influencing without direct authority.
  • Demonstrated ability to get things done both independently and in a collaborative, team-oriented environment.
  • Able to independently drive structure out of ambiguity, connect dots across disparate insights, and structure synthesized output.

PREFERRED QUALIFICATIONS

  • Bachelors Degree
  • Hands-on experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, Human Machine Interfaces (HMIs) and industrial networking devices
  • Well-versed in various control frameworks, including: IEC62443, NERC CIP, NIST
  • Fundamental understanding of IT and OT network communication protocols (For example: TCP/IP, Ethernet/IP, CIP, Modbus, OPC, OPC UA, PROFINET, etc.)
  • Experience in forensic techniques used to analyze threats (including malware), to extract key indicators of attack and compromise.
  • Experience with automating and scripting processes.

Candidatos Recurrentes

Inicio de Sesión o Crear Perfil ¿Está buscando una actualización de su postulación? Inicie sesión en su perfil para comprobar su estado.
Únete a nuestra comunidad de talentos