TaoSecurity Blog

Do you know how to detect and respond to intruders in a multinational organization? Do you want to join a team with that mission? Are you an experienced information security professional who is looking for a challenge? If your answer to these three questions is yes, please consider applying for the last open Incident Handler role in GE-CIRT . In this role you will mentor intermediate and junior CIRT members and work with some of the best detection and response staff in the world. The role is located at our Advanced Manufacturing & Software Technology Center in located at Visteon Village, Van Buren Township, Michigan. By the end of the month, 19 of my team (about half of GE-CIRT) will be located there. (I have 2 new hires arriving within the next two weeks.) In addition to normal operations there, our extended team meets at the AMSTC facility regularly for training and planning sessions. If you would like more information on the role, apply for job 1259804 and I will revi...

Two months ago I posted Information Security Jobs in GE-CIRT and Other GE Teams . I've almost filled all of the roles, or have candidates for all roles in play, with the exception of one -- Information Security Infrastructure Engineer (1147859) . We're looking for someone to design, build, and run infrastructure to support GE-CIRT functions. As you might expect, we don't need someone with Windows experience. Beyond Unix-like operating systems, we are interested in someone with MySQL experience. You must be a US citizen who lives near our Michigan AMSTC or can relocate on your own cost. If you are interested, please visit www.ge.com/careers and apply for role 1147859. Thank you.

I am pleased to announce that on Friday 19 March the Forum of Incident Response and Security Teams, or FIRST , accepted the General Electric Computer Incident Response Team, GE-CIRT , as a full member . This represents about a year of work for us. I am really proud of our team, especially since we reached initial operational capability on 1 January 2009. I would like to thank James Barlow and Rob Renew for sponsoring our application; Sarah Gori for leading our application process; David Bianco for helping Sarah with technical aspects of the process; and our security team members for assisting with meeting FIRST's criteria. If you are a member of an incident detection and response team but your team is not part of FIRST, please check out the membership process . I advocated joining FIRST for three reasons: Joining FIRST is a sign to the world that your team has reached a certain level of maturity, stability, and capability. The membership process itself will help focus your team...

I'm hiring for my team (GE-CIRT) again. The following summarizes open positions: Information Security Incident Handler (1145304); serious skills required Information Security Incident Analyst (1147842); intermediate skills required Information Security Event Analyst (1147849); extreme willingness to learn required Security Assurance Team Senior Analyst (1147811); intermediate skills required Security Assurance Team Analyst (1147853); extreme willingness to learn required Information Security Infrastructure Engineer (1147859); serious Unix and open source system and database administration skills required Roles 1-3 involve incident detection and response. Roles 4-5 involve threat analysis, Red-Blue teaming, and internal consulting. Role 6 supports team systems. All roles have a bias towards hiring into our beautiful Advanced Manufacturing and Software Technology System in Michigan. I already have five guys working there and expect to have at least a dozen more on our team work...

I was asked to help locate two candidates for positions in the GE Smart Grid initiative. We're looking for an Embedded Hardware Penetration Tester (1080237) and an Embedded Firmware Penetration Tester (1080236). If interested, search for the indicated job numbers at ge.com/careers or go to the job site to get to the search function a little faster. I don't have any other information on these jobs, so please work through the job site. Thank you. Update Mon 16 Nov : As noted by Charlene in the comments below, the jobs are no longer posted. If I hear they are back I will post an update here. Update Wed 18 Nov : I was just told the jobs are either open or will be soon. Thank you.

My team just opened five more positions. These candidates will report to me in GE-CIRT. Information Security Incident Handler (1093498) Information Security Incident Analyst (two openings, 1093494) Cyber Threat Analyst (1093497) Information Security Software Developer (1093499) These candidates will sit in our new Advanced Manufacturing & Software Technology Center in Van Buren Township, Michigan. We don't have any flexibility regarding the location for these positions, and all five must be US citizens. No security clearance is required however! If interested, search for the indicated job numbers at ge.com/careers or go to the job site to get to the search function a little faster. We are being deluged by applicants for the SIEM role , so your best bet is to apply online and let me find you after reading your resume. Thank you.

My team just opened a position for a Security Information and Event Management professional. This candidate will report to me in GE-CIRT but take daily direction from our SIM leader and our Lead Incident Handler. We're looking for a technical person who can not only administer our SIM, but also help our team implement our detection and response objectives and use cases in our SIM and related infrastructure. This candidate will sit in our new Advanced Manufacturing & Software Technology Center in Van Buren Township, Michigan. If interested, search for job 1087025 at ge.com/careers or go to the job site to get to the search function a little faster. I am available to answer questions on the role or forward them to our SIM leader. You can reach me by posting a comment here and providing an email address where I can contact you. Thank you.

In June in this post I linked to a speech that GE's CEO gave in Michigan. We're hiring about 1,200 people over the next few years, and the jobs are already appearing at gecareers.com . One of the jobs posted requests an IT Project Manager - Information Technology (Security) . This candidate would work in a sister unit to our GE-CIRT doing Identity and Access Management (IAM). If this job looks interesting, please check it out. As other roles in our Corporate security group appear -- especially those in GE-CIRT -- I will let you know.

When I announced I would join General Electric as Director of Incident Response in June 2007, I had to post a follow-up titled I'm Not Dead . That issue even made it onto Bill Brenner's radar . Two years later I'm still at GE, glad that as of 1 January this year we have a functional and growing Computer Incident Response Team (CIRT) manned by the best incident handlers and support staff you'll find anywhere. Sometimes work occupies time I would have previously spent blogging, reading, or writing. That's why you'll often see a flurry of blog posts when I have time on a weekend (or now, before a Company holiday). I've fallen far behind in my reading , and my writing is limited to articles. However, I will be collaborating with Keith Jones and team for Real Digital Forensics Volume 2 , which should be cool. I don't have a schedule for other books beyond RDF2 at the moment. Richard Bejtlich is teaching new classes in Las Vegas in 2009. Late Las Veg...

Several of you leaving comments, posting your own blog entries, and sending me email seem to think my job at General Electric means I am dead. I am not dead, God willing. Let me reprint the second-to-last paragraph from that post: What about writing here, or articles, or books? My boss supports my blogging and writing. I have never made a practice of posting "Look what I found at this client!" and he does not expect me to start doing so at GE. You can expect to read more about the sorts of techniques I'm using to address security concerns but never incident specifics or any information which would compromise my relationship with GE. The same goes for articles and books. I plan to continue writing the Snort Report and eventually write the new works listed on my books page. This blog has never been a site for "tell-all" activity. I don't discuss specifics about clients, or national security matters, or private information shared in a confidential ma...

Two years ago this month I left my corporate job to focus on being an independent consultant through TaoSecurity . Today I am pleased to announce a new professional development. Starting next month I will be joining General Electric as Director of Incident Response, based near Manassas, VA, working for GE's Chief Information Security Officer, Grady Summers at GE HQ in Fairfield, CT. My new boss reads my blog and contacted me after reading my Security Responsibilities post five months ago. He has created the new Director position as a single corporate focal point for incident response, threat assessment, and ediscovery, working with GE's six business units and corporate HQ security staff. Grady reports to GE's Chief Technology Officer, Greg Simpson, and works closely with GE's Chief Security Officer, Brig Gen (USAF, ret) Frank Taylor. I will be building a team and I am pleased to have already met my first team member, a forensic investigator. I am very excited ab...