National Grid Senior DFIR Analyst in Northboro, Massachusetts
Every day we deliver safe and secure energy to homes, communities, and businesses. We are there when people need us the most. We connect people to the energy they need for the lives they live. The pace of change in society and our industry is accelerating and our expertise and track record puts us in an unparalleled position to shape the sustainable future of our industry.
To be successful we must anticipate the needs of our customers, reducing the cost of energy delivery today and pioneering the flexible energy systems of tomorrow. This requires us to deliver on our promises and always look for new opportunities to grow, both ourselves and our business
The Senior DFIR Analyst will provideexpert advice and guidance on all matters concerning digital forensics and incident response. This role will provide a professional service concerning data preservation, collection, processing & extraction, production & review as well as reporting & expert opinion in support of National Grid Cyber Security Operations Centre (CSOC) incident response as well as Legal, Business Conduct, and Labor Relations (HR) IT Investigations.
The Senior DFIR Analyst will be a subject matter expert in both e-Discovery and Cyber Security Incident Response investigations and will have sound knowledge in applying a vast array of cyber security and core DFIR tools. The primary role of the Senior DFIR Analyst is to provide a complete response to all DFIR tasks exercising sound application of the electronic discovery reference model (EDRM) in the case of e-discovery and applying skills, knowledge and experience to CSOC in all aspects of the incident response lifecycle
• Highly self-motivated requiring little onsite management guidance outside of the acclimation/orientation period
• Provide a complete response to all DFIR tasks
• Proactively provide technical mentoring to help others on the team, especially those who are junior Forensic and CSOC staff, in support of a sharing, positive, and inclusive environment with a view to enhancing the cyber response & investigation capabilities of the organization
• Provide technical advice and guidance to the organization, including expert opinion on matters concerning e-discovery and post incident investigation.
• Effectively engage organizational stakeholders across Security, Corporate Security & Legal to continuously improve investigation & response services
• Develop and leverage advanced toolset to increase investigation & response capabilities.
• Creation of professional looking business level process/procedure documentation and forensic reports
• 3+ year’ work experience within CSOC incident response & e-Discovery Litigation.
• Demonstrated ability to coordinate and respond to security incidents using commercial and/or open source technologies.
• Experience with Incident Response methodology in investigations, and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs).
• Knowledge of data science and interpretation of digital evidence.
• Knowledge of criminal legislation impacting digital evidence.
• Knowledge of data protection legislation and the rules governing personally identifiable information (PII).
• Experience of report writing and providing expert witness testimony.
• Experience of malware reverse engineering
• Solid understanding of networking protocols and infrastructure designs; including cloud infrastructures, routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols.
• 3+ years of experience with the forensic analysis of Windows, Macintosh, and Linux operating systems as well as mobile platforms such as iOS and Android
• Advanced user of Forensic applications: - Encase Endpoint Security, Nuix, Magnet Internet Evidence Finder, Linux Forensic boot disks such as SIFT, DEFT and Helix, mobile device data capture & analysis tools such as MSAB Complete and Cellebrite 4PC. Memory forensic capture & analysis tools such as Redline and Volatility.
• Competent user of Endpoint Detection & Response (EDR) tools, Intrusion Detection & Prevention (IDP), Security Information & Event Management, Network Analysis Tools such as Wireshark malware reverse engineering sandboxes such as Cuckoo, Flare & REMNux
Technical qualifications should include but are not limited to:
Degree in a computer related discipline
EnCE and / or IACIS CFE or equivalent
At least one of the following certifications: - SANS certified Forensic Analyst (GCFA), certified Forensic Examiner (GCFE), Reverse Engineering Malware (GREM), Network Forensic Analyst (NFA), Cyber Threat Intelligence (CTI) and Advanced Smartphone Forensics (ASF) or equivalent
This position has a career path which provides for advancement opportunities within and across bands as you develop and evolve in the position; gaining experience, expertise and acquiring and applying technical skills. Internal candidates will be assessed and provided offers against the minimum qualifications of this role and their individual experience.
National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team