National Grid Senior US CSIRT Analyst - Security Operations in Northboro, Massachusetts
National Grid is seeking an innovative, and experienced Senior US CSIRT Analyst to join our world class cybersecurity team in Northboro, MA.
Every day we deliver safe and secure energy to homes, communities, and businesses. We are there when people need us the most. We connect people to the energy they need for the lives they live. The pace of change in society and our industry is accelerating and our expertise and track record puts us in an unparalleled position to shape the sustainable future of our industry.
To be successful we must anticipate the needs of our customers, reducing the cost of energy delivery today and pioneering the flexible energy systems of tomorrow. This requires us to deliver on our promises and always look for new opportunities to grow, both ourselves and our business.
We Offer the following Benefits
• High 401(k) company match
• Help with Student Loan payback
• Tuition Assistance and Rewards
• Comprehensive Discount program including electric vehicles
• Pet Insurance
• Adoption Assistance
• A highly skilled team to work and learn from
• Multiple Avenues for On-Demand Training
• Commitment to promoting from within
• Several Employee Resource Groups including Women in Non-Traditional Roles
Work Life Balance
• Excellent Healthcare and Dental Insurance
• HSA plan with company seed
• Generous Paid Time Off and Parental Leave
• Caregiver program
• Employee Assistance Program
To act as the global technical security engineering and design authority accountable for aligned portfolios within cyber security operations. To help detect and defend against cyber criminals and advanced threat groups by discovering and analyzing cyber threat information to produce actionable intelligence that enhances situational awareness of threats.
Provide technical governance, oversight and direction for the overall security service, solution design and implementation compatible with the target state operational security architecture.
Deliver analysis of the business estate, security systems administration, current threat containment posture and recommendations on more appropriate and effective security management to improve the visibility and quantification of security risks in networks, applications and infrastructure.
Deliver real-time proactive monitoring and maintenance of supported security tools and associated rules and signatures alongside tracking detail for producing metrics.
Work within current change management processes to apply patches and provide first-line support for supported security tools.
Feed intelligence and indicators of compromise to security incident management during P1 and P2 incidents to support the incident management process via triage on security events.
Carry out penetration testing across multiple environments, including web application, infrastructure and mobile platforms.
Produce actionable intelligence for colleagues and business areas in the form of threat advisories, briefings, a threat attribution database and tactical data feeds.
Knowledge & Experience Preferred
• Relevant work experience in Cyber Security Operations, specifically monitoring, detection and incident response duties. Minimum 3 years experience required.
• Experience with monitoring and operating SIEM, EDR and IDS/IPS solutions alongside other critical monitoring toolsets.
• Demonstrated ability to coordinate and respond to security incidents using commercial and/or open source technologies.
• Experience with Incident Response methodology in investigations, and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs).
• Comprehension of how attacks exploit operating systems and protocols.
Degree or demonstrable equivalent experience with relevant industry certifications such as GIAC, CEH, CISSP or SANS as a plus
Experience in at least one development language and within common scripting languages such as Python, Ruby, LUA, Powershell or BASH. In depth knowledge in two or more tools encompassing SIEM, NIDS/NIPS, HIDS/HIPS, Endpoint Security toolsets, DLP, SCADA/ICS environments, CBEST framework and Network security technologies
Knowledge of desktop and server operating systems and associated network packet and log analysis experience using open source and COTS for penetration testing which including map, Nessus, Metasploit, Kali Linux, Burp Suite Pro A good understanding of the OSI stack and the various protocols from layer 1 – 7 including SNMP, HTTP, VPN, 80211 alongside cloud-based architectures including Azure, AWS and OpenStack
5 years working in a threat intelligence role with experience in cyber security, including familiarity with multiple operating systems, platforms, protocols and security defenses. Experience of risk identification and remediation within a global SOC environmental with OSINT and social engineering engagement Experience of industrial control and critical national infrastructure environments (ICS/SCADA/CNI)
This position has a career path which provides for advancement opportunities within and across bands as you develop and evolve in the position; gaining experience, expertise and acquiring and applying technical skills. Internal candidates will be assessed and provided offers against the minimum qualifications of this role and their individual experience.
National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team.