Supervisor - Cybersecurity Ops Center

Company: AVANGRID SERVICE COMPANY

Location:

Orange, CT, US Portland, ME, US Rochester, NY, US

Company Company

About AVANGRID: AVANGRID, Inc. (NYSE: AGR) aspires to be the leading sustainable energy company in the United States. Headquartered in Orange, CT with approximately $40 billion in assets and operations in 24 U.S. states, AVANGRID has two primary lines of business: Avangrid Networks and Avangrid Renewables. Avangrid Networks owns eight electric and natural gas utilities, serving more than 3.3 million customers in New York and New England. Avangrid Renewables owns and operates a portfolio of renewable energy generation facilities across the United States. AVANGRID employs approximately 7,000 people and has been recognized by Forbes and Just Capital as one of the 2021 JUST 100 companies - a list of America's best corporate citizens - and was ranked number one within the utility sector for its commitment to the environment and the communities it serves. The company supports the U.N.’s Sustainable Development Goals and was named among the World’s Most Ethical Companies in 2021 for the third consecutive year by the Ethisphere Institute. For more information, visit www.avangrid.com (https://www.avangrid.com/wps/portal/avangrid/home)

Purpose

The Supervisor of Incident Response is responsible for developing Incident Response plans, playbooks, coordinating with regulatory authorities, tracking regulatory developments, maintaining close ties to government and local law enforcement, and managing a team of threat hunters, intelligence analysts, forensic analysts and incident response experts.

A candidate for the Incident Response Supervisor should be one who strives for continuous improvement, staying on top of the latest developments in the cyber threat landscape, building and maintaining strong internal and external relationships, and who is able to work long or unpredictable hours in the event of an incident. Furthermore, they must exhibit calm and rational decision making under pressure and be able to develop their team to also maintain level-headed calm in high stress situations.

The Incident Response team will consist of Threat Hunting, Intelligence, Forensics, Investigative, and Detection, Isolation and Eradication functions. These areas require partnerships with Operational, Field, IT, and Corporate Physical, Cyber and Intelligence teams for coordination and collaboration. As such, Emotional Intelligence, Communication, Interpersonal Relationship Building and Integrity are core competencies that the Incident Response Supervisor should exhibit.

Responsibilities

Manage a team to perform and involve themselves directly, when necessary, in the following:

•Prepare and maintain Incident Response documentation, including, but not limited to: Incident Response Plan, Communications templates, Playbooks, Recovery hand-off templates, Post-mortem reports and Threat Briefs

•Visit sites and document assets and configurations

•Leverage and understand active and passive discovery and monitoring tools in a safe and secure manner

•Establish and maintain repositories for data logs, data flows, incident response documentation, threat report and historic investigations

•Establish a thorough process for a chain of custody for investigation related materials

•Use hashing and other tools to demonstrate integrity of data for materials processed throughout the investigation lifecycle

•Coordinate with Cyber Security Operations Center and support investigation escalations

•Coordinate with Corporate Intelligence team on threat reports and investigations

•Coordinate with Corporate Physical Security on cyber impacts of physical intrusions

•Coordinate with Corporate Cyber Security on cyber issues that may impact the OT area

•Coordinate with local and federal law enforcement for preparatory actions, threat briefs, and incident support

•Coordinate with Field teams for site visits and supporting secure ICS architecture

•Coordinate with OT Cyber Recovery for Incident closeout

•Coordinate with Third Parties for log reviews, threat hunting, forensic retainers, secure engineering and intelligence reports

•Understand the Cyber-informed Consequence-driven Engineering approach to Cybersecurity

•Perform Crown Jewels analysis and Attack Chain evaluations

•Perform proficient forensic analysis using security tools, scripts and data repositories

•Perform detailed investigation and response activities to assist in identification, containment, eradication, and recovery actions for potential security incidents

•Analyze complex malware through endpoint and network traffic forensics determine if AVANGRID systems are impacted.

•Leverage scripting techniques for log analysis and aggregation

•Recommend implementation of countermeasures or mitigating controls

•Create and continuously improve standard operating procedures for islanding, network segmentation and leveraging container technologies for threat isolation

Direct responsibilities include:

•Lead incident response when an event rises to the level of incident and collaborate with other key business response contacts

•Travel as necessary to visit sites, meet with local and government law enforcement personnel, coordinate with other business units, and work with the other OT Cybersecurity areas

•Develop metrics and reporting data for presentation at executive levels in the organization

•Able to work early or late hours and weekends in the pursuit of addressing and remediating incidents

•Mentor staff in cybersecurity techniques and processes

•Must comply with any regulatory requirements

Competencies

• Be a role model

• Be agile

• Collaborate and Share

• Develop Self & Others

• Empower to grow

• Focus to achieve results

• Technical Skills

Skills and Requirements

Education & Experience Required:

•Associate’s Degree in Computer Science or related program with 10+ years relevant work experience in security information technology or incident response

•Bachelor’s Degree in Computer Science or related degree with 6+ years relevant work experience in security information technology or incident response

•Master’s Degree in Computer Science or related degree with 4+ years relevant work experience in security information technology or incident response

•Proven record of leadership ability

•Certification(s) in cyber monitoring tools, general cybersecurity-related certifications (ITIL Incident Management, ECIH, CEH, CHFI, CISSP, etc.) or related coursework

Preferred Education and Experience:

•Four or more years in a leadership role

•Prior experience in Computer Incident Response team (CIRT)/Computer Emergency Response team (CERT)

•Familiarity with NIST documentation and standards

•Prior Experience in an Incident Response or similar Cybersecurity area

•Proven record of relationship building

•SANS certification such as GCIH, GICSP, GRID, GREM, GCFA, GREM, GNFA or related

•Experience with scripting languages such as Python, Perl, PowerShell

•Experience in network security monitoring, network packet analysis, host and server forensics

Skills / Abilities:

•Understanding of common industry standard as well as open-source Network and/ or Host IDS/IPS, Intelligence, Logging, and Forensic tools

•Understanding of MITRE ATT&CK framework

•Able to manage self and others under stress

•Strong networking knowledge – TCP/IP protocols, OSI model, Firewalls, other networking devices

•Strong case management and forensic procedural skills

•Strong customer service skills and relationship building skills

•Strong analytical and decision-making skills – ability to analyze and think out of the box to take initiative and ownership when working a security event

•Self-motivated, methodical and detail oriented

•Familiarity with regulatory requirements such as NERC/CIP, Privacy, SOX etc. (preferred)

•Utility / ICS Industry experience (preferred)

Mobility Information

Please note that any applicant who is not a citizen of the country of the vacancy will be subject to compliance with the applicable immigration requirements to legally work in that country

Avangrid employees may be assigned a system emergency role and in the event of a system emergency, may be required to work outside of their regular schedule/job duties. This is applicable to employees that will work in Connecticut, Maine, Massachusetts, and New York within AVANGRD Network and Corporate functions. This does not include those that will work for Avangrid Renewables

AVANGRID’s employment practices and policies are geared to hiring a diverse workforce and sustaining an inclusive culture. At AVANGRID we provide fair and equal employment and advancement opportunities for all employees and candidates regardless of race, color, religion, national origin, gender, sexual orientation, age, marital status, disability, protected veteran status or any other status protected by federal, state, or local law. Learn more about equal employment by following this link (https://www.eeoc.gov/employers/upload/poster_screen_reader_optimized.pdf)

If you are an individual with a disability or a disabled veteran who is unable to use our online tool to search for or to apply for jobs, you may request a reasonable accommodation by contacting our Human Resources department at 203-499-2777 or careers@avangrid.com