National Grid Penetration Test and Red Team Analyst in Waltham, Massachusetts
_About the Position:_
The Penetration Test and Red Team is part of the Cyber Security Operations department within Digital Risk and Security, and supports the Digital Risk and Security team’s global operations by identifying vulnerabilities via standard penetration testing assessments and identifying threats posing a genuine risk to National Grid via red team / purple team tests that replicate behaviours of threat actors, assessed by Government and commercial intelligence providers. This information will enable National Grid to proactively adjust its defensive posture.
We are seeking an individual to be part of the team, to help as it grows with maturity. The team will carry out penetration testing across a number of environments including web app, infrastructure and mobile platforms. In addition, you will performing red team exercises based on Cyber Threat Intelligence.
The role offers some exciting opportunities including the potential to work with the operational technology research lab, and investigating in more detail vulnerabilities and techniques that could impact critical national infrastructure. There is also the potential for training and conference attendance.
*Knowledge, Experience & Technical Know How**(including but not limited to): *
o Ideally we would like 3 years of hands on Penetration Testing of web applications and infrastructure experience
o Experience of using Open Source and COTS for penetration testing which could include Nmap, Nessus, Metasploit, Kali Linux, Burp Suite Pro and similar
o OSINT and social engineering engagement experience
o Red Team experience
o Experience in common scripting languages such as Python, Ruby, LUA, Powershell or BASH
o Experience in at least one development language e.g. Java, C, C# or similar
o A good understanding of the OSI stack and the various protocols from layer 1 – 7 including SNMP, HTTP, VPN, 802.11.
o Good appreciation of other security roles such as intelligence, vulnerability and patch management, Risk, auditing, Awareness and Security Architecture
o A good understanding of Cloud based architectures including Azure, AWS and OpenStack
o Excellent communication skills with the ability to communicate at a technical and business user level
o Ability to incorporate testing results into a report.
o Able to work in both waterfall and agile software delivery projects
o Good understanding of Industrial control systems including SCADA
o Good understanding of the Energy industry
o Computer Science, Mathematics, Engineering or Security related degree (or higher)
o CBEST framework experience
_Qualifications Required:Formal certification in one of the following:_
o CHECK Team Member
o CREST CERTIFIED Tester
o Cyber Scheme Team Member
o Tiger Scheme Team Member
o We might consider those with SANS GPEN and GWAPT
o College Degree in Computer Science or similar study
_Job Dimensions _
Willing to work out of hours or flexi time if there is a requirement
Ability to travel to different sites and potentially the UK.
/National Grid is an equal opportunity employer thatvaluesa broad diversity of talent, knowledge, experience and expertise. We foster a culture ofinclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to bean affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team./
Job: *IS DIgital Security & Risk
Organization: *IS Digital Security & Risk
Title: Penetration Test and Red Team Analyst
Requisition ID: 20181537