National Grid Vulnerability Management Engineering Manager in Waltham, Massachusetts
National Grid is hiring a Vulnerability Management Engineering Manager for our Security Group in Waltham, MA.
Every day we deliver safe and secure energy to homes, communities, and businesses. We are there when people need us the most. We connect people to the energy they need for the lives they live. The pace of change in society and our industry is accelerating and our expertise and track record puts us in an unparalleled position to shape the sustainable future of our industry.
To be successful we must anticipate the needs of our customers, reducing the cost of energy delivery today and pioneering the flexible energy systems of tomorrow. This requires us to deliver on our promises and always look for new opportunities to grow, both ourselves and our business
As a leader in Vulnerability Management you will drive a program of technology and capability improvements, developed in partnership with Product Management, and operate a security operations function to provide assurance and assessment capability across US and UK territories. You will be responsible for leading and operating a team of highly technical individuals, coaching and supporting outstanding performance and leading by example to enable introduction of cutting edge technical cyber solutions and approaches.
Efficient operation of penetration testing services for stakeholders in US and UK, within agreed SLAs.
The engineering and delivery of technical VM capabilities as defined by, and agreed with, Product Management.
The operation of a vulnerability management process supported by a portfolio of vulnerability management technology and automation, to consistently and continuously discover and report critical vulnerabilities and security weaknesses.
Identify, evaluate and prioritise potential weaknesses in infrastructure using both manual and automated methods.
Support regional infrastructure teams in the remediation management of identified vulnerabilities, influencing prioritisation and execution of risk management initiatives, and drive remediation of process and technology gaps.
Responsible for the creation and delivery of actionable vulnerability and coverage reporting, both tactical and operational.
Incident handling of critical vulnerabilities as notified by Cyber Threat Intelligence, through direct discovery and third-party notification.
Impactful; delivering value through continuous improvement of products and services to secure our environment.
Responsibility forbuilding a team of high-performing security experts and creating a culture of technical excellence.
Collaborate with the business users, product owners, and engineering teams.
Ability to work both with engineers on a technical level, business stakeholders and manage vendor relationships.
Good understanding of vulnerability management principles, cyber threats, and risks, to inform decision making.
Supervisory/Interpersonal- Experience Required
In-depth knowledge & understanding of Penetration Testing, Red Teaming and Application Security: high level test methodologies, principles for scoping of engagements, basic threat modelling, utilisation of Mitre ATT&CK for classifying tactics and techniques, Secure Development Lifecycle principles, CI/CD integration of security controls.
Strong track record of leading engineering teams to deliver successful products
Adept at working with stakeholders at all levels to develop successfully solutions that meet business needs
A critical thinker with an analytical mind-set and adept at evaluating opportunities to reach goals
An agile mind-set with experience using agile frameworks
Knowledge of Regulatory/Legal requirements of NERC CIP, PCI DSS, UK CNI government accreditation useful
Experience of working with global teams and stakeholders
Bachelor’s degree in technical discipline (or relevant professional experience)
5+ years minimum experience in a technical security leadership role with responsibility for the operation of a technical cyber security control (or equivalent)
5+ years of Cyber security experience
5+ years of experience with Vulnerability Management in a large enterprise environment
Qualifications such as CISSP, CSSLP, CISM, SABSA Practitioner preferred
Security Qualifications such as SANs, CCNA, CCNP also strongly preferred
Strong knowledge and experience designing and implementing technical security solutions within the Vulnerability Management domain
Ability to present risks and propose countermeasures to senior technology executives (CISO, CTO).
Consultancy experience would be considered a plus
Agile working practices in a non-development setting preferred
Experience in CNI or Utility sector preferred
National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team