Troops to Energy Jobs

Job Information

National Grid Senior DFIR Analyst in Northboro, Massachusetts

About us

National Grid is hiring a Senior DFIR ( Digital Forensics Incident Response ) Analyst for our security operations team in Northboro, MA.

Every day we deliver safe and secure energy to homes, communities, and businesses. We are there when people need us the most. We connect people to the energy they need for the lives they live. The pace of change in society and our industry is accelerating and our expertise and track record puts us in an unparalleled position to shape the sustainable future of our industry.

To be successful we must anticipate the needs of our customers, reducing the cost of energy delivery today and pioneering the flexible energy systems of tomorrow. This requires us to deliver on our promises and always look for new opportunities to grow, both ourselves and our business.

Job Purpose

The Senior DFIR Analyst will provide expert advice and guidance on all matters concerning digital forensics and incident response. This role will provide a professional service concerning data preservation, collection, processing & extraction, production & review as well as reporting & expert opinion in support of National Grid Cyber Security Operations Centre (CSOC) incident response as well as Legal, Business Conduct, and Labor Relations (HR) IT Investigations. Additionally, the role requires an extensive knowledge of malware analysis techniques, persistence mechanisms, memory collection & analysis, IOC discovery, and code deobfuscation.

The Senior DFIR Analyst will be a subject matter expert in both e-Discovery and Cyber Security Incident Response investigations (especially hands on malware analysis) and must have an established knowledge in applying a vast array of cyber security and core forensics / malware analysis tools and techniques. The primary role of the Senior DFIR Analyst is to provide a complete response to all DFIR tasks exercising sound application of the electronic discovery reference model (EDRM) in the case of e-discovery and applying skills, knowledge and experience in all aspects of the incident response lifecycle. Mentoring and sharing information with junior members and the larger team will also be a critical component of this role.

National Grid boasts the following:


• High 401(k) company match

• Help with Student Loan payback

• Tuition Assistance and Rewards

• Comprehensive Discount program including electric vehicles

• Pet Insurance

• Adoption Assistance

Professional development

• A highly skilled team to work and learn from

• Multiple Avenues for On-Demand Training

• Commitment to promoting from within

• Several Employee Resource Groups including Women in Non-Traditional Roles

Work Life Balance

• Excellent Healthcare and Dental Insurance

• HSA plan with company seed

• Generous Paid Time Off and Parental Leave

• Caregiver program

Key Accountabilities

• Highly self-motivated requiring little onsite management guidance outside of the acclimation/orientation period

• Provide a complete response to all DFIR tasks

• Proactively provide technical mentoring to help others on the team, especially those who are junior Forensic and CSOC staff, in support of a sharing, positive, and inclusive environment with a view to enhancing the cyber response & investigation capabilities of the organization

Hands on malware analysis

• Provide technical advice and guidance to the organization, including expert opinion on matters concerning e-discovery and post incident investigation.

• Effectively engage organizational stakeholders across Security, Corporate Security & Legal to continuously improve investigation & response services

• Develop and leverage advanced toolset to increase investigation & response capabilities.

• Creation of professional looking business level process/procedure documentation and forensic reports

Knowledge Skills Abilities

• 3+ years of experience with the forensic analysis of Windows, Macintosh, and Linux operating systems as well as mobile platforms such as iOS and Android

• Demonstrated ability to coordinate and respond to security incidents using commercial and/or open source technologies.

• Malware analysis techniques including (but not limited to) infection vector determination, persistence mechanisms, propagation methods, IOC collection/sharing, script/code de-obfuscation and analysis, behavioral analysis. privilege escalation, lateral movement, etc.

• Experience with Incident Response methodology in investigations, and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs).

• Knowledge of data science and interpretation of digital evidence.

• Knowledge of criminal legislation impacting digital evidence.

• Knowledge of data protection legislation and the rules governing personally identifiable information (PII).

• Experience of report writing and providing expert witness testimony.

• Ability to deconstruct and interpret program code, such as .NET framework PowerShell, JavaScript and Python.

• Solid understanding of networking protocols and infrastructure designs; including cloud infrastructures, routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols.

• Advanced user of Forensic applications: - Encase Endpoint Security, Nuix, Magnet Internet Evidence Finder, Linux Forensic boot disks such as SIFT, DEFT and Helix, mobile device data capture & analysis tools such as MSAB Complete and Cellebrite 4PC. Memory forensic capture & analysis tools such as Redline and Volatility.

• Competent user of Endpoint Detection & Response (EDR) tools, Intrusion Detection & Prevention (IDP), Security Information & Event Management, Network Analysis Tools such as Wireshark malware reverse engineering sandboxes such as Cuckoo, Flare & REMNux


Technical qualifications should include but are not limited to:

• Degree in a computer related discipline preferable forensics

• EnCE and / or IACIS CFE or equivalent

• At least one of the following certifications: - * Reverse Engineering Malware (GREM) , SANS certified Forensic Analyst (GCFA), certified Forensic Examiner (GCFE), Network Forensic Analyst (NFA), Cyber Threat Intelligence (CTI) and Advanced Smartphone Forensics (ASF) or equivalent

Job Dimensions:

• Deeply technical role which provides the business with thought leadership on innovative technical solutions.

• Provide technical mentoring and direction for CSOC staff as well as transient staff on attachment to CSOC from Graduate and Apprenticeship programs.

More Information

This position has a career path which provides for advancement opportunities within and across bands as you develop and evolve in the position; gaining experience, expertise and acquiring and applying technical skills. Internal candidates will be assessed and provided offers against the minimum qualifications of this role and their individual experience.

National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team