About us National Grid is seeking an innovative, and experienced senior US CSIRT Analyst to join our World Class Cybersecurity team in Northboro, MA. Every day we deliver safe and secure energy to homes, communities, and businesses. We are there when people need us the most. We connect people to the energy they need for the lives they live. The pace of change in society and our industry is accelerating and our expertise and track record puts us in an unparalleled position to shape the sustainable future of our industry. To be successful we must anticipate the needs of our customers, reducing the cost of energy delivery today and pioneering the flexible energy systems of tomorrow. This requires us to deliver on our promises and always look for new opportunities to grow, both ourselves and our business. ## We Offer the following Benefits Financial + High 401(k) company match + Help with Student Loan payback + Tuition Assistance and Rewards + Comprehensive Discount program including electric vehicles + Pet Insurance + Adoption Assistance Professional development + A highly skilled team to work and learn from + Multiple Avenues for On-Demand Training + Commitment to promoting from within + Several Employee Resource Groups including Women in Non-Traditional Roles Work Life Balance + Excellent Healthcare and Dental Insurance + HSA plan with company seed + Generous Paid Time Off and Parental Leave + Caregiver program + Employee Assistance Program ## Job Purpose The US CSIRT Senior Analyst will work in a 24/7/365 environment performing monitoring and response activities in the National Grid Global Cyber Security Operations Center for security detection and mitigation activities. Duties include monitoring networks, hosts and endpoints for malicious activity using Security Incident and Event Management (SIEM) tools, Endpoint Detection and Response (EDR) tools, Antivirus and Malware detection tools and email security appliances. Responsibilities cover investigation and incident response, the development of new security monitoring use cases, and ensuring all investigative activity is properly documented in our ticketing systems and followed up with relevant support teams. This role will also take joint responsibility for developing, improving, and maintaining CSIRT documentation and processes. The US CSIRT Senior Analyst position is a fixed shift position during core business hours with an occasional on-call requirement.To act as the global technical security engineering and design authority accountable for aligned portfolios within cyber security operations. To help detect and defend against cyber criminals and advanced threat groups by discovering and analyzing cyber threat information to produce actionable intelligence that enhances situational awareness of threats. ## Key Accountabilities + Responsible for working in a 24x7 Security Operation Center (SOC) environment. + Mentoring and development of less experienced analysts. + Provide analysis and trending of security log data from various security devices. + Provide Incident Response support when initial analysis confirms actionable incident. + Investigate, document, and report on information security issues and emerging trends. + Coordinate with other security teams on incidents, impacting National Grid as well as industry impacting issues. + Integrate and share information with other analysts and other teams. ## Key Interfaces + Security Operations Centre Analysts + Global Security Operations Manager + Incident Management Team (UK & US) + Threat Intelligence Team + Pen Testing Team + Security Engineering Function + IS partners and Service providers (Service Delivery & Major Incident Management) + OT Technical support ## Knowledge & Experience Preferred + Relevant work experience in Cyber Security Operations, specifically monitoring, detection and incident response duties. Minimum 3 years experience required. + Experience with monitoring and operating SIEM, EDR and IDS/IPS solutions alongside other critical monitoring toolsets. + Demonstrated ability to coordinate and respond to security incidents using commercial and/or open source technologies. + Experience with Incident Response methodology in investigations, and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs). + Comprehension of how attacks exploit operating systems and protocols. ## Qualifications Technical qualifications should include but are not limited to: + Relevant experience in a Security Operations environment is required. + Solid understanding of networking protocols and infrastructure designs; including cloud infrastructures, routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols + Hands-on experience with security technologies, including: - Intrusion Detection & Prevention (IDP) – Sourcefire or Palo Alto desirable. - Security Information & Event Management (SIEM) – Splunk desirable. - Endpoint Detection & Response (EDR) – Tanium and FireEye HX desirable. - Network Analysis tools - Wireshark, tcpdump - Experience with scripting in Python, Bash, Powershell desired. + Experience with the following SecOps processes highly desirable: - Email Investigations – Including Header Analysis, Office Doc Investigations and Macro Extraction - Basic Malware Analysis – Dynamic analysis - Event Log analysis + Strong understanding of Windows and Linux Operating Systems + Strong understanding of TCP/IP and underlying network protocols ## Core Business Skills + Excellent stakeholder management and influencing skills covering colleagues, partners / vendors and project sponsors. + Experience supporting the operationalization of security tools and infrastructure. + Experience of managing and responding to information security, or cyber security, incidents in a large enterprise environment. + Strong background of information security incident management and response; + Experience interacting as an information security incident responder with internal business functions, + Experience interacting as an information security incident responder with other external agencies such as DHS or National Computer Emergency Response Teams. + Utilities experience desirable. ## More Information This position has a career path which provides for advancement opportunities within and across bands as you develop and evolve in the position; gaining experience, expertise and acquiring and applying technical skills. Internal candidates will be assessed and provided offers against the minimum qualifications of this role and their individual experience. National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team.