Cyber Security Incident Analyst
CYBER SECURITY INCIDENT ANALYST
JOB ID 20161949 DATE POSTED 09/06/2016 Description
ABOUT THE POSITION:
The cyber security incident analyst supports the lead incident manager in responding to cyber security incidents. This would include but not be limited to remediation of vulnerabilities and incidents on desktop and server operating systems, mobile devices, embedded systems and network devices. Candidates should have a strong understanding of security operations concepts, incident and vulnerability management, network, host and application security, intrusion detection and/or other security event analysis, vulnerability management, forensics, system operations and cyber intelligence and incident remediation within a complex global organization.
POSITION RESPONSIBILITIES (INCLUDING BUT NOT LIMITED TO):
* Analyze and determine the scope of the compromise
* Research targeted attacks
* Develop, document and execute containment strategies
* Document and brief the business on remediation options and execute the plan with IS Partners
* Produce final report and recommendation
* Coordinate efforts of, and provide timely updates to, multiple business units during response
* Performing in-depth analysis in support of incident response operations;
* Develop requirements for technical capabilities for cyber incident management;
* Investigate major breaches of security and recommending appropriate control improvements
* Work with infrastructure and application support teams to drive closure of follow up actions identified through incident and problem management
* Produce major incident and problem reports for all major incidents and problem investigations as well as internal notification to senior management
* Ensure response to major incidents including escalation, follow through, dissemination of workarounds, or resolution advice and closure
* Assists in Continuous Service Improvement efforts by identifying opportunities for process improvement. Drives some process improvement efforts
* Aadditional responsibilities will include reporting, documenting team procedures and workflows, documentation review and improvements, attending meetings as required and working on projects to drive efficiencies
* Work with global teams and Line of Business contacts for issue escalations and resolution
* Planning, coordination and execution of cyber security exercises and follow up actions/lessons learned.
* Business Continuity Planning
* The role will require 7/24 support during Critical or High Incidents
KNOWLEDGE & EXPERIENCE REQUIRED:
* Experience working within a security operations environment with emphasis on cyber security incident management, network, host and application security, intrusion detection and/or other security event analysis, vulnerability management, forensics, system operations and cyber intelligence a plus.
* Have working knowledge of cyber and other security policies and capabilities to prevent, detect, monitor and mitigate cyber-attacks
* Should have advanced knowledge of security incident response tools, Arcsight SIEM, working knowledge of Windows, UNIX/LINUX operating systems, and networking devices.
* Knowledge of NERC CIP, SCADA/ICS environments.
* Strong Analytical, deductive reasoning, critical thinking, problem solving, and prioritization skills
* Comfortable working outside their comfort zone with a willingness to learn
* Strong Team Player with ability to take charge of their area of expertise
* Understanding Organizational Risk as it applies to cyber security
* Demonstrated knowledge and understanding of security technologies
* Solid understanding of business organization and processes
* Ability to present complex solutions and methods to a general community and the higher management
* Excellent written and verbal communication and organizational skills
* Excellent interpersonal skills to work with diverse personnel and stakeholders regionally and globally
* Ability to work with a sense of urgency and pay attention to detail
* Strong team player that collaborates well with others to solve problems and actively incorporate input from various sources
* Must be reliable and adaptable
* Ability to develop and follow operational processes and workflows with experience in incidents handling and response
* Ability to analyze complex problems in a methodical manner and work through to resolution.
* Degree in information security preferred or equivalent experience
* One or more of the following certifications are preferred CISSP, GIAC Certifications - GCIA, GCIH
This position is one of National Grid s career path roles which provide for promotional opportunities within and across salary bands as you develop and evolve in the position by gaining experience, expertise and acquiring and applying technical skills.
NATIONAL GRID IS AN EQUAL OPPORTUNITY EMPLOYER THAT VALUES A BROAD DIVERSITY OF TALENT, KNOWLEDGE, EXPERIENCE AND EXPERTISE. WE FOSTER A CULTURE OF INCLUSION THAT DRIVES EMPLOYEE ENGAGEMENT TO DELIVER SUPERIOR PERFORMANCE TO THE COMMUNITIES WE SERVE. NATIONAL GRID IS PROUD TO BE AN AFFIRMATIVE ACTION EMPLOYER. WE ENCOURAGE MINORITIES, WOMEN, INDIVIDUALS WITH DISABILITIES AND PROTECTED VETERANS TO JOIN THE NATIONAL GRID TEAM.
:IS DIgital Security & Risk
:MA-Waltham, NY-Brooklyn, NY-Syracuse
:IS Digital Security & Risk
:Sep 6, 2016, 11:35:19 AM