CSIRT Principal Analyst

Location:

Warwick, GB, CV34 6DA

Division: Operations CSIRT

Job Type:

Requisition Number: 53146

Department:

Job Function: Information Technology

About us

National Grid touches the lives of almost everyone, with an energy network that stretches across the Atlantic. We’re an international team, and our work underpins the lives of millions of people. Feet forwards, head up, and eyes bright, we’re working hard to create value for people today – and shape the future of energy tomorrow.

In the UK, we don’t generate or sell energy – we join the dots to get energy from A to B. From making a cup of tea in the morning, to keeping the lights on in hospitals, our electricity network puts power in the hands of people. Without it, the world as we know it would grind to a halt.

The world of energy is changing beyond recognition. Working at National Grid, you won’t just be touching the lives of almost everyone in the UK – you’ll be shaping the way we use and consume energy for generations to come.

Job Purpose

The CSIRT Principal Analyst will provide deep technical expertise which will provide the CSIRT with thought leadership on the implementation of innovative technical solutions. Alongside providing leadership on complex incident response activities and mentoring the broader team to improve the technical skillsets across the team.

In this advanced first-hand role, the post holder will proactively look to improve the overall CSIRT capability and analyst workflow. This will incorporate working with the required key stakeholders to extract the complete capability from all CSIRT toolsets and streamline the analyst workflow to drive efficiencies into the CSIRT ways of working.

Key Accountabilities

Provide thought leadership to extract as much value as possible from our existing capability and drive efficiencies into the CSIRT ways of working.
Effectively engage with required key stakeholders to ensure the platforms that the CSIRT relies on are fit for purpose, robust and continuously improved to utilize the complete capability associated.
Leverage advanced skillset to provide technical leadership during complex incident response activities.
Work with project teams to seamlessly onboard new capability to the CSIRT. Ensure you have identified and agreed requirements prior to handover.

What You'll Need

Extensive work experience in the Cyber Security industry, specifically monitoring, detection and incident response activities.
Strong experience baselining, of trending and improving CSIRT capabilities.
Strong experience of creating, tuning, and managing content across all common security toolsets.
Strong experience with operating security monitoring platforms (SIEM).
Strong experience of collaborating with key stakeholders to deliver both new and further improve existing capability within a CSIRT.
Demonstrated ability to lead the response to security incidents using commercial and/or open-source technologies.
Strong experience with Incident Response methodologies.
Strong experience mentoring other analysts.
Strong knowledge on the groups conducting targeted attacks on the energy sector and the associated tactics, techniques, and procedures (TTPs).
Strong understanding of networking protocols and infrastructure designs; including cloud infrastructures, routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network devices.
Advanced first-hand experience with security technologies, including:
- Endpoint Detection & Response tools (EDR)
- Intrusion Detection & Prevention Systems (IDS/IPS)
- Security Information & Event Management (SIEM)
- Network Analysis tools - Wireshark, “tcpdump”
- Advanced Malware Analysis
Exceptional understanding of Windows and Linux Operating Systems
Exceptional understanding of TCP/IP and underlying network protocols
Strong experience with scripting in a scripting language such as Python, Bash, Powershell,
Solid experience in forensic analysis and the associated principles.
Ability to summarize events/incidents effectively to different constituencies such as legal counsel, executive management, and technical staff, in both written and verbal form.
At least two of the following certifications or equivalent experience: - GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), GIAC Cyber Threat Intelligence (GCTI), GIAC Certified Incident Handler (GCIH), GIAC Network Forensic Analyst (GNFA), GIAC Response and Industrial Defense (GRID), GIAC Certified Intrusion Analyst (GCIA), GIAC Penetration Tester (GPEN) or equivalent.

What You'll Get

A competitive salary between £50,000 – £72,000– dependent on capability

As well as your base salary, you will receive a bonus of up to 15% of your salary for stretch performance and a competitive contributory pension scheme where we will double match your contribution to a maximum company contribution of 12%. You will also have access to a number of flexible benefits such as a share incentive plan, salary sacrifice car and technology schemes, support via employee assistance lines and matched charity giving to name a few.

Security Clearance will be required for this role

#LI-AZ1

#LI-HYBRID

Provider	Description	Enabled
YouTube	YouTube is a video-sharing service where users can create their own profile, upload videos, watch, like and comment on videos. Opting out of YouTube cookies will disable your ability to watch or interact with YouTube videos. Cookie Policy Privacy Policy Terms and Conditions
Vimeo	Vimeo is a video hosting, sharing and services platform focused on the delivery of video. Opting out of Vimeo cookies will disable your ability to watch or interact with Vimeo videos. Cookie Policy Privacy Policy Terms and Conditions