Senior Specialist in Detection and Response

Header

Work Location: Rochester, NY; Vestal, NY; Augusta, ME; Orange, CT
Reports To: Senior Manager – Cyber Detection and Response

Salary Grade: G

Scope of Work

A candidate for this role should demonstrate proficiency in log analysis, discovery tools, forensics and monitoring and detection tools. Furthermore, they should be able to take initiative on projects, proactively identify process deficiencies and make recommendations to resolve them and work effectively both autonomously and within a team. 
Responsibilities
•    Monitor incoming event queues for potential security incidents; identify and act on anomalous network activity
•    Perform thorough analysis of APT/nation state attack, anomalous network behavior
•    Perform proactive threat hunting activities, including on-site visits
•    Perform proficient forensic analysis using security tools and monitoring systems to discover the source of anomalous security events
•    Perform hunting for malicious activity across the network and digital assets
•    Perform detailed investigation and response activities to assist in identification, containment, eradication, and recovery actions for potential security incidents
•    Perform real-time packet capture for forensic analysis and incident response
•    Perform both active and passive asset discovery
•    Analyze complex malware through endpoint and network traffic forensics to determine if AVANGRID systems are impacted.
•    Perform proactive and reactive behavioral analysis using monitoring tools for anomalous remote activity
•    Recommend implementation of countermeasures or mitigating controls
•    Ensure all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment
•    Develop and maintain a process for chain of custody on evidence
•    Use hashing tools and techniques to ensure the integrity of copied evidence
•    Receive threat feeds and correlate the current threat landscape with internal assets, systems and technologies
•    Collaborates with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity
•    Lead Open-Source Intelligence initiatives and leverage associated tools and techniques (Google ‘hacking’, Shodan, OWASP, etc.)
•    Create and continuously improve Incident Response documentation
•    Establish and maintain excellent working relationships/partnerships with the cyber security and infrastructure support teams throughout the IT organization as well as business units
•    Develop metrics for threat monitoring activities, threat hunts and incident response activities
•    Leverage case management tools for pre- and post-incident tracking
•    Able to work early or late hours and weekends in the pursuit of addressing and remediating incidents
•    Must comply with any regulatory requirements

Competencies

•    Be Agile
•    Focus to Achieve Results
•    Be a Role Model
•    Collaborate & Share
•    Empower to Grow
•    Develop Self & Others

Education & Experience Required

Education & Experience Required:
•    10+ years of relevant work experience in security information technology or incident response
---------or---------
•    Associate’s Degree in Computer Science or related program with 6+ years relevant work experience in security information technology or incident response
---------or---------
•    Bachelor’s Degree in Computer Science or related program with 2+ years relevant work experience in security information technology or incident response
---------or---------
•    Master’s Degree in Computer Science or related program, relevant work experience in security information technology or incident response preferred, but not required
•    Prior experience in Networking, Threat Hunting, Network Monitoring, Forensics, Penetration Testing or Incident Response or other related Cybersecurity field

Preferred Education and Experience:

•    Familiarity with NIST documentation and standards
•    SANS certification such as GREM, GCFA, GREM, GNFA, ENCE, GICSP or related
•    Certification(s) in incident response, forensics, or related coursework
•    Experience with scripting languages such as Python, Perl, PowerShell
•    Experience in network security monitoring, network packet analysis, host, and server forensics

Skills / Abilities

Experience in well-known and/or open-source Network and Host forensic tools
•    Skills and experience in discovery tools such as NMAP and netstat
•    Skills and experience in packet capture tools such as Wireshark and TCPdump
•    Able to manage self and others under stress
•    Strong networking knowledge – TCP/IP protocols, OSI model, Firewalls, and other networking devices
•    Strong case management and forensic procedural skills
•    Strong customer service skills and decision-making skills
•    Good analytical skills – ability to analyze and think out of the box when working a security event
•    Self-motivated, methodical and detail-oriented
•    Familiarity with regulatory requirements such as NERC/CIP, SOX, etc. (preferred)
•    Utility Industry experience (preferred)

Mobility Information

Please note that any applicant who is not a citizen of the country of the vacancy will be subject to compliance with the applicable immigration requirements to legally work in that country