Share this Job
Apply now »

Senior Specialist in Detection and Response


Vestal, NY, US Rochester, NY, US



About AVANGRID: AVANGRID, Inc. (NYSE: AGR) aspires to be the leading sustainable energy company in the United States. Headquartered in Orange, CT with approximately $40 billion in assets and operations in 24 U.S. states, AVANGRID has two primary lines of business: Avangrid Networks and Avangrid Renewables. Avangrid Networks owns eight electric and natural gas utilities, serving more than 3.3 million customers in New York and New England. Avangrid Renewables owns and operates a portfolio of renewable energy generation facilities across the United States. AVANGRID employs approximately 7,000 people and has been recognized by Forbes and Just Capital as one of the 2021 JUST 100 companies - a list of America's best corporate citizens - and was ranked number one within the utility sector for its commitment to the environment and the communities it serves. The company supports the U.N.’s Sustainable Development Goals and was named among the World’s Most Ethical Companies in 2021 for the third consecutive year by the Ethisphere Institute. For more information, visit




Work Location: Rochester, NY; Vestal, NY; Augusta, ME; Orange, CT
Reports To: Senior Manager – Cyber Detection and Response

Salary Grade: G

Scope of Work

A candidate for this role should demonstrate proficiency in log analysis, discovery tools, forensics and monitoring and detection tools. Furthermore, they should be able to take initiative on projects, proactively identify process deficiencies and make recommendations to resolve them and work effectively both autonomously and within a team. 
•    Monitor incoming event queues for potential security incidents; identify and act on anomalous network activity
•    Perform thorough analysis of APT/nation state attack, anomalous network behavior
•    Perform proactive threat hunting activities, including on-site visits
•    Perform proficient forensic analysis using security tools and monitoring systems to discover the source of anomalous security events
•    Perform hunting for malicious activity across the network and digital assets
•    Perform detailed investigation and response activities to assist in identification, containment, eradication, and recovery actions for potential security incidents
•    Perform real-time packet capture for forensic analysis and incident response
•    Perform both active and passive asset discovery
•    Analyze complex malware through endpoint and network traffic forensics to determine if AVANGRID systems are impacted.
•    Perform proactive and reactive behavioral analysis using monitoring tools for anomalous remote activity
•    Recommend implementation of countermeasures or mitigating controls
•    Ensure all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment
•    Develop and maintain a process for chain of custody on evidence
•    Use hashing tools and techniques to ensure the integrity of copied evidence
•    Receive threat feeds and correlate the current threat landscape with internal assets, systems and technologies
•    Collaborates with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity
•    Lead Open-Source Intelligence initiatives and leverage associated tools and techniques (Google ‘hacking’, Shodan, OWASP, etc.)
•    Create and continuously improve Incident Response documentation
•    Establish and maintain excellent working relationships/partnerships with the cyber security and infrastructure support teams throughout the IT organization as well as business units
•    Develop metrics for threat monitoring activities, threat hunts and incident response activities
•    Leverage case management tools for pre- and post-incident tracking
•    Able to work early or late hours and weekends in the pursuit of addressing and remediating incidents
•    Must comply with any regulatory requirements


•    Be Agile
•    Focus to Achieve Results
•    Be a Role Model
•    Collaborate & Share
•    Empower to Grow
•    Develop Self & Others

Education & Experience Required

Education & Experience Required:
•    10+ years of relevant work experience in security information technology or incident response
•    Associate’s Degree in Computer Science or related program with 6+ years relevant work experience in security information technology or incident response
•    Bachelor’s Degree in Computer Science or related program with 2+ years relevant work experience in security information technology or incident response
•    Master’s Degree in Computer Science or related program, relevant work experience in security information technology or incident response preferred, but not required
•    Prior experience in Networking, Threat Hunting, Network Monitoring, Forensics, Penetration Testing or Incident Response or other related Cybersecurity field

Preferred Education and Experience:

•    Familiarity with NIST documentation and standards
•    SANS certification such as GREM, GCFA, GREM, GNFA, ENCE, GICSP or related
•    Certification(s) in incident response, forensics, or related coursework
•    Experience with scripting languages such as Python, Perl, PowerShell
•    Experience in network security monitoring, network packet analysis, host, and server forensics

Skills / Abilities

Experience in well-known and/or open-source Network and Host forensic tools
•    Skills and experience in discovery tools such as NMAP and netstat
•    Skills and experience in packet capture tools such as Wireshark and TCPdump
•    Able to manage self and others under stress
•    Strong networking knowledge – TCP/IP protocols, OSI model, Firewalls, and other networking devices
•    Strong case management and forensic procedural skills
•    Strong customer service skills and decision-making skills
•    Good analytical skills – ability to analyze and think out of the box when working a security event
•    Self-motivated, methodical and detail-oriented
•    Familiarity with regulatory requirements such as NERC/CIP, SOX, etc. (preferred)
•    Utility Industry experience (preferred)

Mobility Information

Please note that any applicant who is not a citizen of the country of the vacancy will be subject to compliance with the applicable immigration requirements to legally work in that country

Avangrid employees may be assigned a system emergency role and in the event of a system emergency, may be required to work outside of their regular schedule/job duties. This is applicable to employees that will work in Connecticut, Maine, Massachusetts, and New York within AVANGRD Network and Corporate functions.  This does not include those that will work for Avangrid Renewables

AVANGRID’s employment practices and policies are geared to hiring a diverse workforce and sustaining an inclusive culture. At AVANGRID we provide fair and equal employment and advancement opportunities for all employees and candidates regardless of race, color, religion, national origin, gender, sexual orientation, age, marital status, disability, protected veteran status or any other status protected by federal, state, or local law. Learn more about equal employment by following this link

If you are an individual with a disability or a disabled veteran who is unable to use our online tool to search for or to apply for jobs, you may request a reasonable accommodation by contacting our Human Resources department at 203-499-2777 or

Apply now »