UK CSIRT Analyst - Hybrid

About The Role

At National Grid, we keep people connected and society moving. But it’s so much more than that. National Grid supplies us with the environment to make it happen. As we generate momentum in the energy transition for all, we don’t plan on leaving any of our customers in the dark. So, join us as a UK CSIRT Analyst, and find your superpower.

As part of the National Grid Cyber Security Incident Response Team (CSIRT), you will be employed within a global team as a Tier 1 CISRT analyst within its Cyber Security Operations Centre (CSOC). We respond as one global team, US & UK, comprising of analysts, senior analysts, principal analysts, & managers. This affords you a team you can query, learn, and rely upon. The UK CSIRT Shift Analyst will deliver the actions and activities as required and detailed in Cyber Incident Response plans. Using technical expertise and co-ordination capabilities, they will work at times independently to respond to incidents and issues.

This role is based in Warwick and will be a shift role, of which the shifts range from 6 am – 9 pm, with compensated shift allowance, and home work available.
 

Key Accountabilities

•    As CSIRT Analyst you will monitor, respond to, and investigate cyber security incidents, ensuring that the full end to end investigation of events are fully triaged.
•    Respond to security events within the estate, including:
o    Microsoft Azure Cloud
o    Splunk SIEM
o    Enterprise and OT Intrusion Detection/Prevention Systems (IDS/IPS)
o    Phishing Emails
o    Tanium Endpoint Detection & Response (EDR)
o    In-house curated alerts aligning to our security tooling and technology within Enterprise, OT and CNI.
o    Event log analysis.
o    Packet capture analysis.

We respond as one global team, US & UK, comprising of Vulnerability Management, Digital Forensics, SOAR team, Operational Threat & Analytics, and Incident Management.

Additionally, we respond using automated workflows built within the Phantom case management system, and Global Incident and Response procedures.
 

About You

We are open minded when it comes to hiring. If you are intellectually curious, a critical thinker, enjoy solving problems and possess the aptitude and attitude to learn, we would like to hear from you! 

Desirable experience would include:

• Ability to investigate a person's behaviour and illustrate anomalous behaviour observed.
• Experience in packet capture analysis, EDR, IDS/IPS, SIEM and AV.
• Knowledge of Windows/Linux/Mac Host internals.
• Knowledge of Cloud, Azure, KQL, Scripting, Microsoft Defender.
• Knowledge of network protocols and windows enterprise domains.
• Knowledge of MITRE ATT&CK tactics and techniques.
• Knowledge of Splunk.
• Knowledge of OT and CNI working environments.
• Knowledge of Kubernetes or associated Cloud Native Computing.
• You will need to qualify for Security clearance.

Qualifications

• At least one of the following certifications or equivalent experience: - GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), GIAC Cyber Threat Intelligence (GCTI), GIAC Certified Incident Handler (GCIH), GIAC Network Forensic Analyst (GNFA), GIAC Response and Industrial Defence (GRID), GIAC Certified Intrusion Analyst (GCIA), GIAC Penetration Tester (GPEN) or equivalent’
• Related IT/Cyber certification from ISC2, CompTIA, or other bodies
   

What You'll Get

A competitive salary between £46,000 – £58,000 – dependent on capability

As well as your base salary, you will receive a bonus based on personal and company performance and a competitive contributory pension scheme where we will double match your contribution to a maximum company contribution of 12%. You will also have access to a number of flexible benefits such as a share incentive plan, salary sacrifice car and technology schemes, support via employee assistance lines and matched charity giving to name a few.

#LI-RL1
#LI-HYBRID