IT Security, Cyber Defense Analyst

Check out this video and find out why our team loves to work here!

Work in the Eversource Security Operations Center (SOC) which is responsible for managing and protecting computer assets, networks and information systems. This position will act as the primary lead for proper handling of Information Security incidents and provide remediation actions as required. This position also monitors and audits information systems to confirm information security policy compliance and provides management with security policy compliance assessments and system monitoring reports. To accomplish these tasks must have an extensive understanding of digital investigations, and underlying principles of networking, infrastructure and system integration. In addition, provides technical expertise to key Security tools and software.  This includes requirements in the planning, coordination, programming, and implementation of releases, upgrades or changes to security system software and hardware.

Essential Functions: 

• Performs Incident Response functions for the SOC team to ensure incidents are handled appropriately to minimize risk and impact to the company.
• Analyzes and processes case work relating to computer security vulnerabilities, phishing, malware, and forensic investigations
• Ability to anticipate and respond to changing priorities, and operate effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness
• Leads security incidents to ensure timely mitigation and remediation efforts are completed
• Preserves, harvests, and processes electronic data according to company policies and regulatory requirements. Participates in forensic investigations as required, to include the collection, preservation of electronic evidence, analysis, and creation of a final report
• Produces high quality oral and written work, presenting complex technical matters clearly and concisely with audiences ranging from peers to Sr. Management
• Must be familiar with current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy
• Recommends effective process changes to enhance defense and response procedures.
• Evaluates, tests and selects security tools, evaluation products and control products.
• Assists with annual SOX, CIP and SOC assessment and related remediation efforts.

Technical Knowledge/Skill/Education/Licenses/Certifications:

Technical Knowledge/Skill: 

• Strong working knowledge of information systems security standards and practices 
• Ability to write scripts in at least one language (Python & PowerShell Preferred) 
• Knowledge of the common attack vectors on the various OSI layers 
• Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution). 
• Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non- nation state sponsored], and third generation [nation state sponsored]). 
• Knowledge of basic system administration, network, and operating system hardening techniques. 
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). 
• Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. 
• Knowledge of Windows/Unix ports and services. 
• Knowledge of general kill chain (e.g., footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). 
• Knowledge of systems security testing and evaluation methods. 
• Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump). 
• Knowledge of operating system command line/prompt. 
• Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.

Education:       

• Bachelor’s degree in Information Systems, related technical degree or equivalent experience                    

Experience: 

• Minimum of two (2) to five (5) years of experience in the field of information security     

Experience with one or more of the following:

• Threat Intelligence
• SIEM Platforms ·
• Endpoint Detection & Response technologies
• Active Directory ·
• Ethical Hacking & Penetration Testing Methodologies  
• Windows/ Linux Forensics                     

Licenses & Certifications:  

• SANS Incident response training or security certification preferred

Working Conditions:

• Must be available to work emergency restoration assignment as required.
• Must be available to travel between MA/CT/NH as necessary.
• On-call and need to work off hours

Worker Type:

Regular

Number of Openings:

1

EEO Statement

Eversource Energy is an Equal Opportunity and Affirmative Action Employer.  All qualified applicants will receive consideration for employment without regard to age, race, color, sex, sexual orientation, gender identity, national origin, religion, disability status, or protected veteran status.

VEVRRA Federal Contractor

Vaccination Information:

Eversource requires all new employees to be fully vaccinated for COVID-19 by their first day of employment. If you have any concerns regarding compliance with this requirement, you will need to discuss your concerns with Eversource’s HR department after you have been made a conditional offer of employment. Eversource does not require applicants to discuss vaccination status prior to receipt of a conditional offer of employment and complies with all applicable laws.

Emergency Response:

Responding to emergency situations to meet customers’ needs is part of every employee’s role. If employed, you will be given an Emergency Restoration assignment.  This means you may be called to assist during an emergency outside of your normal responsibilities, work hours and location.