Penetration Test and Red Team Analyst

Description
About the Position:
The Penetration Test and Red Team is part of the Cyber Security Operations department within Digital Risk and Security, and supports the Digital Risk and Security team?s global operations by identifying vulnerabilities via standard penetration testing assessments and identifying threats posing a genuine risk to National Grid via red team / purple team tests that replicate behaviours of threat actors, assessed by Government and commercial intelligence providers. This information will enable National Grid to proactively adjust its defensive posture.
We are seeking an individual to be part of the team, to help as it grows with maturity. The team will carry out penetration testing across a number of environments including web app, infrastructure and mobile platforms. In addition, you will performing red team exercises based on Cyber Threat Intelligence.
The role offers some exciting opportunities including the potential to work with the operational technology research lab, and investigating in more detail vulnerabilities and techniques that could impact critical national infrastructure. There is also the potential for training and conference attendance.
Knowledge, Experience & Technical Know How (including but not limited to):
Essential
Ideally we would like 3 years of hands on Penetration Testing of web applications and infrastructure experience
Experience of using Open Source and COTS for penetration testing which could include Nmap, Nessus, Metasploit, Kali Linux, Burp Suite Pro and similar
OSINT and social engineering engagement experience
Red Team experience
Experience in common scripting languages such as Python, Ruby, LUA, Powershell or BASH
Experience in at least one development language e.g. Java, C, C# or similar
A good understanding of the OSI stack and the various protocols from layer 1 ? 7 including SNMP, HTTP, VPN, 802.11.
Good appreciation of other security roles such as intelligence, vulnerability and patch management, Risk, auditing, Awareness and Security Architecture
A good understanding of Cloud based architectures including Azure, AWS and OpenStack
Excellent communication skills with the ability to communicate at a technical and business user level
Ability to incorporate testing results into a report.
Desirable
Able to work in both waterfall and agile software delivery projects
Good understanding of Industrial control systems including SCADA
Good understanding of the Energy industry
Computer Science, Mathematics, Engineering or Security related degree (or higher)
OSCE
CBEST framework experience
Qualifications
Qualifications Required: Formal certification in one of the following:
CHECK Team Member
CREST CERTIFIED Tester
Cyber Scheme Team Member
Tiger Scheme Team Member
We might consider those with SANS GPEN and GWAPT
College Degree in Computer Science or similar study
Job Dimensions
Willing to work out of hours or flexi time if there is a requirement
Ability to travel to different sites and potentially the UK.
.
National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise.We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve.National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team.
Job
:IS DIgital Security & Risk
Primary Location
:MA-Waltham
Organisation
:IS Digital Security & Risk
Schedule
:Full-time
Job Posting
:Jun 12, 2018, 1:34:35 PM
Unposting Date
:Ongoing