The American Society of Mechanical Engineers (ASME)


1 day old

Penetration Test and Advanced Adversary Partner

Northborough, MA
Apply Now
Apply on the Company Site
  • Job Code
Description: Description About the Position: The Penetration Test and Advanced Adversary team is part of the Cyber Security Operations department within Digital Risk and Security, and supports the Digital Risk and Security team’s global operations by identifying vulnerabilities via standard penetration testing assessments and identifying threats posing a genuine risk to National Grid via red / purple / advanced adversary team tests that replicate behaviors of threat actors, assessed by Government and commercial intelligence providers. This information will enable National Grid to proactively adjust its defensive posture. This role will assist the UK lead to define and implement/ operate a fully functional team including processes, procedures and a globalised operating framework. Once in place, the team will carry out penetration testing across a number of environments including web app, infrastructure and mobile platforms. In addition to performing red team / advanced adversary exercises based on Cyber Threat Intelligence and internal intelligence generated from tooling, security incidents and threat hunting. This role will also have links with the Operational Testing facilities. The US lead must be an expert penetration tester capable of performing security assessments while maintaining a business focus. The successful candidate must be an expert in network security and penetration testing. Responsibilities: Explain findings and recommendations to technical and non-technical audiences Mentor junior testers Maintain high technical competency on all engagements providing noticeable quality and technical expertise Provide oversight of projects delegated to team members to ensure consistent delivery and client satisfaction Create supporting tools, templates or processes to support the team Assist with developing a framework for internal Red Team and pen testing engagement across the business Assist with developing and refine procedures to conduct Red Team and penetration testing operations effectively Assist with develop Red Team / advanced adversary scenarios consistent with real attacks Work with other parts of the business to develop a method for testing detective capability through Red Team exercises (e.g. purple teaming) Input into p roduction of the yearly test schedules which will determine what we will be testing based on known weaknesses and cyber intelligence data. Monitoring the teams workflow. Outsource testing if skills are not yet in house. Managing third party vendor contracts Ensure all compliance and regulatory testing for the US is conducted and evidence maintained for audits. Deal with issues such as quality control; escalations etc Ensure defects are managed in line with processes and establishing reporting and KPIs, ensure they are meet Deal with all commercial and legal requirements such contracts, insurance, authority to test, disclosure, research etc. Reviews and development Job Dimensions: 3 -5 direct reports Willing to work out of hours or flexi time if required Ability to travel to different US sites and potentially the UK. Direct engagement with 3rd party suppliers/vendors in ensuring they fulfill their contractual requirements, including high lighting gaps and influencing IS and business stakeholders to ensure these gaps are addressed.
Main Interfaces: Senior management from Cyber Security Operations teams. Digital Risk and Security teams Senior management from IS, including Service and Business owners Program staff (Project Managers, Business Analysts, and Solution Architects). Internal compliance and assurance teams. Internal legal team. Internal Security Architecture team. External auditors. External regulatory and compliance bodies. Third party suppliers/vendors.
Knowledge, Experience & Technical Know How: 5 years technical testing experience in your area of expertise Experience in project scoping and estimating Full understanding of the penetration testing and cyber security testing life cycle and its pain points. Experience of implementing the life cycle. In depth knowledge of the commercial, contractual and legal aspects of penetration / cyber testing. Demonstrated ability to review reports, plan projects, manage testers, understand project prerequisite requirements prior to kickoff. Knowledge in the following: Internal / External / Wireless Hardware / Device Testing Network security concepts and best practices Interpreted languages (Ruby, Python, PHP, etc.) Compiled languages (Java, C, C++, Assembly, etc.) Web-based application security concepts and penetration testing Network security concepts Social engineering techniques and tactics Windows/Linux/UNIX/OSX internals Red teaming Experience of using Open Source and COTS for penetration testing which could include Nmap, Nessus, Metasploit, Kali Linux, Burp Suite Pro and similar Collaborative and team-oriented attitude Ability to prioritize and complete multiple tasks with little to no supervision In depth knowledge of security operations A strong understanding of Information/Cyber Security. A strong understanding of cyber threat intelligence attack models such as the Cyber Kill Chain or the MITRE ATT&CK model and how these can be applied for testing security systems and personnel. A good understanding of compliance standards such as PCI DSS, ISO 27001, NERC CIP and GDPR. Strong communication (Written and Verbal), leadership and partnering skills. Able to demonstrate a high degree of credibility and influence senior stakeholders within the Organisation. Able to operate as a highly independent worker and as part of a strong team/collaborative approach. Experience of managing and mentoring a small team. Qualifications Required: Formal certification in one of the following: Information Security Qualifications such as CISA, CISSP or an MSc Information Security preferred. Degree Security Qualifications such as CEH or CHFI, GCHI, GWAPT, GPEN, CREST
National Grid is an equal opportunity employer that value s a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion t hat drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team.
Job : IS DIgital Security & Risk Primary Location : MA-Northborough Organisation : Information Services Schedule : Full-time Job Posting : Mar 2, 2018, 7:19:38 PM Unposting Date : Ongoing


  • Mechanical Engineering - Applied Mechanics
  • Mechanical Engineering - Training
  • Mechanical Engineering - Quality
  • Mechanical Engineering - Manufacturing
  • Mechanical Engineering - Codes, Standards and Certifications
  • Computer Software Engineering
  • Mechanical Engineering - Electronics / Photonics
  • Mechanical Engineering - University, Academic and Education
  • Mechanical Engineering - Environmental / Solar / Sound

Featured Employers[ View All ]

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Penetration Test and Advanced Adversary Partner

National Grid
Northborough, MA

Share this job

Penetration Test and Advanced Adversary Partner

National Grid
Northborough, MA

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast