Cyber Threat Intelligence Analyst

Our Company

The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid. NERC develops and enforces Reliability Standards; annually assesses seasonal and long‐term reliability; monitors the bulk power system through system awareness; and educates, trains, and certifies industry personnel. NERC’s area of responsibility spans the continental United States, Canada, and the northern portion of Baja California, Mexico. NERC is the Electric Reliability Organization (ERO) for North America, subject to oversight by the Federal Energy Regulatory Commission (FERC) and Provincial authorities in Canada. NERC's jurisdiction includes users, owners, and operators of the bulk power system, which serves nearly 400 million people.

Our Mission

The vision for the ERO Enterprise, which is comprised of NERC and the six Regional Entities, is a highly reliable and secure North American bulk power system. Our mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid. The mission of the E-ISAC is to reduce cyber and physical security risk to the North American electricity industry by providing unique insights, leadership, and collaboration.

Your Impact

The Cyber Threat Intelligence (CTI) Analyst is a member of the CTI Team inside the E-ISAC Intelligence Group. The CTI Analyst is a member of a multidisciplinary team that works with the private and public sector to defend critical energy infrastructure and “keep the lights on” throughout North America. The successful analyst will be a strong cross-functional collaborator within the E-ISAC and with members and partners, and will track team planning, collection, processing, analysis, and will receive feedback to constantly improve products. The analyst will leverage all sources of intelligence and data, and enrich it with electricity or industrial control system (ICS) context, and conduct threat hunting and modeling to develop original analysis for members, partners, and E-ISAC decision makers. The position reports to the Manager, Cyber Threat Intelligence inside the E-ISAC Intelligence Group.

Your Responsibilities and Qualifications

Responsibilities

• Provide cyber security IT and/or OT/ICS technical analysis and to electric and natural gas industry members and government officials.
• Demonstrate familiarity with industrial control system infrastructure, processes, procedures, and architecture.
• Author reports and generate complete, actionable, relevant, and timely threat intelligence from OSINT, government, and vendor-supplied information and data sources.
• Participate in analysis and investigative engagements to identify anomalous or suspicious threat actor behavior in various data sets including open-source information.
• Prepare written or verbal briefings on the results and outcomes of the analysis engagement tailored to the relevant audience. Convey both verbally and in writing the importance of findings for a variety of audiences; prepare and deliver briefings and reports to members, fellow analysts, and E-ISAC leadership.
• Provide possible initial impact and confidence assessments of analyzed cyber incidents and reports.
• Collaborate with subject matter experts, electric industry experts, and E-ISAC members to identify opportunities to improve the cyber security of North American electric Grid Leverage current and emerging tools and best-practices for tracking cyber threat actors’, tactics, techniques, procedures (TTPs) and behaviors of adversaries, adversary motivations, and industry attack trends.
• Coordinate closely with the Cybersecurity Risk Information Sharing Program (CRISP), physical security, watch operations, and performance management teams.
• All other duties as assigned.

Qualifications

• A Bachelor’s Degree in a related technical field and related technical experience.
• Strong generalized security technical background, critical thinking and troubleshooting proficiencies.
• A capacity to thrive in a dynamic environment where priorities can change frequently and rapidly.
• Strong communications and interpersonal skills to build/maintain ongoing business relationships with E-ISAC members, fellow teammates, vendors, and clients at all levels of the organization.
• Good written and verbal communication, analysis and presentation skills, with proven ability to align teams and stakeholders to a common goal.
• Possess or ability to obtain one or more of the following certifications (or equivalent):
• GIAC Security Essentials Certification (GSEC)
• GIAC Certified Incident Handler (GCIH)
• GIAC Cyber Threat Intelligence (GCTI)
• GIAC Response and Industrial Defense (GRID)
• Consistently analyze cyber security events and incidents to produce complete, accurate, relevant, and timely information to stakeholders to address cyber security risk and the evolving cyber security threat landscape.
• Strong critical thinking and problem solving skills.
• Familiarity with corporate security operations environments, incident response, network security monitoring.
• Experience with open source intelligence collection and research.
• Understanding of cyber security compromise detection and potential business operations impacts.
• Understanding of cyberattack tactics and procedures, including the kill chain, diamond model of threat analysis, MITRE ATT&CK models, or other relevant frameworks.

Other

• Background check will be conducted prior to employment.
• In compliance with federal law, all persons hired are required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.
• The position is classified as a virtual employee. The CTI Analyst may request to work remotely on a full time basis in accordance with company policies, but must be able to travel to NERC and E-ISAC offices, and member organizations as required. Reimbursement of travel expenses will be in accordance with the company’s travel and expense reimbursement policies.
• Travel (15-20%) necessary: passport required for travel, primarily throughout North America.

Our Culture Declarations

• Everyone at NERC is a leader.
• We are accountable personally and organizationally to deliver on commitments.
• We develop ourselves and people in the organization to ensure that NERC realizes its strategic objectives.
• We are resilient and adaptable to the challenges and needs of the business/people.
• We exude a growth mindset and empower teams to take risks.
• Build collaborative relationships within NERC, the ERO, and the stakeholders of NERC.
• We exemplify NERC cultural behaviors:
• Reward, high-quality, creative, and innovative work;
• Attract, engage, and retain top talent;
• Value & respect diverse perspectives;
• Provide a safe, inclusive, and collaborative work environment; and
• Form strong relationships within the company, and with the ERO Enterprise.
• We demonstrate curiosity in a wide variety of areas and are open to exploring new situations, knowledge and opportunities for growth and development.
• We demonstrate an anticipatory mindset; preventing problems, and building contingencies where appropriate.
• We are champions for diversity and inclusion. Seeks out and values diverse perspectives.