Cyber Defense Analyst; Hybrid

Eversource will not offer immigration‑related sponsorship for this position. Applicants who require immigration sponsorship—either now or in the future—should not apply. This includes, but is not limited to, direct company sponsorship, listing Eversource as the employer of record on immigration documents, or any work authorization that requires company involvement or documentation (e.g., H‑1B, OPT, STEM OPT, CPT, TN, J‑1, O‑1, etc.).

Eversource supports work‑life balance by offering hybrid schedules for certain roles. Eligibility is based on job responsibilities, operational needs, nature of work and team dynamics. Current guidelines require employees to work at least three days in the office, including Tuesdays and Wednesdays, with the third day set by the employee and supervisor based on department needs. These guidelines apply to roles approved for remote work and are subject to change, based on managerial discretion and work performance.

All applicants must be able to work up to five days in the office if needed (for example: emergencies, training, or other business needs) or should the policy change.

Work in the Eversource Security Operations Center (SOC) which is responsible for managing and protecting computer assets, networks and information systems. This position will act as the primary lead for proper handling of Information Security incidents and provide remediation actions as required. This position also monitors and audits information systems to confirm information security policy compliance and provides management with security policy compliance assessments and system monitoring reports.

To accomplish these tasks the candidate must have an extensive understanding of digital investigations, and underlying principles of networking, infrastructure and system integration. In addition, provides technical expertise to key Security tools and software. This includes requirements in the planning, coordination, programming, and implementation of releases, upgrades or changes to security system software and hardware.

• Performs Incident Response functions for the SOC team to ensure incidents are handled appropriately to minimize risk and impact to the company.
• Analyzes and processes case work relating to computer security vulnerabilities, phishing, malware, and forensic investigations.
• Ability to anticipate and respond to changing priorities, and operate effectively in a dynamic demand‑based environment, requiring extreme flexibility and responsiveness.
• Leads security incidents to ensure timely mitigation and remediation efforts are completed.
• Preserves, harvests, and processes electronic data according to company policies and regulatory requirements. Participates in forensic investigations as required, to include the collection, preservation of electronic evidence, analysis, and creation of a final report.
• Produces high quality oral and written work, presenting complex technical matters clearly and concisely with audiences ranging from peers to senior management.
• Must be familiar with current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy.
• Recommends effective process changes to enhance defense and response procedures.
• Evaluates, tests and selects security tools, evaluation products and control products.
• Assists with annual SOX, CIP and SOC assessment and related remediation efforts.

Strong working knowledge of information systems security standards and practices.

• Bachelor’s degree in Information Systems, related technical degree or equivalent experience.

• Minimum of three (3) to five (5) years of experience in the field of information security.
• Experience with one or more of the following:
  Security Monitoring; database security, policies and procedures, active directory, cryptography/PKI, application security assessments, risk assessments, security awareness or related information security subject area.

• SANS Incident response training or security certification preferred.

• Must be available to work emergency restoration…