JobsEQ by Chmura Logo

Cyber Security Specialist Senior

TECO Energy, Inc.

Location: Ybor City, FL, 33605
Type: Full-Time, Permanent, Non-Remote
Posted on: September 27, 2021
This job is no longer available from the source.
Job Description
Reference #: 793814600
Title: Cyber Security Specialist Sr
Shift: 8 Hr. X 5 Days
Hiring Manager: Jose L Valdes
Recruiter: Mark E Koener
POSITION CONCEPT :
The Cyber Security Specialists are responsible for monitoring the company's information security systems, ensuring that all procedures are followed on a daily, weekly, monthly, and annual basis. Additionally, this position provides expert-level support, within a team environment, for systems used to monitor and protect the enterprise assets. Also tasked with detecting, analyzing, and responding to any suspicious cyber security activity across Emera business and operational networks. The scope includes all network infrastructure, operating systems, and web server platforms throughout the company and its subsidiaries.
Cyber Security Specialists develop and possess an in-depth understanding of exploits (e.g., malware) and vulnerabilities, resolving issues by taking the appropriate corrective action, or following the appropriate escalation procedures. This entails proactively identifying and assessing threats to network and data, monitors network for malicious activity, investigates intrusions and other relevant events, and has a sophisticated and detailed understanding of the evolving threat landscape. The responsibilities include assessing enterprise assets to include critical assets for secure configurations and maintaining and enforcing regulations regarding NERC Critical Infrastructure Protection (CIP), Sarbanes-Oxley (SOX), PCI, and corporate information security standards.
WORKING CONDITIONS
Normal working conditions with occasional extended hours during the week and weekends including on-call rotational support.
LEVEL 1 - CYBER SECURITY SPECIALIST ASSOCIATE
DUTIES AND RESPONSIBILITIES :
• Monitor and respond to security threats and/or events generated by various security monitoring tools/technologies for the enterprise network. Determine if anomalies are actual system compromises. Escalate significant threats/events to 2nd or 3rd tier support for deeper analysis. This is to ensure all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment.
• Conduct digital forensics by collecting computer/network-related evidence in support of policy violations, criminal activity, fraud, and in response to threat intelligence, law enforcement investigations, or information technology (IT) audit efforts (NERC CIP, SOX, PCI, etc.). Additionally, conducts malware analysis to gather relevant indicators of compromise (IOCs) for active hunting and continuous monitoring for installed toolsets.
• Translates all applicable standards and requirements (NERC CIP, NIST 800-171, NIST 800-53, PCI-DSS, SOX, etc.) into appropriate systemic and procedural solutions to enable compliance adherence. Coordinate and communicate necessary actions to maintain compliance with applicable internal and regulatory standards. Assist in the development and enforcement of company policies, procedures, desk level procedures, disaster recovery plans, processes, plans and standards that support and facilitate governmental and regulatory compliance. Assist in the development of management responses to internal/external government and regulatory audits and data requests in conjunction with respective management and staff.
• Evaluate the effectiveness of in-place security controls to constantly strengthen the overall security posture. Recommend implementation of counter-measures or mitigating controls as well as contribute to design, implement, and maintain security tools, systems, and technologies leveraged by the CSOC or NERC CIP program.
• Monitor external event sources for security intelligence and actionable incidents.
• Develop and maintain threat/risk metrics, security processes, and desk level procedures.
EDUCATION, (LICENSES AND CERTIFICATIONS) :
Required : Valid High School Diploma or valid GED
Preferred : An accredited Bachelor's Degree in Computer Science, Information Systems, or other IT related discipline
Licenses/Certifications
Required: From the list of certification vendors, one related Information Security professional certification or ability to obtain via self-study within one year of hire date (ex: (ISC)2, GIAC, ISACA, CompTIA, e-Council, etc.)
Preferred: ITIL v3 and one or more of the following or similar Information Security professional certifications (ex: ACE, CCE, CEH, CISA, CISM, CISSP, CRISC, EnCE, GCCC, GCDA, GCED, GCFA, GCFE, GCIA, GCIH, GCWN, GICSP, GMON, GNFA, GPEN, GPPA, GREM, GWAPT, GXPN, OSCP, SSCP)
EXPERIENCE :
Required : A minimum 5 years of related Cyber Security, IT, or Technical (hands-on networking, telecommunications [radios, satellites, communications, etc.], hardware, software) experience. In lieu of some experience listed above, may consider 3 years related experience with a bachelor's degree in Computer Science, Information Systems or other IT related discipline.
KNOWLEDGE/SKILLS/ABILITIES :
Required :
• • Working knowledge of major operating system security (Windows, Mac OS, Linux/Unix), web server security, and network security.
• Working knowledge of major security systems and functions for incident response, monitoring and forensic activities: Firewalls, IDS/IPS, Antivirus/Antimalware, SIEM, Incident Response, Threat Prevention, Web/Application Control Filtering, Email Filtering, NetFlow Analysis, Endpoint Security, Configuration and Change Management, File Integrity Monitoring, and DLP
• Working knowledge of log, network, and system forensic investigation techniques
• Basic working knowledge of networking protocols and systems administration
• Basic working knowledge of identifying and capturing indicators of compromise and methods for detecting them within incidents
• Basic working knowledge with packet analysis and malware analysis
• Basic working knowledge of the processes that ensure compliance with regulatory or industry requirements such as NERC CIP, SOX and PCI
• Analytical and risk assessment skills as well as listening, written and computer communication skills for reporting and auditing purposes
Preferred:
• • Working knowledge of major security systems and functions for incident response, monitoring and forensic activities: Firewalls, IDS/IPS, Antivirus/Antimalware, SIEM, Incident Response, Threat Prevention, Web/Application Control Filtering, Email Filtering, NetFlow Analysis, Endpoint Security, Configuration and Change Management, File Integrity Monitoring, and DLP
• Working knowledge of networking protocols and systems administration.
• Working knowledge of identifying and capturing indicators of compromise and methods for detecting them within incidents
• Working knowledge with packet analysis and malware analysis
• Working knowledge of the processes that ensure compliance with regulatory or industry requirements such as NERC CIP, SOX and PCI
• Basic knowledge of penetration testing technologies and procedures
• Basic knowledge with reverse engineering malware
• Analytical and risk assessment skills as well as listening, written and computer communication skills for reporting and auditing purposes
LEVEL 2 - CYBER SECURITY SPECIALIST
In addition to Level 1 Associate Specialist duties and responsibilities, translates all applicable standards and requirements. Coordinates and maintains compliance with applicable internal and regulatory standards. Leverages experience and skills to find inventive and effective solutions to information security problems. Identify, evaluate and recommend corrective action plans to mitigate/remediate cyber security risks and vulnerabilities. Works under minimal supervision.
DUTIES AND RESPONSIBILITIESINCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING:
• Translates all applicable standards and requirements (NERC CIP, NIST 800-171, NIST 800-53, PCI-DSS, SOX, etc.) into appropriate systemic and procedural solutions to enable compliance adherence. Coordinate and communicate necessary actions to maintain compliance with applicable internal and regulatory standards. Development and enforcement of company policies, procedures, desk level procedures, disaster recovery plans, processes, plans and standards that support and facilitate governmental and regulatory compliance.
• Proactively assess the enterprise and segmented infrastructure for current and potential vulnerabilities or security threats by leveraging automated security monitoring tools, conducting manual security assessments, and using penetration testing techniques. Determine if anomalies are actual system compromises. This is to ensure all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment.
• Leverages experience, critical thinking, and analytical skills to find inventive and effective solutions to information security problems. Articulates complex information security concepts to non-technical employees clearly while accurately portraying risks and threats to the company. (10%)
• Collect and organize required evidence for compliance with applicable regulatory requirements and standards, such as network diagrams, access controls, ports and services, physical port security, malicious code prevention, security event monitoring, account management, and baseline configuration. Document and present to internal/external audits and data requests in conjunction with respective management and staff.
• Identify, evaluate, and recommend corrective action plans (changes to architecture, hardware, and software) that assist in the mitigation/remediation efforts of identified cyber security risks and vulnerabilities. This is accomplished by conducting vulnerability scans, reviewing security controls (access control, patch management, firewall policy, etc.), and reviewing internal controls (DR/BC, configuration management, software development lifecycle, etc.). Performs quality assurance checks on tools and data to ensure accuracy and functionality of systems and the accurate accountability of data that is being monitored. The intent is to constantly strengthen the overall security posture by assisting in efforts to design, implement, and maintain essential security tools, systems, and technologies necessary to protect Company assets.
• Stays informed about information security and compliance trends, directions, and technologies in relevant industries. Monitor external event sources for security intelligence and actionable incidents. Additionally, contribute in information and threat intelligence sharing sessions with other utility companies, industry partners, and government agencies.
• Assist in conducting digital forensics by collecting computer/network-related evidence in support of policy violations, criminal activity, fraud, and in response to threat intelligence, law enforcement investigations, or IT audit efforts (NERC CIP, SOX, PCI, etc.). Additionally, assist in conducting malware analysis to gather relevant indicators of compromise (IOCs) for active hunting and continuous monitoring for installed toolsets.
• Develops threat/risk metrics, security processes, and desk level procedures.
EDUCATION, (LICENSES AND CERTIFICATIONS) :
Required : Valid High School Diploma or valid GED
Preferred : An accredited bachelor's degree in Computer Science, Information Systems, or otherIT related discipline
Licenses/Certifications
Same as Level One
Related Experience
Required : A minimum 8 years of related Cyber Security or IT experience. In lieu of some experience, may consider 4 years related experience with a Bachelor's Degree in Computer Science, Information Systems or other IT related discipline
LEVEL 3 - CYBER SECURITY SPECIALIST SENIOR
In addition to Level 2 Specialist duties and responsibilities,d evelops and implements correlation rules, alerts and feeds to ensure all pertinent information is obtained for the identification, containment, eradication and recovery actions. Identify and solve cyber security and compliance problems of varying complexity across multiple technology areas. Leads efforts in conducting digital forensics and malware analysis. SME in the development of management responses to internal/external government and regulatory audits and data requests. Works under minimal supervision.
PRIMARY DUTIES AND RESPONSIBILITIESINCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING:
• Proactively assess/monitor the enterprise and segmented infrastructure for current and potential vulnerabilities or security threats by leveraging automated security monitoring tools, conducting manual security assessments, and using penetration testing techniques. Evaluate and respond to security threats and/or events by continually assessing real-time logs and performing payload analysis of packets for the enterprise network to determine if anomalies are actual system compromises. Develop and implement correlation rules, alerts, and feeds that CSOC personnel evaluate and respond. This is to ensure all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment.
• Utilize threat analysis data from internal and external sources to identify lines of investigation outside of normal day-to-day security monitoring and perform independent advanced monitoring, or "hunt missions", throughout the environment for patterns, anomalies, and potential unforeseen security incidents.
• Identify and solve cyber security and compliance problems of varying complexity across multiple technology areas. Develop and implement appropriate technologies and systems used to analyze, assess, remediate/mitigate, alert, and respond to activities that occur before, during, and after events that may or may not lead to an incident (e.g., compromise, disruption, etc.). Subject Matter Expert (SME) in incident response and investigations, activate incident response plans/procedures for escalated security events that lead to an incident. Lead efforts in incident response, disaster recovery, and business continuity events and exercises.
• Identify, evaluate, develop/engineer, and implement corrective action plans (changes to architecture, hardware, and software) that assist in the mitigation/remediation efforts of cyber security risks and vulnerabilities. This is accomplished by conducting vulnerability scans, reviewing security controls (access control, patch management, firewall policy, etc.), and reviewing internal controls (DR/BC, configuration management, software development lifecycle, etc.). Performs quality assurance checks on tools and data to ensure accuracy and functionality of systems and the accurate accountability of data that is being monitored. The intent is to constantly strengthen the overall security posture by leading efforts to design, implement, and maintain essential security tools, systems, and technologies necessary to protect Company assets. Additionally, identify and track instances of non-compliance via monitoring.
• Lead efforts in conducting digital forensics by collecting and presenting computer/network-related evidence in support of policy violations, criminal activity, fraud, and in response to threat intelligence, law enforcement investigations, or IT audit efforts (NERC CIP, SOX, PCI, etc.). Additionally, lead efforts in conducting malware analysis to gather relevant indicators of compromise (IOCs) for active hunting and continuous monitoring for installed toolsets.
• Translates all applicable standards and requirements (NERC CIP, NIST 800-171, NIST 800-53, PCI-DSS, SOX, etc.) into appropriate systemic and procedural solutions to enable compliance adherence. Coordinate and communicate necessary actions to maintain compliance with applicable internal and regulatory standards. Development and enforcement of company policies, procedures, desk level procedures, disaster recovery plans, processes, plans and standards that support and facilitate governmental and regulatory compliance. SME in the development of management responses to internal/external government and regulatory audits and data requests in conjunction with respective management and staff.
• Identify and collaborate with external event sources to be used for security intelligence and actionable incidents. Additionally, facilitate, coordinate, and present threat intelligence and information sharing sessions with other utility companies, industry partners, and government agencies.
• Develop threat/risk metrics, security processes, and desk level procedures.
EDUCATION, (LICENSES AND CERTIFICATIONS) :
Required : Valid High School Diploma or valid GED
Preferred : An accredited master's degree in computer science, Information Systems, or other IT related discipline
Licenses/Certifications
Same as Level One
Related Experience
Required : A minimum 10 years of related Cyber Security or IT experience. In lieu of some experience, may consider 4 years related experience with a Bachelor's Degree in Computer Science, Information Systems or other IT related discipline
COMPETENCIES :
• Builds Relationships
• Cultivates Innovation and Embraces Change
• Speaks Up on Safety, Health, and the Environment
• Takes Ownership & Acts with Integrity
• Thinks Strategically & Exercises Sound Judgment
BENEFITS
Competitive Salary *401k Savings plan w/ company matching * Pension plan * Paid time off* Paid Holiday time * Medical, Prescription Drug, & Dental Coverage *Tuition Assistance Program * Employee Assistance Program * Wellness Programs * On-site Fitness Centers * Bonus Plan and more!
STORM DUTY REQUIREMENTS ....Please make sure to read below!!! Responding to stormswill beconsidered a condition of employment.
The company and its companies serve a role in providing critical services to our community during an emergency. Team members are required to participate in the response/recovery activities related to emergencies/disasters to maintain service to our customers. Team members are required to work in their normal job duties or other assigned activities. Compensation will be made in accordance with the company's rules and procedures.
Pay Transparency Non-Discrimination Statement
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
ADA policy
It is the policy of Tthe company to provide reasonable accommodation for all qualified disabled individuals who are employees and applicants for employment, unless it would cause undue hardship. The corporation will adhere to applicable federal and state laws, regulations and guidelines, including, but not limited to the Americans with Disabilities Act (ADA) of 1990 and section 503 and 504 of the Rehabilitation Act of 1970s.
Application accommodations
Applicants may request reasonable accommodation in the application process five business days prior to the time accommodation is needed.
Pre-employment physical exams may be required for positions with bona fide job-related physical requirements regardless of disability.
Equal Opportunity Employer
"Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by law, except where physical or mental abilities are a bona fide occupational requirement and the individual is unable to perform the essential functions of the position with reasonable accommodations. In order to provide equal employment and advancement opportunities for all individuals, employment decisions at the company will be based on skills, knowledge, qualifications and abilities."
Compensation and Hours
Salary Range: Not Available DOE (Depends on Experience) Not Available Other Benefits: Not Available Full or Part Time: Full Time (30 Hours or More) Job Duration: Over 150 Days Type of Job: Regular
Shift: Not Applicable
Hours per Week:
Hours Not Specified
View what local employers are paying Information Security Analysts