At Aqua, we are guided by a set of principles that embody the character of our company and inspire our work together. They are embedded within our business practices and our behavior. We are proud to be united by integrity, respect and the pursuit of excellence to be the best we can be for the customers and communities we serve.
Together, the women and men of Aqua America serve 3 million customers across eight states. Aqua uses science, technology, capital investments, and amazing talent to provide communities with clean, safe drinking water and responsibly return wastewater to our rivers and streams. Join our team and make a difference!
Are you looking for a fantastic career at Aqua? We have a great opportunity for a Security Engineer 1. This position willsupport activities related to risk management, security operations, compliance and audit support. We are looking for the right person who will frequently engage with both technical teams and business process owners to ensure that appropriate security is implemented and that risk is understood and managed for our technology solutions.
Responsibilities will include –
- Monitor IT environment for security incidents and risks, report to company leadership and build remediation plans tomitigate the risks.
- Work closely with engineers focused on intrusion detection, incident response and security operations.
- Define metrics to assess the success of the security program and provide regular reports to security and business leadership. Implement and maintain controls for compliance and privacy. Act as liaison to internal and external audit teams as needed.
- Lead ongoing vulnerability management processes, including working with IT Infrastructure, Applications and Desktop teams to prepare vulnerability remediation plans, track progress and reduce overall vulnerability exposures.
- Collaborate with other security engineers to analyze, process, integrate, communicate and respond to threat intelligence.
- Ability to participate in or lead development, improvements and updates to continually improve security controls, policies, guidelines, processes and procedures. Monitor compliance with security configuration standards for IT server, software and networking platforms based on CIS Benchmarks. Provide Sarbanes-Oxley Section 404 compliance related to project management, change management and security.
- Participate in all phases of the SDLC and project life cycles as needed for corporate initiatives - design, build and operate ensuring security policy and procedures, and control/compliance frameworks and security best practices are implemented and followed.
- Create/maintain documentation of security solutions, services, configurations and processes. Communicate the performance and health of the security program at regular intervals by participating in the development of standard update reports, scorecards, and trend summaries.
- Manage development and operation of the security awareness program to ensure that security and risk management continue to be integrated into the corporate culture. Provide escalation support for the Information Technology Help Desk as required.
The successful candidate for this position will have a Bachelor’s Degree focused on Information Technology or relevant field in addition to 5-7 years of operational information technology related experience, with previous experience in an information security function preferred.
Candidates must also have one or more of the following certifications: CISSP, GIAC (GSEC, GSNA), CRISC, CISA, CISM, CCSP, SSCP, CAP, CSSLP, CSX Practitioner. We will also consider candidate willing to obtain the certification(s) within twelve months.
Successful candidate will also have:
- Experience developing and using Qualys Vulnerability Management and Policy Compliance., experience working withfile integrity and configuration assessment tools such as Tripwire Enterprise and CIS-CAT, experience leading security awareness program development, experience utilizing a GRC platform is a strong positive.
- Previous experience working directly with an information security function and with Tripwire Enterprise, ArcSight, and common GRC (i.e. Archer, Lockpath, etc…) platforms is a strong positive.
- In-depth knowledge of the following technologies from a security perspective: Active Directory, database platforms, web server platforms, Middleware, PKI, cloud computing, Office 365 and Azure.
- Aptitude to understand and integrate security into project and application lifecycles for enterprise IT systems.
- Strong written and verbal communication skills and the ability to work independently and effectively in a team environment.
- Ability to work off hours maintenance windows and participate in rotating on call shift periodically.
- Excellent organizational skills and the ability to multi-task, prioritize workload and delegate responsibilities.
- Knowledge of the following concepts:
- Security Configuration Assessment
- Controls and Policy
- Risk Assessment and Management
- Access Controls
- Data Loss Prevention (DLP)
- Authentication and Authorization
- Confidentiality, Availability and Integrity
- Secure SDLC
- Mobility and cloud platforms
- Encryption in transit and at rest
- Sensitive data types such as PII, IP, PHI
- Security best practices