We are seeking an individual for a Regular position as a Security Engineer in the IT Security Department of the Information Technology Division.
Perform security scan, analysis and remediation of information security assets to identify potential security vulnerabilities and threats that place OUC technology at risk of misuse, unauthorized access or disclosure.
· Bachelor's degree in Computer Science, Information Systems, or other IT related field of study from an accredited college or university
· Minimum of five (5) years of security related I.T. experience with a focus in networking (CCNA minimum) and or network operating systems (MCSE min) to include:
Minimum three (3) years of practical technical experience within a Cyber Security role
Industrial control system experience (preferred)
· Significant working knowledge of information security principles and practices and at least two years technical experience with relevant LAN/WAN security hardware and software including IDS/IPS, Firewalls, Web Proxies, Vulnerability Scanning, Email Gateway etc..
· Understanding of enterprise switching/routing and protocols including OSPF, BGP, EIRGP, HSRP and MPLS/VPLS. Experience configuring and supporting switches and routers is preferred but not required.
· Experience in network security features including ACLs, VPN, IPSEC/GRE
· Experience with network and web related protocols (e.g. TCP/IP, UDP, IPSEC, HTTP, HTTPS)
· Understanding and some experience with 802.11x, Encryption and Network Access Control.
· Experience with incident management and threat remediation including threat analysis, isolation, identification, eradication.
· Experience with Microsoft Windows Server administration & maintenance in an enterprise environment; Working knowledge of DNS, DHCP, GPO, Permissions, Powershell.
· Working knowledge in all, but not limited to, the following:
o Control system communication protocols;
o Industrial control systems and real-time monitoring applications including SCADA, AMI, DCS, PLCs, and RTUs;
o Utility security and regulatory standards including but not limited to NIST and NERC Critical Infrastructure Protection (CIP);
o Wired and wireless networking technologies;
o Utility/Energy Communications System Architecture;
· Able to test technology security, analyze and document test results, recommend and assist with mitigation, and assess the mitigation effectiveness;
· Ability to translate very technical information to an average person;
· Project security planning including estimates, architecture, tasks and risk assessments
· Security tool subject matter expert; ability to efficiently use penetration testing tools, advanced protection devices, and other security forensic tools;
· Ability to translate highly technical information to non-IT staff;
· Ability to comprehend data samples, security forensic data, and network data flows;
· Ability to generate flow charts, architectural diagrams and project plans;
· Ability and desire to maintain knowledge of new technology (i.e. appliances, devices, etc.)
· Ability to make arithmetic computations using whole numbers, fractions and decimals, rates, ratios and percentages;
· Ability to use Microsoft Office Suite (Word, Excel, Outlook, etc.) and use standard office equipment (telephone, copier, computer, etc.)