The tasks, duties, and responsibilities of the position that are most important to get the job done.
- Respond to, remediate and document information security incidents;
- Support application and infrastructure risk mitigation and vulnerability remediation activities;
- Implement, configure, manage and document security tools used by PDC including Firewalls, VPNs, IAM, SIEM, vulnerability scanners, Email protection services, network security, end-point security, patch management and other security products and procedures;
- Develop and carry out information security plans and policies;
- Develop or implement scripts and tools to automate threat detection;
- Assist in the development and testing of Disaster Recovery / Business Continuity Plans;
- Establish requirements and make recommendations on the appropriate infrastructure protection tools, methods, and technologies;
- Monitor networks and systems for security breaches, through the use of software that detects intrusions and anomalous system behavior;
- Perform security gap assessments and penetration tests, generate comprehensive reports and recommendations on the security risks and vulnerabilities discovered;
- Keep abreast of latest security advisories, alerts and vulnerabilities pertaining to PDCE and its mission. Assists with conduct periodic threat exercises and make recommendations to IT management on the need for policy changes;
- Researches, installs and tests software updates and patches to support enterprise-wide applications and various operating systems;
- Work closely with business analysts and system administrators on existing and new deployments to ensure that best practices are followed;
- Assist with development and implementation of Security Awareness Training for entire organization;
- Evaluates selects and applies proven techniques, procedures and criteria, in making enhancements and modifications to the corporate network infrastructure including network, server and desktop related hardware and software;
- Performs and assumes other duties and responsibilities as may be required at the direction of the Director, Information technology.
KNOWLEDGE, SKILLS AND ATTRIBUTES
The specific minimum competencies required for job performance.
- Documented working experience with Microsoft Windows Environments, Microsoft Office Suite, VMware cloud environments, Azure Iaas, PaaS & SaaS, Microsoft Office 365, Citrix Virtualization, client/server technology, DRM and Internet/intranets;
- Expertise in SEIM, firewalls, VPNs, intrusion detection, content filtering, file integrity monitoring and end point protection technologies;
- Experience with securing cloud platforms;
- Expertise in designing secure networks, systems and application architectures;
- Experience with vulnerability scanners and penetration tools such as nmap, Nessus, Rapid7, Metasploit, etc.;
- System administration, supporting multiple platforms and applications including Microsoft Windows 2012/2016 Active Directory, Microsoft PKI, Microsoft Exchange 2013/2016, Office 365;
- Experience with SD WAN and SDN (VMware NSX) vSphere and Cisco ACI is a plus;
- Experience with securing SCADA networks is a plus;
- Knowledge of common information security management frameworks such as ISO/IEC 27001, ITIL, COBIT. Knowledge of National Institute of Standards and technology (NIST) Cyber Security Framework (CSF) and SP800-XX frameworks for operational technology devices;
- Excellent troubleshooting skills and knowledge of risk assessment tools, technologies and methods;
- Must be organized, detail-oriented, deadline-driven, and able to handle multiple responsibilities in a fast-paced environment;
- Must be motivated, disciplined and a self-starter and should be willing to learn any needed skills via self-directed activity;
- Strong interpersonal skills – must be able to work effectively as part of a team and foster team cooperation;
- Effective verbal and written communications skills.
The scope of the person’s authority, including a list of jobs that report to the incumbent.
This position has no supervisory responsibilities.
The environment in which the job is performed, especially any unique conditions outside a normal office environment.
- Consistent with that of a normal work environment;
- Ability to routinely lift up to 50 lbs;
- Participates in 24x7 on-call rotation;
- Required to work on-call during planned maintenance and/or emergencies;
- Frequent travel to all PDC offices required.
The minimum level of education, experience, and certifications required to perform the job.
- Bachelor’s degree in computer science or related field;
- 5+ years of relevant work experience;
- Certified Information Systems Security Professional (CISSP), Certified Information System Auditor (CISA), Certified Information Security Manager (CISM) or other equivalent certifications preferred;
- Previous Oil & Gas experience preferred but not required;
- Valid driver’s license required.