|Date Posted||October 9, 2021|
Requisition ID # 117904
Job Category : Information Technology
Job Level : Individual Contributor
Business Unit: Information Technology
The Cybersecurity team enables PG&E to achieve its mission by providing governance, oversight, and support of operational resiliency and asset safeguards in a relevant, timely and data-driven manner. The Cybersecurity team consists of security professionals in their chosen disciplines, including:
∙ Cybersecurity Services
∙ Risk & Strategy
∙ Security Intelligence & Operations
Working together, we review the current cyber threat landscape and lend our expertise to help the company understand its security posture and act on the highest priority risks.
The Cybersecurity team takes a proactive approach to security by focusing on the cyber risks PG&E faces. Our methodology and framework synthesize current legal, regulatory, and operating mandates with PG&E’s business goals and operations. By taking this information and focusing on the cyber risks unique to individual Lines of Business (LOB), Cybersecurity helps PG&E’s LOBs make informed decisions about where to invest their resources.
The Cybersecurity IT Product Specialist manages the daily operations of the Cybersecurity Configuration and Vulnerability Management products. They will work closely with Cybersecurity partner teams, Project Managers, team leaders, specialists, and subject matter experts. This position will maintain, document, develop and deliver technology solutions for the products supporting Configuration Management and Vulnerability Scanning. Additionally, work closely with our Lines of Business and various IT organizations and be responsible for maintaining and maturing our Cybersecurity technologies.
The position will work remotely from your home office until a safe return to the office is identified. An office location within our service territory and closest to the successful candidate will be identified and may require occasional office visits as business needs require.
- Responsible for the management, advanced configuration, patching, monitoring, and fine tuning of the Configuration Management and Vulnerability & Application Scanning products. These currently include Tenable Security Center, HCL-AppScan, Tripwire, Forescout eyeInspect, and IXIA
- Work closely with cross-functional teams to troubleshoot and resolve complex operational issues.
- Act as a conduit for vendor relationship, licensing, and incident management.
- Defend systems against unauthorized access, modification and/or destruction.
- Identify security abnormalities
- Facilitate and assist in the coordination of remediation efforts, tracking, reporting progress and providing root cause analysis
- Support internal auditing data collection
- Partner with the groups within Information/Business Technology and Lines of Businesses on security
- Contribute to a variety of documentation such as strategies, plans, designs, usage or configuration standards, policies, guidelines, user requirements, roadmaps, reports, metrics, process manuals, configuration manuals, and other documentation specific to and necessary for the targeted product or service.
- Research and recommend security controls and tools upgrades
- Participate in Security projects
- Develop methods of automation and optimization.
- Partner with peers in the accountable planning organization to develop the strategic vision and understand how it applies to the targeted products or services. Understand the product’s key benefits, and the product’s targeted users.
Participate in a 24x7 on-call rotation
- AA/AS in Computer Science or job-related discipline or equivalent work experience
- 2 years of IT/Cybersecurity technical experience
- Scripting skills using Python or Powershell
- Ability to follow Safety First principles
- Bachelor of Science in Computer Science or job-related discipline
- 3+ years of relevant technical experience
- Knowledge of Configuration Management & Vulnerability Scanning products such as Tenable, AppScan, Tripwire
- Familiarity with NIST framework, & NERC CIP standards
- Achieve positive results with multiple projects/efforts running simultaneously
- Results driven, and customer focused
- Multi-Platform knowledge (UNIX/LINUX, Windows Servers/Desktops, Oracle/SQL Databases, etc.)
- Skilled at being team player
- Energizes coworkers, and maintains a positive attitude towards the team and the business directions
- Strong analytical, critical thinking and decision-making skills
- Familiar with one or more security controls/risk management frameworks (ISO, NIST, etc.)
- Understanding of risk and security controls
- Understanding of network protocols, enterprise architecture, and common network logging functions