|Location||West Palm Beach, FL|
|Date Posted||January 6, 2022|
Our reliability is one of the best in the nation, and we’re working to make it even better. We live here too. That’s why we’re committed to making Florida a better place. Join our team today Learn more
Position Specific Description
This position will reside in the Cybersecurity & Technology Risk – Threat Defense Service team. The candidate will be expected to conduct on-going vulnerability management operations that include discovery, risk assessment and classification, and remediation tracking. The successful candidate will be one that possess the below mentioned technical capabilities and the business acumen required to coordinate and collaborate with senior stakeholders external to the team. This position will also be required to execute development operations and program improvement that include technology integrations, automation orchestration, and deployment of new discovery capabilities.
- Follow the NIST Risk Management Framework to continuously assess, prioritize, and address internal and external vulnerabilities.
- Interact with and advise a diverse group of senior stakeholders throughout the company to orchestrate controls and mitigation strategies for identified vulnerabilities.
- Maintain records and evaluate metrics pertaining to status of remediation efforts and company vulnerability profile at any given time.
- Develop and present briefings to various levels of leadership on work efforts, process development and implementation, and organizational vulnerability status.
- Advise management on vulnerability prioritization based on risk assessments and measures to mitigate threats to systems and networks.
- Provide guidance, requirements, and expectations for actions regarding security issues to ensure agreement among stakeholders on methods, procedures, and objectives for implementing and assessing the effectiveness of mitigations.
- Ensure that security improvement actions are evaluated, validated, and implemented as required.
- Track and report to leadership noncompliance to security requirements.
- Provide input for process development on the execution of the vulnerability management lifecycle as it applies to daily operations.
- Research emerging exploits, pre-CVE vulnerabilities, and analyze malware and threat campaigns to identify potential vulnerabilities to preemptively identify exposure and risk to business operations.
- Develop an intimate understanding of company networks, architecture, and assets, and serve as a primary contact for expertise on technical matters.
- Thorough understanding of the Vulnerability Management Lifecyle and the Intelligence Lifecycle relating to cybersecurity operations.
- In-depth knowledge of cybersecurity standards and best practices: endpoints, operating systems, network devices and architecture, communication protocols, wireless, virtualization, cloud computing.
- Advanced understanding of internet and WAN technology.
- Detailed knowledge or experience in Computer Network Attack (CNA) and Red Team concepts: reconnaissance, malware delivery and functionality, attack methodologies.
- Knowledge of OT, ICS, SCADA, and RTOS, particularly in relation to interconnectivity with traditional IT networks.
- Experience with vulnerability scanning , assessment, and research tools (Nessus, Nexpose, Qualys, Tanium, Shodan, etc.)
- Ability to communicate technical topics and details involving computer vulnerabilities to both highly technical and layman audiences.
- Ability to write technical reports and articulate complex subjects in simplified, easily understandable ways, free of analytical and grammatical errors.
- Excellent skills with Microsoft Office products (Word, PowerPoint, Outlook, Excel, Teams).
Desired Training and Certifications:
- Programming experience (language agnostic)
- Joint Cyber Analysis Course (JCAC)
- GIAC Enterprise Vulnerability Assessor (GEVA)
- GIAC Assessing and Auditing Wireless Networks (GAWN)
- GIAC Reverse Engineering Malware (GREM)
This job performs ongoing cybersecurity risk reviews for new and existing technologies and services and supports ongoing and new cybersecurity projects. Individuals develop requirements for and implement technical security projects and tools, as well as define the company’s cybersecurity policies and control framework. This position collaborates with the company’s IT department and business units to identify the need for, select, and deploy technical controls to meet specific security requirements. Employees in this role build processes and standards to ensure security requirements continue to be met.
Job Duties & Responsibilities
- Administers, operates and monitors NextEra Energy (NEE) information security sensors, logging, alerting and other detection mechanisms to identify and respond to threats
- Acts as subject matter expert for one or multiple assigned cybersecurity technology stacks (e.g., identity and access management, network intrusion detection and prevention, host based security tools)
- Collaborates with security architecture to identify, evaluate and recommend new security technologies for suitability within NEE’s environment and security posture
- Communicates ongoing cybersecurity activities, priorities and risk measurements or mitigations at multiple organizational levels
- Provides guidance for security activities and requirements in the system development life cycle (SDLC) and application development efforts. Participates in organizational projects, as required
- Performs other job-related duties as assigned
- High School Grad / GED
- Bachelor's or Equivalent Experience
- Experience:5+ years
- Certified Information Systems Aud (CISA) certification
Employee Group: Exempt
Employee Type: Full Time
Job Category: Information Technology
Organization: Florida Power & Light Company
Relocation Provided: Yes, if applicable
Where permitted by applicable law, NextEra Energy requires all employees and new hires to be fully vaccinated for COVID-19 or be willing to receive the COVID-19 vaccination on or before the first day of employment.
NextEra Energy is an Equal Opportunity Employer. Qualified applicants are considered for employment without regard to race, color, age, national origin, religion, marital status, sex, sexual orientation, gender identity, gender expression, genetics, disability, protected veteran status or any other basis prohibited by law. We are committed to a diverse and inclusive workplace.
NextEra Energy provides reasonable accommodation in its application and selection process for qualified individuals, including accommodations related to compliance with conditional job offer requirements, consistent with federal, state, and local laws. Supporting medical or religious documentation will be required where applicable and permitted by applicable law. To request a reasonable accommodation, please send an e-mail to [Click Here to Email Your Resumé], providing your name, telephone number and the best time for us to reach you. Alternatively, you may call 1-844-694-4748. Please do not use this line to inquire about your application status.
NextEra Energy will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.
NextEra Energy does not accept any unsolicited resumes or referrals from any third-party recruiting firms or agencies. Please see our policy for more information.
Nearest Major Market: Palm Beach
Nearest Secondary Market: Miami