Sr. Domain Engineer (Cybersecurity Critical Infrastructure Protection Compliance Specialist)

at SDGE
Published April 29, 2022
Location San Diego, CA
Category Default  
Job Type Full-time  

Description

SDG&E is an innovative San Diego-based energy company that provides clean, safe and reliable energy to better the lives of the people it serves in San Diego and southern Orange counties. The company is committed to creating a sustainable future by providing its electricity from renewable sources; modernizing natural gas pipelines; accelerating the adoption of electric vehicles; supporting numerous non-profit partners; and, investing in innovative technologies to ensure the reliable operation of the region’s infrastructure for generations to come. SDG&E is a subsidiary of Sempra Energy (NYSE: SRE).

Our highly trained and responsive employees with their diverse skills, talents and ideas are the reason we can deliver on our commitment and are building America’s best energy company. They are also the reason why we have been recognized with the industry’s most coveted awards. Our employees undertake challenging work, and receive highly competitive compensation and benefits. As one of the region’s largest employers, we’re always searching for talented and bright people to join our team. After all, it takes the best to build the best. Learn more about benefits HERE.

Diversity and inclusion are core values of SDG&E. Empowering our employees to be their whole selves at work is our competitive advantage. This is where new ideas come from and meaningful collaboration gets an authentic start. By bringing together people with different perspectives, diverse backgrounds and real commitment to their own individuality, we have built a stronger business. Learn more about our commitment to diversity and inclusion HERE.

For more information, visit SDGEnews.com or connect with SDG&E on Twitter (@SDGE), Instagram (@SDGE) and Facebook.

Primary Purpose
Assesses risk and identifies mitigations. As a specialist in security techniques, provides visibility across the enterprise technology landscape to identify, assess and recommend risk mitigation tasks. Effectively provides oversight and guidance to ensure strict adherence with North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) compliance standards and requirements. Performs frequent reviews of evidence, reports, and personnel records to maintain NERC CIP compliance posture. Handles complex long-term initiatives in area of expertise, collaborating with multiple teams and stakeholders to develop and maintain documentation, processes, and procedures to support NERC CIP operations and business units.

Duties and Responsibilities

•Ensures cybersecurity presence throughout development life cycles, supporting product teams with operational oversight and cybersecurity engineering consulting. Leverages DevSecOps expertise to enhance continuous monitoring by integrating security practices with product teams. Creates processes and templates for cybersecurity related implementations, focused on risk mitigation. Oversees and maintains strict adherence to NERC CIP compliance efforts. Develops and maintains up-to-date reports and evidence for NERC CIP standards and requirements for audit purposes. Maintains strict adherence to NERC ICP compliance efforts.
•Perform reviews of system generated evidence and reports configurations to ensure compliance requirements are met. Develops procedures, processes and guidelines for implementing risk-based internal security controls, and technical assessments while co-creating with engineering and architecture teams for greater alignment. Evaluates current state process as needed.
•Participates in analysis, diagnosis and assessment of cybersecurity related capabilities (systems, platforms, or networks), ensuring adequate performance, risk management, and capacity management. Develops and maintains standards, processes, and procedures for the safe and reliable operation of hardware, software, applications, and network equipment.
•Delivers work in accordance with an agile mindset. Agile is a methodology supporting new ways of working emphasizing incremental delivery, value prioritization, often using scrum process. Assists in incremental value creation and business agility, adopting scrum or kanban methodologies as appropriate to their team. Kanban and scrum are frameworks used for organizing work in an agile way, focused on managing the flow of knowledge and operational work and driving continuous improvement for a team. Mentors less experienced technology staff on cybersecurity knowledge best practices, procedures, and processes.
* Performs other duties as assigned.

Required Qualifications:

* Bachelor's Degree Information Systems, Software Engineering, Computer Science, related field or equivalent training and/or experience.
* 5 years - Progressive experience working within IT and/or enterprise cybersecurity with experience in cybersecurity process, risk assessments.
* Working knowledge of evolving cybersecurity threats and best practice for mitigation.
* Knowledge of IT compliance related activities.
* Results oriented, high energy, and self-motivated.
* Excellent written and verbal communication skills.
* Excellent teamwork skills.
Preferred Qualifications:

* 5 years - Experience with National Institute of Standards and Technology (NIIST) Cybersecurity Framework (CSF) or Risk Management Framework (RMF) such as NIST 800-53 or ISO 27000).
* 3 years- Experience in the Energy or Utilities sector.
* CompTIA Security+, Global Information Assurance Certification (GIAC), GSSEC (ISC)2 Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certificated Internal Auditor (CIA) certificate or equivalent.
May require work outside of normal business hours and/or 24/7 response availability for system and application maintenance, enhancements, production releases and/or operational emergencies.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability or protected veteran status.
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled