Provides specialized enterprise-wide cybersecurity Engineering to assist with maintaining an acceptable level of cyber and privacy risk while ensuring the cybersecurity and resilience of SMUD’s Information, IT and OT systems, network infrastructure. This position has a primary emphasis on cloud infrastructure and cloud applications.
A cybersecurity Engineer at SMUD has a critical role in our cybersecurity program to protect and manage the cyber and privacy risk to our people, process and technology. Cybersecurity Engineer at SMUD provides physical, technical, and administrative control engineering to protect the confidentiality, integrity, and availability of our IT and OT cyber assets.
Bachelor's degree in Cybersecurity, Information Security, Information Technology or closely related field (i.e Computer Science, Systems Engineering, Electrical Engineering) or seven years' experience.
Three (3+) or more years of progressively relevant professional or technical experience in cybersecurity and/or information security.
Principles and practices of cybersecurity and information technology systems. Principles and practices of system security engineering, design, development, analysis, testing and security administration. Advanced methods and techniques of evaluating security and privacy requirements and developing secure solutions for SMUD systems. Methods and techniques of developing data security, integrity, backup and recovery processes. Project management methodologies. Principles and practices of systems and procedures analysis and design. English composition and business writing and vocabulary standards; methods and techniques for report preparation and writing; methods and techniques for record keeping; modern office practices and procedures.
Problem solve, analytical and troubleshooting capabilities; ability to learn new skills quickly with minimal guidance; ability to achieve project schedules and milestones; work in a team environment with aggressive deadlines and multiple priorities while staying a team player; facilitation and presentation skills; strong verbal and written communication skills as well as strong interpersonal skills; ability to listen, learn, speak up, and mentor; attention to detail; skill to work with different groups and diverse projects as a partner; skill to perform privacy and/or security reviews including regulatory and industry assessments, risk analyses, information inventory and data mapping, vendor management security assessments, and additional privacy or cybersecurity compliance related projects.
Major Duties & Responsibilities
- Responsible for the design, development, implementation, and/or integration of SMUD’s security architecture, system, or system components for use within IT and OT environments. Ensures that the architecture and design of SMUD’s cloud-based IT and OT are functional and secure.
- Provides network and systems security engineering, design engineering, security tests and evaluations, and risk assessments for OT and enterprise-level IT systems, including risk management, vulnerability assessments, security assessments, strategy and project development, network architecture designs, and monitoring solutions.
- Enhance enterprise cybersecurity program by developing technical security requirements and technical security control implementation guidance for IT/OT network infrastructure to include hardware, software, and services.
- Applies technical experience and knowledge on routing, switching, MPLS, SONET/SDH, Frame/Relay, Telecommunications, Wireless (Microwave & LTE) and Radio technologies. Maintains deep technical knowledge of RTU’s, Distribution Automation Network and Field Area Network devices (900 MHz and LTE technologies), Energy Management Systems, Power Systems Operations and Distribution Operation Systems.
- Maintain skills implementing and/or operating security and networking technologies: Application Security Scanners, Endpoint Protection, Remote Connection, Network Protection, Data Loss Prevention, File Integrity Monitoring, Security Auditing & Logging, Vulnerability Management, and Virtual Private Networking technologies such as IPSEC, SSL/TLS, SSH, site to site and network to network.
- Advise on the design and innovative integration of cybersecurity toolsets to enable more automated discovery, remediation, and alerting of network and device vulnerabilities as a means of improving the security posture, to include security solutions utilized in SCADA/Control systems environments, applying working knowledge of ICCP, DNP3, MODBUS and other common IEC utility protocols such as IEC-60870-5, IEC-61850.
- Maintain advanced technical knowledge of TCP/IP, DNS, SMTP, HTTP, FTP, SNMP, Active Directory, LDAP, Ethernet, Wireless LAN, and other WAN/LAN Protocols.
- Apply advanced knowledge and functional experience with IDS/IPS, WAF, ADC, firewall, VPN across a wide range of complex architectures, platforms and mediums.
- Review and/or monitor network and system activity and analyze evidence of suspicious behavior to identify and report events that occur or might occur within the network to protect information, information systems, and networks from threats.
- Expert knowledge on common IaaS offerings from Amazon, Azure, and GCP.
- Conduct assessments of threats and vulnerabilities, determine deviations from acceptable configurations, enterprise or local policy, assess the level of risk, and develop and/or recommend appropriate mitigation countermeasures in operational and nonoperational situations.
- Perform and coordinate technical security assessments activities (e.g. technical security control testing, penetration/vulnerability assessments, policy validation tasks, etc.).
- Creating, run and maintain cloud (AWS, Google Cloud, and Azure) network and security stack.
- Monitor, analyze, detect, and respond to cyber events and incidents within information systems and networks in support of incident response and Security Operations Center (SOC) mission.
- Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks as part of a Cyber Incident Response Team (CSIRT).
- Assist in gathering and preservation of evidence used in the prosecution of computer crimes.
- Ensure system and network recovery processes are monitored and that security features and procedures are properly restored.