IT Security Analyst
Puget Sound Energy
Bellevue, WA US
Job Summary & Responsibilities
Puget Sound Energy’s IT Security and Risk department is looking for an IT Security Analyst to join our team. This position will be filled as an advisor security analyst, senior security analyst or security analyst depending on the qualifications of the selected candidate.
This role will develop, deliver, maintain or monitor IT security policies, standards, and best practices. There will be opportunities to implement, integrate, maintain, report or monitor security and compliance risk management procedures to reduce financial loss and critical business services. The ideal candidate will also perform security, vulnerability and threat assessments and security incident management. The candidate will oversee the compliance requirements, audit services and be an integral part of proper implementation of our disaster recovery procedures in alignment with enterprise business
continuity, development and testing. Diligently upholds the safety compliance standards inherent in PSE’s operating and/or field procedures related to work responsibilities.
This is an excellent opportunity to play an integral role within PSE to help us better serve the environment, our customers and the communities in which they live. PSE provides an environment where all employees are valued, respected and provided
with the opportunity to achieve maximum performance. We offer a comprehensive pay package that includes competitive compensation, annual goals-based incentive bonuses, comprehensive cafeteria-style benefits, 401(K), a company paid retirement pension plan and an employee assistance and wellness program. Gain the energy to do great things through a career with Puget Sound Energy!
- Acts as a leading member of the IT Security Incident Response team with working knowledge of Forensic Investigation methods and evidence preservation.
- Acts as a leading member of the Threat Management program in support of SIEM development.
- Develops and maintains effective Information Security program plans, processes, and procedures necessary to drive increased maturity across organization.
- Plans and implements security and integrity controls over client-server based applications.
- Researches, evaluates, designs, tests, recommends, and plans implementation of new or improved information security software or devices.
- Analyzes new/enhanced software application or tool implementations for implications to existing security software and devices.
- Possesses and applies broad knowledge of security, risk, and compliance principles, practices and procedures in at least one process area.
- Drafts new or updates existing process, procedures and policies as necessary and updates or creates documentation based on work performed.
- Defines, implements, and enforces security and compliance controls.
- Facilitates the development and implementation of security systems.
- Applies knowledge in a primary Team and general knowledge in multiple relevant Teams to create solutions for complex business situations.
- Provides technical expertise and guides the administration of security tools to ensure controls are in place.
- Analyzes application security needs based on the sensitivity or proprietary nature of the data, and ensures systems are utilized for management-approved purposes only
- Demonstrates success working in a team, with the ability to communicate and collaborate with business partners and peer-level professionals.
- Confers with team members on security or compliance matters.
- Mentors and coaches team members and other IT peers to support cross-training and knowledge sharing.
- Resolves complex problems, often collaborating with other experts to do so.
- Defines project scope, objectives, and requirements to support aligned work efforts.
- Works with IT professionals and managers across multiple segments.
- Responds to unfamiliar, undefined, unexpected, or unstable situations with the professionally prescribed standard response.
- Operates under limited direction.
- Performs other duties as assigned.
ADVISOR LEVEL MINIMUM QUALIFICATIONS:
- Bachelor’s degree and 8 years of experience or combination of specialized training/experience and 8 years of directly relevant experience.
- Technical proficiency in security-related hardware and software; ability to function as a consultant to other IT groups on security matters as a recognized technical expert and to lead teams
- Knowledge of security frameworks such as: ISO 27001, NIST 800-53, COBIT and COSO
- Experience with implementation and management of compliance requirements such as NERC and SOX
- Understanding and experience with other security products and techniques such as token-based dialup authentication, modem callback and password management is desirable
- Ability to effectively adapt to and apply rapidly changing technology to business needs
- Strong knowledge and understanding of business needs, with the ability to establish and maintain a high level of customer trust and confidence
- Proven ability to work under stress in emergencies; flexibility to handle pressure coming from all directions at one time
- Strong analytical and problem-solving skills
- Strong customer focus and ability to manage client expectations
- 1+ year experience configuring or managing SIEM systems and solutions
- 1+ year experience configuring or managing an enterprise dependent solution in support of multiple business processes
- Highly desirable are certifications in one or more of the following:
- Certified Information Security Manager (CISM),
- Certified Information Systems Auditor (CISA),
- Certified Information Systems Security Professional (CISSP),
- Certified Network Security Professional (CNSP) or Associate (CNSA),
- Certified Protection Professional (CPP),
- Cisco Certified Security Professional (CCSP),
- CyberSecurity Forensic Analyst,
- EC-Council Certified Security Analyst,
- InfoSys Security Architecture Professional (ISSAP/CISSP),
- InfoSys Security Engineering Professional (ISSEP/CISSP),
- InfoSys Security Engineering Professional (ISSEP/CISSP),
- Internet Computer Security Engineer (ICSE),
- CIW Security Professional (CIW-SP)
- SANS-GIAC certifications family,
- Security Plus, Certified Forensics Investigator