The Enterprise Technology Risk Management (ETRM) function is responsible for cyber security across the organization as well as the related implementation of appropriate controls for regulations such as SOX, HIPAA, CA1386 and NERC/CIP.
The function has direct responsibility for establishing cyber security standards, toolsets and processes and then matrixing them to the delivery, operation and maintenance areas across PG&E.
The Threat & Incident Management (T&IM) group is responsible for ensuring that PG&E proactively identifies and assesses threats to its network and data, monitors its network for malicious activity, investigates intrusions and other relevant events, and has a sophisticated and detailed understanding of the evolving threat landscape.
Responsible for the delivery of information security services including threat assessment, security event monitoring/analysis, incident response, vulnerability management and security tool administration in support of PG&E’s enterprise security goals and objectives.
Cyber Threat Specialists use a variety of commercial and custom tools and processes to provide the information security services mentioned above.
Cyber Threat Specialists are experts in the operation of these tools and have the ability to design improvised solutions on the fly when dealing with active threats.
Cyber Threat Specialists produce metrics and statistics that feed complimentary processes in PG&E such as risk assessment, patching, anti-virus, firewall management, etc.
Cyber Threat Specialists are very technically skilled and have the ability to work successfully with other technical teams within PG&E’s IT department and
include familiarity with scripting languages, comfort working at the command line, SQL experience, familiarity with common operating systems and expertise operating IDS/IPS systems, SIEM systems, vulnerability scanners and other security solutions.
Technical curiosity and fast learning are critical success factors for the right candidate.
Knowledge of security industry terminologies and a desire to understand how security landscapes change over time are valuable qualities in a candidate.
The candidate must possess strong written and verbal communication skills with the ability to explain complex technology designs to groups and business units outside of information technology personnel.
Experience with operational networks and industrial control systems is highly desired.
• Bachelor's degree in Computer Science or related field, or equivalent work experience Training, Licenses or Certifications
• (CISSP) Certified Information Systems Security Professional certification or equivalent or ability to obtain via self-study within one year of hire date Prior Experience
• 4 years of Information Technology experience, with at least 2 years of experience in information security working with security tools, security operations, security intelligence or equivalent functions
• Utility Industry experience
• Experience with Security Information and Event Management (SIEM) systems, Intrusion Prevention Systems, Forensic Systems, Malware Prevention/Detection systems, etc… Knowledge, Skills, and Abilities/ Technical Competencies
• Technical expertise in systems administration and security tools, combined with the knowledge of security practices and procedures
• Ability to understand and critically analyze technical issues in heterogeneous environment
• Programming/scripting skills
• Technical knowledge of operating systems (e.g., UNIX, Windows)
• Knowledge of all layers of the OSI stack
• Ability to read and understand network packet capture files
• Ability to effectively use IDS, IPS, and/or other signature matching technology
• Technical expertise in log collection, analysis, correlation, and alerting
• Expertise in security event monitoring / operations security technologies
• Ability to analyze events and determine severity and appropriate recommended response required
• Advanced understanding of network and systems security, system and network configuration, and application security
• Proven customer facing skills and the ability to effectively communicate at both a high-level and a technical level
• Able to identify complex security exploits, threats, and vulnerabilities
• Strong process orientation and understanding
• Security minded and knows how to handle evidence containing sensitive information
• Good grasp of information security fundamentals, concepts, and strategy
• Excellent written and verbal communications skills
• Demonstrates advanced knowledge of methods, tools, and procedures to prevent system vulnerabilities, and provide or restore security of information systems, databases and network services • Serves as a point of contact on technological issues and searches for ways to improve existing methodology and apply new technology as it becomes available • Applies advanced knowledge of developments and new applications of information technology (hardware, software) and information systems to meet organizational requirements • Develops and maintains strong work relationships, contacts, and networks; demonstrates skill in achieving cooperation from others in order to achieve a goal Personal Attributes • Strong sense of professionalism and ethics. • Acts with integrity and communicates honestly and openly
• Ability to build rapport and cooperation among teams and internal stakeholders
• Respects others and demonstrates fair treatment to all
• Methodical and detail oriented
• Self motivated
• Actively seeks to enhance the group through the sharing of knowledge
• Identify, validate and take action to mitigate network intrusions, malware outbreaks, data breaches and other types of cyber attacks • Recognizes successful intrusions and compromises through review and analysis of relevant event data; Differentiates false positives from true intrusion attempts • Analyzes and reviews security alerts generated by monitoring processes and tools, looking for trends and root causes, and working with stakeholders to resolve security issues • Collaborate with Line of Business technical teams for issue resolution and mitigation • Ensures that security controls are appropriate and operating as intended • Evaluates security alerts generated by vendors and other industry sources • Participate in cyber security incident response activities • Maintain all operations and service levels for security tools and services • Maintain proactive health check operations including run-book tasks, service monitoring alerts, and comprehensive configuration documentation for specified security tools • Maintain and enforce standardized, repeatable administrative and operational policies and procedures
• Provide subject matter expertise on security analysis services, tools, processes, and procedures, mentoring junior team members, and improving services • Ability to code complex tasks that integrate systems or produce reports or provide output that can be leveraged by other team members or systems • Perform complex administration tasks (e.g. customization, cross-tool integration) for security tools • Designs and implements improvements to current security services, tools, processes, and procedures