CYBER SECURITY ENGINEER
Company: Duck River Electric Membership Corporation
Location: Virginia Beach
Posted on: November 6, 2024
Job Description:
Summary
All potential applicants are encouraged to scroll through and read
the complete job description before applying.
To foster a cyber safety culture across the Cooperative by engaging
Management and regularly communicating with employees through
training and interactions. To bolster the Cooperative's security
posture through monitoring and protecting the Cooperative's
network(s), computers systems, and data from security issues,
install/maintain security software, establish baseline
configurations, document any security issues or incidents found and
implement best practices. The Cyber Security Engineer will serve as
a subject matter expert and is expected to stay up to date on the
latest intelligence, including hackers' methodologies. To perform
assigned functions according to standardized policies and
procedures. Reporting
- Reports to: Director of Security and Enterprise
Infrastructure
- Directs: None Responsibilities
- Collaborate with stakeholders to define, develop, implement,
and maintain the company's security framework (policies, standards,
guidelines, and procedures) based on the needs and requirements of
each department.
- Conduct research and provide recommendations on solutions,
designs, or architecture to harden the Cooperative's current
posture.
- Develop, document, and verify security baseline configurations
on Cooperative-owned assets.
- Perform audits to validate adherence and implement new controls
of the CIS framework.
- Evaluate environment to design, implement, enhance and manage a
zero-trust network.
- Create a culture of security awareness by leading and enhancing
cyber safety training.
- Manage and maintain the phishing campaigns conducted by the
Cooperative and provide relevant refresher training.
- Maintain and manage the Security Information and Event
Monitoring solution to monitor server logs, firewall logs, and
network traffic for unusual or suspicious activity.
- Conduct threat hunting on any anomalous behavior (blue/purple
team activity) and lead remediation efforts.
- Administrate and maintain the antivirus/endpoint detection and
response solution.
- Monitor the IPS/IDS for anomalous traffic patterns.
- Perform risk assessments and testing of enterprise technology
infrastructure.
- Perform vulnerability scanning and provide recommendations to
mitigate discovered vulnerabilities.
- Analyze Cooperative business requirements and provide objective
advice on the use of enterprise security solutions.
- Define events vs alerts vs incidents for the organization and
create incident classification, severity, and priority tables in
line with all threats, risks, and vulnerabilities.
- Facilitate penetration testing and follow through with all
mitigating actions.
- Manage and maintain physical access within the access control
system.
- Implement security improvements by assessing current situations
and evaluating trends.
- Create, maintain, and disseminate system documentation and
Standard Operating Procedures for network and other duties.
- Work with all Cooperative employees to realize enterprise
approach to security.
- Encourage cyber security awareness and implementation of best
practices by third parties accessing enterprise infrastructure to
minimize risk to the Cooperative.
- Understand the latest hacker techniques and propose appropriate
countermeasures.
- Assist in special projects, as necessary.
- Promote cyber safety culture by partnering with Management
staff to further the Cooperative Strategic Plan.
- Must be accountable to supervisor and the management of the
Cooperative for the efficient performance of job responsibilities.
Though some of the authorities may be delegated or assigned to
another person, the accountability cannot be. Education and
Experience
- Bachelor's degree in Cybersecurity, Information Technology, or
other related IT field, or 10 years related experience and/or
training or equivalent.
- Certified Ethical Hacker certification is preferred.
- Previous working experience with a Security Information and
Event Monitoring solution and reviewing Windows logs.
- Familiarity with NERC-CIP standards is preferred. Required
Skills and Abilities
- Must be able to maintain professionalism and control under all
circumstances.
- Has and maintains a valid driver's license and acceptable
driving record and is able to operate SVEC vehicles.
- Must become and remain certified in CPR and first aid. Must
also be skilled in the use of all safety equipment.
- Proficient in Microsoft Office products including Excel and
Word.
- Strong verbal, written, analytical and interpersonal
skills.
- Ability to dissect and resolve complex problems quickly and
systematically.
- Organized, keen attention to detail, and efficient.
- Ability to conduct research into IT security issues and
products as required.
- Analytical/logical thinking ability.
- Ability to assemble facts in a clear, understandable
manner.
- Team-oriented and skilled in working within a collaborative
environment.
- Maintain high level of confidentiality with regards to
associate, member-owner, and corporate information.
- Possess effective techniques to research and access all sources
necessary to fulfill position responsibilities.
- Must have access to reliable transportation to and from work.
Physical Requirements
- Participation in SVEC job safety and training programs,
relevant workshops, seminars and other SVEC sponsored courses and
events.
- Must be able to use office equipment including telephone,
computer, and other systems and related software in the performance
of position responsibilities.
- Must be able and available, during all types of weather
conditions, to work weekends, holidays, evenings, and other times
outside normal duty hours to assist in service restoration and
other emergencies that may arise or when the workload demands.
- Must always maintain an operating telephone or personal
communication device at his/her place of residence. Ability to
contact the telephone or personal communication device must be made
available to SVEC for the purpose of contacting the manager to
conduct legitimate routine and/or emergency business.
- This position is primarily inside work. Must be able to work up
to eight hours per day at a computer.
- This position involves primarily inside work. Must be able to
lift objects unassisted (up to 30 pounds). Some standing, walking,
climbing, balancing, stooping, kneeling, crouching, or crawling to
a minimal degree. The above statements are intended to describe the
general nature and level of work being performed by people assigned
to this classification. They are not intended to be constructed as
an exhaustive list of all responsibilities, duties, and skills
required of personnel so classified.
#J-18808-Ljbffr
Keywords: Duck River Electric Membership Corporation, Chesapeake , CYBER SECURITY ENGINEER, Engineering , Virginia Beach, Virginia
Didn't find what you're looking for? Search again!
Loading more jobs...