San Diego Gas & Electric (www.sdge.com)
Provides extensive analytical consulting and implementation expertise for the technology components associated with the Company's infrastructure operations in the specified infrastructure technology area, including support for the development & integration of business solutions.
Provides daily work direction and guidance to team of technical information security professionals.
Ability to provide technical direction and act as a subject matter expert as it relates to cyber security in information technology and industrial control systems
Provides leadership for and performs 3rd level problem resolution.
May require on-call and off-hours availability to support service restoration.
May provide systems support and/or documentation of Information Security related topics.
Responsible for meeting support metrics and for implementing proactive measures to reduce cyber security threats and increase client satisfaction.
Responsible for providing monthly team metrics for upper management.
Performs Information Security R & D activities and establishes solutions/standards.
Assists in providing guidance and support to implement information security framework.
Provides support for systems integration and interoperability reducing cyber security risk.
Prepares studies and evaluations of vendor equipment and software. Recommends standards and guidelines.
Performs consulting services and recommends solutions that reduces or eliminates cyber security risks.
Includes complex business problems requiring in depth review of variable factors.
Provides daily work direction, assists with goals and performance appraisals, and performs other team guidance as required.
May work in conjunction with outsourcing functions.
Provides guidance on solutions, standards and procedures.
Leads and assists with projects.
Maintains relationships with key technology vendors.
Fosters and maintains relationships with clients, colleagues and team.
Gathers requirements and develops strategies and standards in conjunction with other groups as appropriate.
Performs other duties as assigned
Requires a Bachelor's Degree in Computer Science or related discipline, or equivalent work experience and a minimum of 5 to 7 years of Information Security related experience.
General understanding of related infrastructure technologies such as servers, storage & networks highly desirable. Additionally, should have 4-8 years of experience in Information Security with thorough understanding of standard PM processes & methodologies, including relationship management, project budget management, new process implementations, manage 2 large cross-functional projects at once, vendor management, including procurement & contract development (See PM Skills Matrix for additional details).
Experience with security frameworks such as NIST 800-53 r4, CIS Critical Security Controls, and Cyber security Capability Maturity Model highly desired.
Ability to evaluate and recommend new and emerging security products and technologies.
Evangelize information security within Company and be an advocate for customer trust.
Interpret information security vulnerabilities, risks, policies, and procedures to SDGE Business lines and IT teams
Related experience requirements:
At least 8 years of Information Security experience.
At least 6 years of experience assessing application security; including but not limited to web application, web services (XML, SOAP, etc.), thick client applications, and software as a service (SaaS).
At least 4 years of experience in Information Security Engineering, Auditing, or Architecture.
Experience working in the Utility/Gas/Oil/Energy sector is a big plus.
Basic knowledge of distributing computing including UNIX & Windows is required.
Requires strong understanding of the client/server platforms & how they are interrelated to the web.
Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security
Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP,
HTTPS, routing protocols)
Knowledge of common SSL/TLS, hashing, symmetric encryption, asymmetric encryption
Ability to create and review network design and architecture patterns
Able to articulate risk modeling and able to communicate technical concepts in simple terms both verbally and in written reports
Experience with service-oriented architecture and web services security desired
Experience with the application of threat modeling or other risk identification techniques
Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits is desired
Requires experience in desktop & client computing device technologies. Must have understanding & working knowledge of current desktop hardware & peripherals, operating system software, & Microsoft Office productivity applications.
Requires thorough knowledge of mobile computing devices & related communications technology.
Requires proficiency in Microsoft OS, Active Directory, SMS, desktop management tools & monitors.
Results oriented, high energy, self-motivated is required
Excellent written and verbal communication skills is required
Excellent leadership skills and teamwork skills is required
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability or protected veteran status.