Security Engineer

About RF:

ReliabilityFirst Corporation is a regulator focused on the reliability and security of the electric grid. ReliabilityFirst’s mission is to preserve and enhance the reliability, security, and resilience of the Bulk Power System across 13 states and the District of Columbia. ReliabilityFirst is uniquely positioned to work closely with transmission, generation, and other power companies as well as the federal government to help identify and ensure the mitigation of operational risks and physical and cyber security threats to the electric grid. Read more about ReliabilityFirst at: https://www.rfirst.org/about-us/

Purpose of Your Job Position:

The Security Engineer will play a pivotal role in executing a comprehensive information security program as a member of the Information Technology (IT) team.

This position is responsible for researching, designing, and implementing the physical and cyber security solutions at RF. The Security Engineer’s will provide thought leadership and technical IT security support across the organization to improve the overall security posture of ReliabilityFirst.

This position reports to the Manager, IT Infrastructure and Security and works closely with our Security and Data Analytics teams.

Responsibilities:

Cloud & Physical Security

1. Maintain high-level security posture for both the cloud and physical infrastructure environment by leading and assisting in IT security tasks as assigned.
2. Design and implement security infrastructure solutions and proposes changes/upgrades to firewalls, intrusion detection/prevention endpoint protection, SIEM, data loss prevention, and vulnerability within our organization.
3. Assist with security related processes including, but not limited to, Access Management, Mobile Device compliance, Phishing, and Security Reviews.

Threat Lifecycle Management

1. Understand the technical aspects of projects to identify risks, propose immediate solutions and provide guidance for computer system solutions throughout our organization.
2. Comfortable implementing security controls such as database security, web content filtering, anomaly detection and response, and vulnerability scanning.
3. Help mitigate threats and vulnerabilities identified by internal or external penetration testing and vulnerability assessments. Help prepare assessment reports and resulting mitigation tracking documentation and root cause analyses (RCA).

Communication

1. Contribute to the design and implementation of security processes, procedures, and tools to meet the company’s compliance requirements as define d in approved security frameworks.
2. Clearly convey technical language to other stakeholders often in non-technical terms and create buy-in for technical solutions.

Report & Monitoring

1. Document and report any major security risk that has been identified to IT Manager and/or CSO while being available off-hours to respond to these risks.
2. Monitor and analyze open source and internal data sources to identify trending security issues and alert management to developments, changes and shifts in risk.

Relationship Management

1. Develop, maintain, and evaluate relationships with vendors to ensure they are meeting our standards and are being utilized appropriately.
2. Develop strong working relationships with team members and leaders within ReliabilityFirst to have full grasp of security activities as they relate to the technical needs of each department.
3. Collaborate with NERC (North American Electrical Reliability Corporation), the Electric Reliability Organization (ERO), and the Information Technology Security Group (ITSG) to continuously monitor and assess best IT practices and lead continuous improvement.

Qualifications:

1. Bachelor's and/or Technical degree in Computer Science, Information Systems, Computer or Systems Engineering, or related technical field required
2. At least 5+ years of hands-on IT systems experience including applying security controls

Desirable:

1. ISC(2) CISSP or SANS GCWN/GSEC/GCIH/GPEN certifications
2. Cyber security experience across all security domains
3. Proficiency with at least one scripting language (e.g., Perl, Python and PowerShell)
4. Significant experience with implementing cloud security
5. Experience with multiple security technologies including firewalls, intrusion detection/prevention, endpoint protection, SIEM, data loss prevention, VPN, and vulnerability scanners
6. Experience making strategic decisions derived from threat and risk-based analysis
7. Demonstrated understanding of best practices in cyber/physical security encompassing strategies, policies, principles, procedures, and standards
8. Strong leadership qualities and communication skills
9. Excellent analytical skills and high attention to detail

ReliabilityFirst is an equal opportunity employer and is committed to providing equal opportunities to all employees and applicants in accordance with local and federal laws. ReliabilityFirst's mission is to preserve and enhance bulk power system reliability and security. This mission cannot be accomplished without a diverse and inclusive staff - one that at all levels feels empowered, valued, respected, and engaged. Learn more at: Diversity, Equity, & Inclusion at RF (rfirst.org)