Sr Info Security Analyst I

Duquesne Light Company - Pittsburgh, PA

posted 3 months ago

Full-time - Mid Level
Hybrid - Pittsburgh, PA
Utilities

About the position

Duquesne Light Company, headquartered in downtown Pittsburgh, is a leader in providing electric energy and has been at the forefront of the electric energy market, with a history rooted in technological innovation and superior customer service. Today, the company continues its role as a leader in the transmission and distribution of electric energy, providing a secure supply of reliable power to more than half a million customers in southwestern Pennsylvania. Duquesne Light Company is committed to creating a culture of inclusion, valuing and respecting the unique differences and experiences of its employees. The company believes that these differences lead to better collaboration, innovation, and outcomes, and invites you to join their team. The Sr. Information Security Analyst I will be part of the Cybersecurity Operations (“CyberOps”) team, directly supporting NERC CIP requirements and critical infrastructure security. This role requires a deep understanding of the organization's information security strategy and the ability to contribute to the development, maintenance, and implementation of the overall system-wide information security program necessary for the protection of Duquesne Light. The analyst will need to possess business acumen and the ability to assess security risks while considering system operational needs and adherence to regulatory requirements, directly anticipating and articulating potential operational impacts of policy and controls changes. As a member of the CyberOps team, the Sr. Information Security Analyst will be responsible for conducting cybersecurity activities, including analyzing information security risk and threat data, monitoring and investigating anomalies, developing security controls/solutions, and risk mitigation recommendations. The role also involves executing system and application hardening, conducting vulnerability assessments, determining information security-related business needs for potential projects, and diligently monitoring networks and systems for signs of infection, compromise, and misconfiguration. The position is hybrid, requiring a minimum of two days in the office and the remaining days working remotely, with the location based in downtown Pittsburgh, Pennsylvania.

Responsibilities

  • Investigate, respond, and remediate cyber events in DLC's critical infrastructure network environment.
  • Provide system administration and support of CyberOps systems and applications related to critical infrastructure.
  • Work collaboratively as part of a team, with moderate supervision to provide relevant input and feedback to develop and maintain documentation for all assigned responsibilities.
  • Provide relevant input and feedback on the investigation and proposal of technologies and methodologies that can enhance Duquesne Light's security and/or business continuity posture.
  • Manage expectations and effectively communicate and collaborate with colleagues and project team members.
  • Effectively and efficiently manage security event monitoring, tuning, and incident response.
  • Ensure accurate and timely resolutions to all assigned issues relating to critical infrastructure security.
  • Monitor daily for cybersecurity events on DLC's network, and report findings to the Cybersecurity Operations Supervisor.
  • Review endpoints to confirm compliance with endpoint security policies, procedures, and standards.
  • Perform forensic analysis of host-based systems.
  • Stay up to date on changes in the threat landscape impacting Duquesne's information security program.
  • Research, investigate, communicate, and integrate actionable threat intelligence information in DLC Cyber Security Operations and IT systems.
  • Perform all other duties as assigned.

Requirements

  • Associate's degree in a related discipline such as Cyber Security, Computer Forensics, or Computer Engineering; Bachelor's degree preferred.
  • Four (4+) or more years of relevant Information Security experience.
  • Previous utility experience in transmission and distribution operations, or other industries utilizing SCADA systems.
  • Experience with the NERC CIP compliance framework and/or other regulatory frameworks governing Cybersecurity Operations.
  • Experience participating in security and regulatory audits, including evidence gathering and analysis.
  • Experience utilizing and managing on-premise security products including Configuration Monitoring platforms, SIEM Solutions, Vulnerability Management platforms, and Endpoint Detection and Response tools.
  • Experience with Systems Administration in server environments including Microsoft Windows and Linux Operating Systems.
  • Experience with coding/scripting/database languages including Python, PowerShell, and SQL.
  • Information Security certifications including CISSP, SANS GIAC.

Nice-to-haves

  • Intermediate understanding of cybersecurity topics such as vulnerability management, incident response, endpoint protection and email security.
  • Proficient at technical writing and documenting procedures and processes.
  • Strong interpersonal, communication and organizational skills with the ability to exhibit sound judgment and express verbal and written information effectively.
  • Strong written and verbal communication and presentation skills.
  • Demonstrated ability to interact with people and translate complex concepts into easy-to-follow ideas and present to all levels of the organization.
  • Strong analytical and project management skills.
  • Ability to prioritize efficiently while multi-tasking, dealing with interruptions, and working in a high-paced energetic environment.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service