Direct Client: Cyber Security Engineer

DVI Technologies, Inc.
Pittsburgh, PA
25 Jan 2025

Vacancy expired!

Job Title: Cybersecurity Engineer/AnalystDuquesne Light Company, headquartered in downtown Pittsburgh, is a leader in providing electric energy and has been in the forefront of the electric energy market, with a history rooted in technological innovation and superior customer service. Today, the company continues its role as a leader in the transmission and distribution of electric energy, providing a secure supply of reliable power to more than half a million customers in southwestern Pennsylvania.

Purpose:The Cybersecurity Engineer/Analyst will be part of the Corporate Cybersecurity Operations Team. The operations team is responsible for deploying, operating, and managing various cybersecurity tools in support of the overall Corporate Cybersecurity strategy. The team will include both analysts and engineers that are subject matter experts (SME) for these tools. The Cybersecurity Engineer possesses business acumen and can proficiently assess security risk while considering system operational needs and adherence to corporate requirements, anticipating, and articulating potential operational impacts of policy and controls changes. They will utilize various tools and methods to provide support to end users, technology teams, and projects on a regular and ad hoc basis. Responsible for working collaboratively and effectively with associates across the enterprise to conduct cybersecurity activities such as, but not limited to analyzing information security risk and threat data, monitoring and investigating anomalies, developing and promulgating security controls and risk mitigation recommendations, establishing standards, determining information security-related business needs and requirements for potential projects/initiatives and contributing to the system-wide information security training and awareness program.

Job Responsibilities:
  • Work closely and collaborate with the Cybersecurity Incident Response Team (CIRT) and assist with investigations, responses, and remediations in cloud and on premises environments.
  • Manage Cybersecurity infrastructure technology tools such as vulnerability management, email protection, endpoint protection, network security, SIEM and others.
  • Ensure operational functionality and support of Cybersecurity infrastructure technology tools.
  • Deploying and operationalizing new and upgraded Cybersecurity infrastructure technology tools.
  • Develop and document.
    • Cybersecurity processes, procedures, metrics, and reporting.
    • Technical controls for cloud, on-premises, and hybrid environments mapped to company policy and industry standards
  • Provide technical guidance on security policies and standards development.
  • Manage expectations and effectively communicate and collaborate with colleagues and project team members.
  • Develop project plans and design documents.

Supervisory:
  • Will coordinate the workflow of a given team or project.
  • Will support the review of work and training of other team members.

Education/Experience Requirements:
  • BS/BA degree in Computer Science, Information Systems, related discipline, or equivalent experience, or over 5 years’ experience
  • 3+ years of cybersecurity experience
  • 6+ years of IT experience
  • Information Security certifications, at least one of the following.
    • Certified Information Systems Security Professional (CISSP)
    • GIAC Security Essentials (GSEC)
    • CompTIA Security+
  • Extensive knowledge of threats, risk analysis and the development of security systems and protocols
  • Strong analytical skills to define risk, identify potential threats, and develop and document action/mitigation plan
  • Experience managing an array of security tools such as Tenable, Splunk, Crowdstrike, Proofpoint, Zscaler and Imperva
  • Experience in cloud and application security
  • Familiarity with NIST CSF, Attack Framework and NERC
The following skills are essential for a successful candidate
  • Ability to organize multiple priorities and to set and meet multiple personal goals and deadlines
  • Ability to articulate ideas and concepts to both technical and non-technical audiences
  • Excellent verbal and written communication skills
  • Critical thinking
  • Decision making
  • Ability to work independently
  • Creative problem-solving
  • Excellent interpersonal skills
  • Attention to detail
  • Time management
  • Interpersonal skills
  • Willingness to learn

Preferred:
  • Any of the following Information Security certifications.
    • GIAC Defensible Security Architecture (GDSA)
    • GIAC Certified Web Application Defender (GWEB)
    • CompTIA Advanced Security Practitioner (CASP+)
    • Certified Application Security Engineer (CASE)
  • Understanding of secure SDLC and secure SDLC models
  • Knowledge of OWASP Top 10, threat modelling, SAST and DAST
  • Defining, maintaining, and enforcing application security best practices
  • Conducting application security testing for web applications to assess the vulnerabilities
  • Driving development of a holistic application security program
  • Following secure coding standards that are based on industry-accepted best practices such as OWASP Guide, or CERT Secure Coding to address common coding vulnerabilities.
  • Creating a software source code review process that is a part of the development cycles (SDLC, Agile, CI/CD)
  • Engineering design, configuration, implementation, operations, and maintenance of a variety of security technologies used for network security defense.
  • Network security applications, protocols, and associated hardware.
  • Understanding of passive and active TAPS in a network.
  • Understanding of Network Protocols and ability to analysis PCAP traffic.
  • ID: #48811354
  • State: Pennsylvania Pittsburgh 15201 Pittsburgh USA
  • City: Pittsburgh
  • Salary: Depends on Experience
  • Job type: Contract
  • Showed: 2023-01-25
  • Deadline: 2023-03-18
  • Category: Et cetera