Previous Job
Security Engineer
Ref No.: 18-08312
Location: Columbus, Ohio
The IT Security Analyst helps lead and manage the provision of outsourced security services and application of IT Security policies and procedures for all business units and control networks. This role works closely with the Director of IT Security and Manager IT Security to ensure that Security Services are provided within the scope of the Service contract as reflected by service levels, the statement of work and pertinent schedules/exhibits. This role also works closely with the Service Provider Delivery management team to track and monitor the overall progress of IT Security Operations processes and small- to medium-sized Security Services projects.

Key outcomes for success include:
Supporting IT Security Operations processes to ensure effectiveness and efficiencies
Assist and support the ongoing assessment and improvement of the Security posture
Essential Responsibilities:
Under the direction of the Director of IT Security or the Manager IT Security, performs routine assignments in the IT Analyst job band
Respond and participate in management of investigations related to security breaches, incidents and outbreaks in alignment with IT Management and Security Service provider
Participate in coordination of efforts of the Cyber Emergency Response Team (CERT)
Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
Work closely with other IT Departments, business partners, project managers, and Service Providers to perform and/or support operations processes.
Help drive resolution of security operational and service-based issues, reviewing, analyzing and reporting on Service Provider operations, as directed by the Manager IT Security Operations
Resolve or escalate issues related to security operations in a timely manner
Work with of legal hold/preservation order system & coordinate with in-house counsel to collect electronic data for internal review as appropriate
Work closely with the IT Support Services to resolve Service Provider related issues and to help ensure accurate reporting related to Service Provider performance
Work closely with project managers and Service Provider personnel to help track and monitor projects that meet business needs and adhere to agreed-upon service levels (e.g., budget, schedule, quality)
Create and revise policies and procedures to ensure operating efficiency and regulatory compliance.
Facilitate audits of processes related to Security Services.
Assist in ensuring the Service Providers are adhering to defined policies, procedures and standards.
Confirm that Security Services supporting and procedures documentation is available and kept up-to-date
Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
Maintain a solid understanding of the Service Providers security operations and service delivery capabilities and processes
Interact with Service Provider team members, helping to ensure they are properly qualified and staffed appropriately to meet business needs
Maintain a solid understanding of the scope of the Service contracts as reflected by service levels, statement of work and pertinent schedules/exhibits
Other duties as assigned.

Bachelors Degree or equivalent work experience that provides knowledge and exposure to fundamental theories, principles, and concepts of IT Security
2-3 years of experience in security services or security analysis, deployment and support
Working knowledge of LAN, WAN and VPN technologies
Understanding of OSI model and the role security plays within the stack
Broad understanding of IT Risks and Controls and ability to apply risk and control concepts.
Basic knowledge of the NIST Cybersecurity Framework.
Strong grasp of data privacy, protection, risks and controls.
Experience working closely with service providers, as directed by Management
Knowledge of IT security tools and components, trends and best practices
A strong understanding of the business impact of security tools, technologies and policies.
Solid skills with computer operating systems (Microsoft Windows, Unix, Macintosh and Mainframe) and software (MS Office Suite, MS Project, and other IT applications) and ability to learn new technical concepts quickly
Excellent analytical abilities, including process analysis and development, problem solving and root cause analysis
Strong teaming skills, collaboration, negotiation, communication, organizational, people management and conflict resolution skills
Ability to work in a confidential environment
Willing to travel to business unit or Service Provider locations, as needed
Willingness to be on call or respond to security situations as required by Management

Preferred for Selection:
Business operations knowledge
Vulnerability scanning experience
Malware analysis and Threat analysis
Performing / managing Penetration Testing
General working knowledge of the gas and electric utility industry
Involvement with and comprehensive knowledge of networking fundamentals (routing, firewalls, load balancing, etc.) and network traffic analysis
Experience in viewing and interpreting Windows event log analysis as well as overall security log management
Knowledge of ITIL processes and metrics
Familiarity with applicable legal and regulatory requirements, including, but not limited to, the Sarbanes-Oxley Act, FERC, NERC/CIP.
Working experience with ITIL processes and metrics (ITIL V3 certification a plus)
Demonstrated skills in penetration testing, intrusion detection systems, firewall deployment and management, vulnerability assessments, incident response and/or patch management required
Understands and applies Project Management Fundamentals
Proven track record in managing project (s)
Can work independently in the assigned functional domain

Subject matter expert in one or more of the following in an Enterprise Environment:
Operating systems Windows, Unix, Linux, etc.
Virtualization or Container technologies, VMware, Hyper-V, Citrix, VDI, Docker, etc.
Patch management tools and systems.
Networking including routers, switches, and firewalls
Endpoint Protection
Active Directory, Network Access Control, IDS/IPS, HIDS, SIEM, MDM/EMM, etc.
Demonstrated experience in leading multiple process improvement initiatives
Experience Developing a security program and delivering security projects that address identified risks and business security requirements.

Possess and maintain at least one of the following certifications:
GIAC Security Essentials (GSEC)
Certified Information Systems Security Professional (CISSP)
Certified Ethical Hacker (CEH)
Systems Security Certified Practitioner (SSCP)
EC-Council Certified Security Analyst (ESCA)
CompTIA Security+ (Security+)
Cisco Certified Network Associate - Security (CCNA-S)

Stephanie Fish
(732) 945-8676