- Performs both automated and manual security assessments for applications and other systems.
- Evaluates cybersecurity technologies and provide feasibility assessments.
- Communicates with internal clients to interpret clear system security requirements and test plans, articulate common risk modeling methods and secure architecture patterns, Identify security issues and risks, and develop mitigation plans and recommendations.
- Architect, design, implement, support, and evaluate security-focused tools and services while acting as the Information Security project lead.
- Interprets information security vulnerabilities, risks, policies, and procedures to Company Business lines and IT teams.
- Perform Security Risk Assessments on large and medium programs and projects.
- Evaluates and recommends new and emerging security products and technologies.
- Participates in projects that develop new intellectual property and ensure security policies, requirements, best practices, etc. are applied.
External Qualifications:
- Bachelor's degree in Computer Science, Engineering, related discipline, or equivalent experience. At least 8 years of relevant experience required.
- Recent demonstrated experience working with industrial control systems (ICS) in some form preferred.
- Knowledge of countermeasures against common attacks on web applications, app servers, databases, the HTTP protocol, SSL, DNS, certificates, credentials, forms, web sessions, cookies, tokens, XML, JavaScript, AJAX, JSON, Flash, SFTP, PKI and symmetric crypto, wireless & wired networks, and related Internet technologies
- Knowledge of countermeasures against common network based attacks such as but not limited to Denial of Service, Distributed Denial of Service, VLAN hopping, DNS attacks, MiTM, application layer attacks, etc. are highly desired
- Recent demonstrated experience in Information Security Engineering, Auditing, or Architecture
- Experience with security frameworks such as NIST 800-53r4, NISTIR 7628, NIST Cybersecurity Framework, CIS Critical Controls.
- Experience with Distributed Control Systems (DCS) is highly desired.
- Information Security Certifications highly desired (CISSP, GSEC, C|EH, CSSLP, OSCP, GISP, etc.)
- Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security.
- Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
- Knowledge of common SSL, hashing, and symmetric encryption, especially in Java and .Net environments.
- Ability to create and review network design and architecture patterns.
- Able to articulate risk modeling and able to communicate technical concepts in simple terms both verbally and in written reports.
- Experience with service-oriented architecture and web services security desired.
- Experience with the application of threat modeling or other risk identification techniques.
- Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits is desired.
- Excellent written and verbal communication as well as teamwork skills are required.
SDG&E is an Affirmative Action and Equal Employment Opportunity employer and considers all applicants for employment without regard to race, color, religion, sex, gender identity, gender expression, sexual orientation, national origin, age, handicap or disability or status as a Vietnam-era or special disabled veteran in accordance with state and federal law.
For more information, click on the following link: http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf
Requisition Number:17-31123
Click here to view the full job posting.
San Diego Gas & Electric (SDG&E)
8326 Century Park Ct
San Diego
California United States
www.sdge.com