Responsible for exhibiting Chesapeake Utilities Corporation's Mission, Vision and Values, regarding external customers, agencies, vendors, internal departments and co-workers. This position will be responsible for protecting the corporation's critical information and assets by ethically integrating cybersecurity risk management best practices throughout the enterprise. This position will be responsible for detection and analysis of opportunistic and persistent threats, deploying counter measures and conducting risk and vulnerability assessments across the enterprise. As a specialist on the Cyber security team, you will participate in detection and response of cyber incidents, assist in recovery of operations and assist in formulating, updating, and communicating short- and long-term organizational cybersecurity strategies and policies. In addition, you will provide technical support to others on adjacent technical teams and the greater organization. The ideal candidate will have a thorough understanding of the relevant incident response steps, as well as knowledge of various security architectures and frameworks (Zero Trust, SABSA).
Primary duties and responsibilities include:
- Monitor and analyze security intel generated by company security controls. Develop TTPs and lead triage, containment and eradication.
- Participate in threat hunting activities and "deep dive" analysis to maintain a high degree of awareness on the current threat landscape
- Provide effective incident response, by correlating intelligence from IPS systems, endpoints and third parties.
- Administer security awareness training and enterprise vulnerability management solutions, as required.
- Administer and maintain leading enterprise commercial endpoint and network based security solutions
- Develop and produce reports on all activities and incidents to help maintain day to day status,
- Develop and report on trends, and provide focus and situational awareness on all issues.
- Maintain documentation for all systems and create user guides and standard operating procedures.
- Adhere to enterprise change management procedures and corporate security policies.
- Responsible for tuning and filtering of events and information, creating custom views and content using all available tools following an approved methodology and with approval and concurrence from management.
- Maintain system baselines and configuration management items, including security event monitoring "policies" in a manner determined and agreed to by management.
- Ensure changes are made using an approval process agreed to in advance.
- Produce reports identifying significant or suspicious security events to appropriate parties. Include latest security threat information and tie back to specific intrusion sets of nation state actors when possible.
- Maintain knowledge of the current security threat level by monitoring related Internet postings, Intelligence reports, and other related documents as necessary.
- Maintain proficiency and skills through relevant training, conventions, conferences, and on-the-job training.
- Interface to third party vendors as necessary for external audits.
- Manage investigations involving Cyber Security, including the use of specialized software.
- Create system performance metrics and trending for capacity planning
- Meet availability and update requirements
- Ability to travel 20%
Requires a total commitment to Chesapeake Utilities Corporation's Mission, Vision and Values and:
- Bachelor's Degree in computer engineering, computer science, or other closely related IT discipline OR 5 years of relevant work experience.
- Must hold one of the following certifications: Security+, CEH, GSEC or CISSP
- 3 years specialized experience providing technical and end-user assistance on computer hardware and application software support.
- 2 years of progressively responsible experience in cyber security analysis, incident response, or related experience.
- Working knowledge of integrating OWASP, SANS Top 20 and Lockheed Martin's Cyber Kill Chain into corporate security programs
- Experience administering enterprise vulnerability management and security awareness solutions
- Experience administering multi-factor authentication systems
- Experience managing enterprise security appliances and/or security monitoring software (IPSs, firewalls etc.)
- Experience with enterprise change management and test procedures.
- Demonstrated experience dealing with customers and organizational skills are required.
- Demonstrated strength in providing strong customer service support.
- Strong analytical and problem solving skills.
- Good interpersonal, organizational, written and verbal communication skills.
- Experience working in a highly regulated environment.
- Maintain composure and professional approach when dealing with employees and vendors.
- Ability to interpret a variety of instructions furnished in written, oral, diagram or schedule form.
- Ability to make decisions logically.
- Capable of focusing on details with regards to procedures and workflow.
- Ability to lift up to 40 pounds.
Qualifications
Education
Required
High School or better.
Experience
Required
3-5 years: Three to Five Years
Chesapeake Utilities Corporation
909 Silver Lake Boulevard
Dover
Delaware United States
www.chpk.com
