9943 Cyber Security Analyst

Job Number: 1121

External Description: Requisition ID: 66808

Job Function/Category: Information Technology

Employment Type: Exempt Full Time

This is an exciting time to be joining PSEG. Our commitments, which include safety, integrity, customer focus, and diversity & inclusion, are the fabric of our culture and help drive the success of our business. We are fortunate to have an outstanding workforce of diverse and highly skilled talent who move us forward in our operational excellence journey. PSEG has more than 12,000 employees who are dedicated to the communities we serve and embody our vision: People providing Safe, Reliable, Economic and Greener Energy.

Job Summary

This is a multi-level positionand placement is dependent upon skills, knowledge and experience, scope and number of products managed by the selected candidate. Please note this is a NERC CIP position and requires NERC CIP background investigation prior to start.

Cyber Security Analyst is a hands-on practitioner and representative of the cybersecurity defense team. The role is technical, and candidates must possess a solid understanding of information security and preferably have held positions in cybersecurity and systems administration. The role also requires an understanding of business and governance process. Responsible for the overall cybersecurity management lifecycle of the IT and OT programs. They must understand applications, operating systems, networking, cloud infrastructure and basic attacker tactics, techniques and procedures (TTPs).

Job Responsibilities

• Provides technical expertise and support to clients, IT management and staff in cybersecurity threat risk assessments, development, testing and the implementation and operation of appropriate information security plans, procedures, and control techniques designed to prevent, minimize or quickly recover from cyber-attacks or other serious events.
• Reviews complex architecture design diagrams and documents for new technologies and changes to existing technologies to determine risks and provide recommendations and mitigations
• Conduct continuous discovery and vulnerability assessment of enterprise-wide assets.
• Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations and validation.
• Follows cyber security news and alerts, understands complex attack vectors and risks, and identifies and evaluates emergent cyber security threats and vulnerabilities. Recommends appropriate corrective actions for information security incidents and provides risk mitigation recommendations to management and team.
• Designs process flows to be implemented in security automation tools to automatically respond to threats quickly
• Provides technical expertise in threat/risk assessments
• Defines, designs, and implements strategies to protect against emerging threats using security tools
• In addition to the below requirements candidates should be proficient with vulnerabilitymgmt.solutions such as Tenable and have an understanding of NIST CSF.

Job Specific Qualifications

• Bachelor's degree in Computer Science, Information Systems, Cyber Security, Engineering or related discipline with 2 or more years of experience in Information Security or areas required below.Without a bachelor's degree, must have a minimum of 6 years of experience in Information Security or areas required below.
• Proficient with vulnerability mgmtsolutions such as Qualys, Nexpose, Nessus, Kenna Security, Tanium and open source
• Broad knowledge of information systems including Windows and *nix operating systems security, network security, systems development, communication networks, and security software/hardware
• Experience conducting org-wide vulnerability scanning and remediation processes
• Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle
• Experience with cloud computing; able toimplement strong security to protect cloud first environment
• Experience with key information security technologies such as SIEM, firewalls, intrusion detection/prevention systems, vulnerability assessment, encryption, identity and access control systems, anti-malware, and security event analysis

Desired:

• Experience in Operational Technology (OT) Security is a plus
• Preferably some experience with vulnerability management across Amazon Web Services (AWS), Microsoft Azure, IBM Cloud, or Google Cloud Platform (GCP)
• Experience with cyber investigations and/or threat hunting, or using information security technologies such as antivirus, IDS/IPS, SIEM, endpoint detection & response, DLP, data encryption, proxies, and network access control, as well as security policies and procedures, and incident response

Minimum Years of Experience

2 years of experience

Education

Bachelor

Disclaimer

Certain positions at the Company may require you to have access to Part 810-Controlled Information. Under the law, the Company is limited in who it can share this information with and in certain circumstances it is necessary to obtain specific authorization before the Company can share this information. Accordingly, if the position does require access to this information, you must complete a 10 CFR Part 810 Export Control Compliance Nationality Request Form, a copy of which will be provided to you by Talent Acquisition if an offer is made. If there is a need for specific authorization, due to the time it takes to obtain authorization from the government, we will likely not be able to further proceed with an offer.

As an employee of PSE&G or PSEG Long Island, you should be aware that during storm restoration efforts, you may be required to perform functions outside of your routine duties and on a schedule that may be different from normal operations.

This site ( http://www.pseg.com ) is strictly for candidates who are not currently PSEG employees. PSEG employees must apply for jobs internally through empower which can be accessed through the mypseg homepage by clicking on the employee center tab, then under the empower header, choose careers.

Business needs may cause PSEG to cancel or delay filling position at any time during the selection process.

Certain positions at the Company may require you to have access to Part 810-Controlled Information. Under the law, the Company is limited in who it can share this information with and in certain circumstances it is necessary to obtain specific authorization before the Company can share this information. Accordingly, if the position does require access to this information, you must complete a 10 CFR Part 810 Export Control Compliance Nationality Request Form, a copy of which will be provided to you by Talent Acquisition if an offer is made. If there is a need for specific authorization, due to the time it takes to obtain authorization from the government, we will likely not be able to further proceed with an offer.

Public Service Enterprise Group (PSEG) is an equal opportunity employer, dedicated to a policy of non-discrimination in employment, including the hiring process, based on any legal protected characteristic. Legally protected characteristics included, race, color, religion, national origin, sex, age, marital status, sexual orientation, disability, or veteran status or any other characteristic protected by federal, state, or local law in locations where PSEG employs individuals.

Need to request an accommodation?

If you have a disability and need assistance submitting your resume, applying for a position or registering for a test, please call 973-430-3845. Any information provided regarding a disability will be kept strictly confidential and will not be shared with anyone involved in making a hiring decision.

Nearest Major Market: Long Island
Nearest Secondary Market: New York CIty
Job Segment: Engineer, Information Systems, Computer Science, Cloud, Compliance, Engineering, Technology, Legal

Job Number: 66808

Community / Marketing Title: 9943 Cyber Security Analyst

Location_formattedLocationLong: Bethpage, New York US