Senior Cybersecurity Engineer

About The Position

Requirements

• One Industry certification required. CISSP, CCSP
• A minimum of 10 years in IT/systems engineering with 5-7 (can be concurrent) years in Cybersecurity disciplines.
• A bachelor's degree in computer science, Information Technology, Information Security, or related discipline may be considered as substitution for experience.
• Advanced understanding of security control environment (access control, logging, authentication, encryption, integrity, etc.);
• Experience coordinating corporate-wide initiatives for obtaining security related assurances.
• Ability to use logic and reasoning to identify the strengths and weaknesses of alternative; solutions, conclusions or approaches to problems.
• Working knowledge of the inner workings of identity and access management principles such as OAuth, OIDC, SAML, and SCIM.
• Experience designing and implementing identity and access control methodologies and policies (i.e. RBAC and ABAC)
• Security Controls Assessment Experience.
• Extensive experience with Information Security solutions including DLP, NAC, SASE, NGFW, EDR, XDR, SIEM, IAM, IDPs
• Understanding of DevSecOps principles and practices.
• Experience leading security projects, collaborating with cross-functional teams, and driving security initiatives.
• Proven experience in incident response activities, including identifying and mitigating security incidents and conducting post-incident analysis.
• Threat Hunting, Vulnerability mgt., SIEM, Cloud Security

Nice To Haves

• CyberArk EPM, Privilege Cloud
• CrowdStrike Falcon
• Identity Providers such as Okta, Entra ID, AWS Identity Center
• AWS Security Hub, AWS Inspector, GuardDuty

Responsibilities

• Work in a self-directed environment and capable of providing consistent results with minimal daily guidance.
• Develop IT security policies and procedures and implement necessary controls and procedures to cost effectively protect information technology assets from intentional or inadvertent modification, disclosure, or destruction.
• Exhibit technical skill in configuring and maintaining cyber security tools.
• Oversee ongoing operations of security assets to ensure that a defense in depth security model is in place.
• Ability to deploy, manage and maintain all security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus/endpoint security software.
• Participate in penetration testing of all systems to identify system vulnerabilities.
• Ability to review logs for unusual or suspicious activity, interpret and make recommendations for resolution.
• Recommend, coordinate, and apply fixes, security patches, disaster recovery procedures, and any other measures required in the event of a security breach.
• Collect meaningful metrics and key performance indicators for reporting cyber security threats and trends.
• Focus on customer by providing business value.
• Build partnerships with key contacts in the business line by understanding their business needs, communicating these needs to appropriate IT staff, vendors, and consultants, and developing solutions to those problems.
• Produce communications both oral and written to a variety of audiences.
• Effectively interact on business or technical matters and convey complex and/or critical material in an easy-to-understand style and manner.
• Problem solving.
• Assure timely resolution of operational problems by utilizing effective problem management techniques.
• Display the highest level of critical thinking; making timely and sound decisions; reach decisions under conditions of uncertainty.
• Support internal and external IT and security audits as needed.
• On-call rotation assignment.
• Occasional travel as requested.
• NERC CIP Compliance which Includes maintaining NERC procedures and logs and other required documentation.
• Maintain all NERC CIP defined equipment to ensure they are kept up to date with all the latest cyber security updates
• Identify and investigate potential anomalies and/or non-compliances and escalate to management, as necessary; perform root cause analyses and develop corrective actions to mitigate the potential reoccurrence of near-misses and/or non-compliances.
• Assist in the preparation of self-reports.
• Support and assist in all efforts to prepare, draft, and coordinate materials responsive to regulatory questionnaires, and other Requests for Information.

Benefits

• Benefits include comprehensive health, dental, vision, prescription plans, life insurance, and disability insurance.
• In addition, employees are eligible to participate in Talen Energy’s 401(k) plan.
• Talen Energy also provides competitive vacation and sick time to its employees.