Senior IT Security Specialist

About The Position

Requirements

• Bachelor's Degree (BS) in Information Security, Computer Science, Computer Information Systems, or similar fields.
• At least seven years of experience in progressively responsible information technology and/or IT security positions is required, along with an in-depth understanding of information security best practices, and expertise with related security technologies and tools. This position also requires a broad and deep expertise in different information security technologies, as well as a conceptual knowledge of system development lifecycles, code and application vulnerabilities, and ability to identify solutions to challenging technical problems. Experience with complex IT infrastructure systems is preferred. Experience in the energy sector is desirable.
• Knowledge of various security methodologies and processes, and technical security solutions (firewall, intrusion detection systems, and Security Information and Event Management (SIEM) platforms, Threat Intelligence Platforms, Vulnerability Scanning, Security Orchestration and Response ).
• Experience working with various event logging systems and be proficient with security event log analysis. Previous experience with Security Information and Event Monitoring (SIEM) platforms that perform log collection, analysis, correlation, and alerting is also
• Experience in analyzing net flow data and packet capture (PCAP).
• Demonstrated knowledge and understanding of NERC standards and CIP regulations, with the ability to apply these requirements to securely operate, maintain, and protect our critical environment desired.
• Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures, and governmental regulations. Ability to write reports, business correspondence, and procedure manuals. Ability to write presentations and articles for publication that conform to prescribed style and format. Ability to effectively communicate security and risk-related concepts to technical and nontechnical
• Ability to add, subtract, multiply and divide in all units of measure, using whole numbers, common fractions and decimals. Ability to compute rate, ratio and percent and to draw and interpret bar graphs.
• Ability to define problems, collect data, establish facts and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete
• Proficient with personal computers running the Windows operating system; experience with productivity software such as Microsoft Office applications, e-mail, and Internet

Nice To Haves

• Master’s Degree (MS, MBA) preferred.
• GIAC, CISA, CEH, CFE, CISSP, or similar certification preferred.
• Knowledge of NIST Special Publication 800 Series is preferred.

Responsibilities

• Designs and manages technologies in support of the NYISO’s Security Operations function; responsible for cyber security architecture, design, system integration, installation, upgrades, and patching, monitoring, system integrity, security, disaster recovery, and performance; develops and maintains technology standards and procedures; leads or participates on project teams and collaborates with application developers and infrastructure peers as necessary; performs backup and restoration procedures; leads audit efforts and ensures compliance with corporate and regulatory standards; mentors and trains junior staff; provides expertise in strategic IT planning; establishes and maintains working relationships with IT partners, business customers, and vendors.
• Responsible for all parts of the system lifecycle of managed cyber security platforms. Establishes and documents a comprehensive set of expertise for a wide range of security technologies and processes including, but not limited to: Security Information and Event Management (SIEM); Threat Management Platform, Anti-malware prevention and analysis; vulnerability scanners; penetration testing; computer and network forensics tools and processes; secure application coding and scanning; and cyber security incident
• Architects, designs, and develops security automation to orchestrate security solutions (SOAR) to automate repetitive tasks, and mature monitoring and response
• Applies broad and deep security expertise to investigate activity, trends, and patterns in NYISO systems, ensuring the security, availability, and integrity of the NYISO’s information assets and technical environments, including energy management systems designated as national critical infrastructure. Will serve as a security thought leader in the
• Interacts frequently with peers from across the IT organization to develop solutions that ensure the security of IT infrastructure and business applications. Provides guidance on the configuration of security infrastructure to implement robust security measures & controls through technology solutions.
• Designs IT security architecture, and makes recommendations on infrastructure, including hardware, software, architecture, and systems management.
• Collaborates with the Security Operations team to ensure security technologies are configured properly to monitor, track, and analyze networks/systems for potential security violations while also assisting in all such potential cyber security
• Ensures the delivery of all assigned projects, both by representing Enterprise Security on business projects, as well as serving as the lead on Enterprise Security initiatives within area of specialty. May perform additional project duties such as requirements development, project management, and quality
• Participates as a key member of Cyber Security Incident Response Team by providing subject matter expertise to more junior staff on security concepts and
• Oversees the collection of metrics and key performance indicators that measure Enterprise Security’s effectiveness, as well as the development of reports and dashboards that communicate security readiness to business leaders.

Benefits

• In addition to competitive salaries, we offer a comprehensive benefits package and innovative reward programs.