IT Security Engineer
Avangrid

Job Summary

AVANGRID IT is seeking a Cyber security engineer focused on Infrastructure security within the Infrastructure, Operations and Communication team (IOC).

The candidate will serve as a Cyber Security infrastructure specialist focused on Security Tools, Monitoring and Data Protection. This role is a key team member, supporting our organization infrastructure security. The ideal candidate should have experience supporting a broad-range of programs with increasing responsibility in overall information assurance and cyber security support; inclusive of security configuration and management services, both on-prem and cloud, data protection, anti-virus, malware detection and protection, host-based and endpoint security solutions, and audit and accountability services.

Responsibilities

• Infrastructure hardening management. Ensure each component of our infrastructure is assessed from a security standpoint and correctly protected. Define techniques and tools to reduce the company security risk. Infrastructure includes both on-prem and cloud technologies, computing, network engineering and security devices, storage, databases, identity and access management solutions, and connection with 3rd party stakeholders.
• Security tools management. Own and admin infrastructure common tools used by all technological towers. Enable continuous and dynamic review on tools deployment and alarms definition to allow Avangrid to consistently enforce its security policies across our entire Infrastructure ecosystem. Define the right security alarms and thresholds based on current and forecasted risks. Coordination of security alarms definition with other stakeholders, including but not limited to Corporate Security, Security Incident response center (CSIRT).
• Interface with CSIRT. Main point of contact between IT and the Avangrid Computer Security Incident Response Team (CSIRT). Make sure all infrastructure components provide the right information and are correctly integrated, so the CSIRT team is able to handle infrastructure security incidents, including identification and notification. Act as liaison to coordinate security events with the infrastructure team.
• Data Protection Management. Define and own data protection technical tools to ensure company data is protected. This includes the practice of ensuring that data is protected from unauthorized access, corruption; monitoring of data acquisition, storage, secure backup strategies, to mitigate loss preventions; define governing policies about data security management including not only internal but also data exchanged with external applications of services.
• IT Operations Securization responsible to define security processes and procedures for all areas of IT operations. Special focus on Access Control. Manage systems to ensure secure and controlled access to infrastructure assets, providing the essential services of authorization, identification& authentication, access approval, and accountability.
Main point of contact for Avangrid Renewables IOC for all items related to the area, including but not limited to incident management, NERC CIP Compliance assurance, service delivery, specialized technical management, service escalations, budget management and operational excellence.
• Define security measures designed to protect cloud-based and on-premises infrastructure, and data. Ensure all policies are correctly addressed in an hybrid multicloud environment, including all the security aspects mentioned before. Data Security, Identity and Access Management, Data protection, Governance, Threat prevention, detection and mitigation. Identify security, governance, and compliance requirements. Define security profile and risk management model.
• Coordinate security tests and ensure effectiveness including but not limited Security Scanning, Penetration Testing Security, Audit/ Review, Ethical Hacking, Risk Assessment, Posture Assessment, Authentication
• Coordinate and work closely with Global organization to define security tools, alarms definition, common practices, alignment with Security programs, provide integrated analytics to monitor security, improve incident response and mitigate risks

contd.

• Define and manage day-to-day activities, projects, and overview operations to ensure security service delivery.
• Interface, report and work with high management company stakeholders to report on the security service status
• Define, lead and ensure the infrastructure team meets security objectives. Some of the tasks included here are establish information and recommendations to achieve strategic security plans; prepare and complete action plans; lead incident and problem management processes; define and map key IT KPIs with business performance; determine and lead system improvements;
• Define frameworks for processes and procedures in accordance with company global standards and best practices to ensure consistency in projects execution.
• Strategically review technical and business process to drive security continual improvement (service effectiveness and efficiency)
• Lead quality assurance policies and procedures for the managed area, adhering to the requirements of standards as the North American Electric Reliability Corporation - Critical Infrastructure Protection ("NERC CIP") or those of the US Federal Agency, National Institue of Standards and Technology ("NIST")
• Ensure the local enterprise has the capability to support infrastructure requirements in order to maintain high levels of service.
• Champion best practices in a high-volume, dynamic environment. Ensure the enterprise has the capability to support new technology and maintain high levels of service. Create a sustainable IT environment to facilitate growth while maintaining required regulatory compliance, e.g. NERC CIP, SOX, others.

Skills and Requirements

Required Qualifications
• Bachelor's Degree in Computer Science/Security systems or the equivalent combination of education and experience.
• In possession or on the process to achieve a Security certifications such as: CompTIA Security+ . GIAC Security Essentials Certification (GSEC), Systems Security Certified Practitioner (SSCP), CompTIA Advance Security Practitioner (CASP+).
• Two (2) years of technically infrastructure cyber security relevant experience
• Five (5) Years in strategic project execution, strategic planning, risk management, and change management while engaging and influencing various stakeholders at all levels across the company.
• Technical knowledge managing security tools such as Cyber Ark, QRadar, Guardium. Experience integrating security events with tools to ensure optimized monitoring and alarming
• Strong history of managing complex efforts with demanding customers.
• Working knowledge of the regulatory environment for utility companies including NERC CIP and SOX.
• Strong technical background and understanding of infrastructure technologies including server, storage, backup, database, SAP, hyperconvergence solutions, cloud technologies, network engineering, and network security.
• Strong commitment to personnel safety and IT security.
• Working times could vary and might include starting early in order to meet with team members across the US or Europe.
• Travel within the US and to Europe could be required from time to time.

Additional Success Factors
• Self-starter with demonstrated performance leading initiatives and building consensus at all levels of a matrixed global organization.
• Ability to foster and participate in a productive team environment by establishing and maintaining effective working relationships with co-workers, managers, customers, contractors, and vendors.
#LI-DG1

Competencies

• Be a role model
• Be agile
• Collaborate and Share
• Develop Self & Others
• Empower to grow
• Focus to achieve results
• Technical Skills

Mobility Information

Please note that any applicant who is not a citizen of the country of the vacancy will be subject to compliance with the applicable immigration requirements to legally work in that country

Avangrid employees may be assigned a system emergency role and in the event of a system emergency, may be required to work outside of their regular schedule/job duties. This is applicable to employees that will work in Connecticut, Maine, Massachusetts, and New York within AVANGRD Network and Corporate functions. This does not include those that will work for Avangrid Renewables

.buttontext7b2494b0614a79a7 a{ border: 1px solid transparent; } .buttontext7b2494b0614a79a7 a:focus{ border: 1px dashed #427135 !important; outline: none !important; }

AVANGRID's employment practices and policies are geared to hiring a diverse workforce and sustaining an inclusive culture. At AVANGRID we provide fair and equal employment and advancement opportunities for all employees and candidates regardless of race, color, religion, national origin, gender, sexual orientation, age, marital status, disability, protected veteran status or any other status protected by federal, state, or local law. Learn more about equal employment by following this link

If you are an individual with a disability or a disabled veteran who is unable to use our online tool to search for or to apply for jobs, you may request a reasonable accommodation by contacting our Human Resources department at 203-499-2777 or careers@avangrid.com

This job has expired.