Information Security: Knowledge of security controls, policies, and standards.
Required Qualifications :
- Any industrial control system experience
- Any wastewater or water systems experience or electrical background
- EPA regulation experience for water waste water
- Evaluating and reviewing new and upgrade technologies for security risks
- Performing risk and security assessments for new proposed applications
- Assist in risk and vulnerability mitigations
- Developing, updating and reviewing System Security Plans
- Developing and updating IRPs (business and control systems), playbooks, tabletop exercises and simulation
- Incident response and coordination following Incident Command Structure when appropriate
- Monitoring district assets (e.g., servers, computers, devices, networks, applications) for potential security threats and vulnerabilities
- Working with technical security systems such as SIEM, firewalls, endpoint security, vulnerability management, patch management, PKI, and cloud security management
- Working with security awareness and training platforms to deploy training and phishing simulations. Ensuring timely completion of training and addressing those who are repeat offenders
- Presenting at security workshops (technical and nontechnical) utilizing demos, & videos when appropriate
- Performing security audits, testing, and assessments with tracking identified vulnerabilities to mitigation or risk acceptance in line with the criticality.
- Evaluating risk acceptance requests and providing options for mitigating controls if needed.
- Using administrative tools to configure policies for enterprise security platforms.
- Working with CIS Benchmarks/CIS-CAT to identify standards and those assets that are not meeting standards
- Developing and testing scripts to automate security operations tasks.
- Developing, deploying, and supporting security policies, standards, guidelines, and procedures to ensure ongoing security compliance.
- Experienced in Cloud Security with the major cloud platform providers
- Experienced and proficient in networking, Windows domain administration, PAM, DLP, MFA, SOC applications, SIEM applications
- Proficient in Python, and Power Shell.
- Supporting change management processes.