Shire Jobs

Reference #: 18681 Duquesne Light Company, headquartered in downtown Pittsburgh, is a leader in providing electric energy and has been in the forefront of the electric energy market, with a history rooted in technological innovation and superior customer service. Today, the company continues its role as a leader in the transmission and distribution of electric energy, providing a secure supply of reliable power to more than half a million customers in southwestern Pennsylvania.

Duquesne Light Company is committed to creating a culture of inclusion. We value and respect the unique differences and experiences of our employees. We believe that our differences lead to better collaboration, innovation and outcomes. We want you to join our team!

Overall Purpose: DLC is seeking candidates for the role of Information Security Engineer I on the Cybersecurity Operations ("Cyber Ops") team, directly supporting NERC CIP requirements and critical infrastructure security. The Information Security Engineer is responsible for ensuring that Duquesne Light systems and networks are secure.This is done through the deployment of security solutions, executing system and application hardening, vulnerability assessments, and diligent monitoring of networks and systems for signs of infection, compromise, and misconfiguration.Additional responsibilities include ensuring that network and system architectures are designed in a way to minimize risk while allowing for necessary functionality and performing Incident Response activities in the event of a security breach.This group is also accountable for communicating information security risks to management and implementing plans to mitigate or resolve identified risks. This role reports directly to the Manager of Corporate Cybersecurity Operations under the Office of the CISO/Information Security organization.

Location: Hybrid, downtown Pittsburgh, PA

Job Responsibilities: Directs available resources to accomplish process improvement. Work with the IT Department in the maturation and configuration of security controls including but not limited to EDR, SIEM, IT/OT vulnerability management, and network security technologies. Effectively and efficiently manage security event monitoring, tuning, and incident response. Responsible for ongoing security engineering support, maintenance, and availability of security toolsets based on business requirements and adherence to tight operational, security, and procedural models. Extensive knowledge of threats, risk analysis, and the development of security systems and protocols. Develop and help IT implement network security controls. Responsible for ensuring adequate and timely resolutions to all assigned issues relating to security. Ensure optimal configuration standards are met on existing infrastructure. Monitor daily for cybersecurity events on DLC's network. Review endpoints to confirm compliance with endpoint security policies, procedures, and standards. Performs forensic analysis of host-based systems. Stay up to date on changes in threat landscape impacting Duquesne Light Companies information security program. Research, investigate, communicate, and integrate actionable threat intelligence information in DLC Cyber Security Operations and IT systems.

Education/Certification Requirements: Bachelor's degree in Cybersecurity/Computer Forensics or related field In lieu of a bachelor's degree, an equivalent combination of education and experience will be considered. Seven or more (7+)years of relevant work experience.

Preferred Qualifications: Previous utility experience in transmission and distribution operations, or other industries. Experience with the NIST framework and/or other regulatory frameworks governing Cybersecurity Operations. Experience utilizing security products including, Splunk ES, Tenable Nessus, Crowdstrike, and ZScaler. Experience with Systems Administration in server environments including Microsoft Wind ws and Linux Operating Systems. Experience with network security controls in. Information Security certifications including CISSP, CCNA, SANS GIAC. Experience with coding/scripting languages including Python, PowerShell and bash.

Experience/Skills Utilized in this Role Include: Demonstrated understanding of all core cybersecurity topics such as vulnerability management, incident response, endpoint protection and network security. Proficient at technical writing and documenting procedures and processes. Strong interpersonal, communication and organizational skills with the ability to exhibit sound judgment and express verbal and written information effectively. Strong written and verbal communication and presentation skills. Demonstrated ability to interact with people and translate complex concepts into easy-to-follow ideas and present to all levels of the organization. Strong analytical and project management skills. Ability to prioritize efficiently while multi-tasking, dealing with interruptions, and working in a high paced energetic environment. Experience participating in security and regulatory audits, including evidence gathering and analysis

Must possess a positive attitude and strong values that fit with DLC's core values: Energized to shape the future; Bold in thinking and exploration of new possibilities; Collaborative in approaching all challenges; Responsible in commitment to safety, management of assets and finances and interaction with others; Selfless in serving the community, both on the job and through volunteerism.

Scope Primary Focus is on daily deliverables, outputs and reporting. Accountable for managing one's own time and workflow and leads projects and/or large project steps. Work is complex in nature requiring the incumbent to draw on previous knowledge to perform role. Acts independently the majority of the time, requiring guidance in only complex situations. Has well established capabilities, acts as a resource to less experienced staff on moderately complex issues.

Decision Impact Problems and issues faced are vague and require analysis of multiple sources of information for solution. Draws on significant past experience to perform role. Accountable for direct level of reasoning and decision making.

Hybrid Work: Position follows our hybrid work model, with a minimum of two days working in the office and the remaining days working remotely. Reporting location and frequency may be subject to change based on job role and department needs.

Storm Roles: All Non-Union Employees will serve in storm roles as appropriate to their role and skillset. Please be sure to discuss storm roles with the hiring manager for this position, as duties can vary across the Company. Examples of storm roles could include but aren't limited to duties such as: working with operations for service center support or with the communications, customer service, or government affairs teams to respond to public and customer requests for information, etc.

Data Governance: Utilize data to make business decisions as appropriate for the position, support data stewardship activities and partner with IT on underlying data needs.

Disclaimer: The above information on this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. EQUAL OPPORTUNITY EMPLOYER