The Cyber Security Engineer supports the Cyber Security Center by conducting monitoring of security tools, assessing threats, security events, and risks involving any of Tri-State's technology infrastructures. This position follows standard operating procedures for detecting, classifying, and reporting incidents under the supervision of the CSC Manager in partnership with other Cyber Security Engineers. A successful candidate will drive security architecture discussions, and tool selection, as well as evaluate and recommend security solutions to management, manage security functions, and resolve security issues.

Note:There is one position available, and the position will be filled at one of four job grade levels: Cyber Security Engineer I, job grade NB17; Cyber Security Engineer II, job grade NB19; Cyber Security Engineer III, job grade NB21 and Senior Cyber Security Engineer, job grade NB23. This decision will be based on the qualifications and experience of the candidate selected, and Tri-State business needs at the time of hire.

Tri-State recognizes the value of a highly engaged and committed workforce and provides an excellent benefits program that includes:

Medical Insurance, Dental Insurance, Vision Insurance Health Savings Account (HSA), Flexible Spending Accounts (FSA), Tuition Reimbursement, Flexible Work Schedules including compressed work week and telecommuting opportunities to work remotely up to 50%, Life Insurance, 401K, Long Term Disability (LTD), Short Term Disability (STD), Employee Assistant Program (EAP) and Paid Leave Benefits.

Senior Cyber Security Engineer

Hiring Salary Range: $107,000-$134,000

Cyber Security EngineerIII

Hiring Salary Range: $88,000-$111,000

Cyber Security Engineer II

Hiring Salary Range: $73,000-$91,000

Cyber Security Engineer I

Hiring Salary Range: $60,000-$75,000

Actual compensation offer to candidate may vary outside of the posted hiring salary range based upon work experience, education, and/or skill level.

ESSENTIAL FUNCTIONS AND RESPONSIBILITIES

• Provision, maintain, and troubleshoot network security equipment including network firewalls, and network access control software.
• Identify gaps in security processes and recommend solutions in the areas of security tools, processes, and procedures.
• Provide first responder forensics analysis and investigation.
• Drive containment strategy during data loss or breach events.
• Triage and resolve advanced vector attacks such as botnets and Advanced Persistent Threats (APTs)
• Work directly with data asset owners and business response plan owners during high severity incidents.
• Provide and implement tuning recommendations based on findings during investigations or threat information reviews.
• Correlate system risk using cross-team collaboration with Incident Response.
• Conduct network monitoring and intrusion detection analysis using Security Information and Event Management (SIEM) systems, various computer network defense (CND) tools, such as intrusion detection/prevention systems (IDS/IPS), firewalls, host-based security systems (HBSS), and other similar tools.
• Provide tuning and maintenance support for security tools.
• Correlate network activity across networks to identify trends of unauthorized use.
• Compile detailed investigation and analysis reports for CSC consumption and delivery to management.
• Research emerging threats and vulnerabilities to aid in the identification of network incidents.
• Provide incident response support, including malware analysis, remote system analysis, end-user interviews, and mitigating actions to contain activity and facilitating forensics analysis when necessary.
• Process tickets assigned to the CSC team.
• Maintain compliance with all company policies and procedures and attain knowledge and remain knowledgeable of regulations, laws, standards, and best practices applicable to functional area.
• Because Tri-State has an obligation to provide continuous, reliable electric service to its customers, the ability to work overtime at any time of the day or week is considered an essential function of the job.

OTHER DUTIES/RESPONSIBILITIES

• Perform other related duties as assigned

SUCCESS FACTORS/JOB COMPETENCIES:

• Proven analytical, problem-solving and investigation abilities.
• Ability to effectively prioritize and execute tasks in high-pressure situations.
• Ability to conduct research into IT/OT security issues and products as required.
• Ability to present ideas in line-of-business-friendly and user-friendly language.
• Highly self-motivated and directed.
• Keen attention to detail.
• Team-oriented and skilled in working within a collaborative environment.
• Ability to analyze complex technical and business problems, meet objectives and deliverables.
• Demonstrates high quality customer-service skills when dealing with internal and external customers, business partners and others.
• Demonstrate behavior consistent with company values.
• Track record of creative problem solving, and the desire to create and build new processes.
• Time management and multitasking skills.
• Experience working in fast paced environments and ability manage workload even during times of stress or escalated activity.
• Willingness to take on impromptu tasks with loosely defined requirements.

REQUIRED JOB QUALIFICATIONS

Education and Training

• Bachelor's degree in computer science, information technology, business administration or other related area or equivalent combination of experience and education.

Knowledge, Skills, and Ability:

• Strong understanding of Internet Protocol (IP), Transmission Control Protocol (TCP)/IP, and other network administration protocols.
• Working technical knowledge of Microsoft server infrastructure and networking, Linux/Unix variant operating systems, and Cisco networking.
• Familiarity with governance and controls frameworks, such as Center for Internet Security (CIS) security controls, North American Electric Reliability CIP compliance requirements, and National Institute of Standards and Technology (NIST).
• Working knowledge of security architectures and devices.
• Working knowledge of threat intelligence consumption and management.
• Working knowledge of root causes of malware infections and proactive mitigation.
• Working knowledge of lateral movement, footholds, and data exfiltration techniques.
• Track record of creative problem solving, and the desire to create and build new processes.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate option.
• Excellent oral and written communications skills.
• Ability to maintain effective working relationships.

Experience:

• Eight (8) years of IT cyber security related experience with at least one to three years (1 to 3) of security management, analysis and/or tuning support experience.
• Experience with security architecture and operational support.
• Experience in security technologies (firewall, antivirus, intrusion detection/prevention, security information event monitoring, vulnerability scanning, data loss prevention, encryption, PKI, Identify Access Management, Rights Management Services, etc.).
• Experience in designing security/control processes, procedures and formal support documentation.
• Experience in incident/forensic response planning and execution.
• Experience with auditor coordination and control compliance.
• Experience administering or utilizing security information and event management systems.
• Experience with active threat hunting and adversary tracking.
• Experience with one or more scripting languages (e.g., Python, JavaScript, Scapy).
• Experience working in fast paced environments and ability manage workload even during times of stress or escalated activity.

Other:

• Willingness to travel for investigations, meetings and training as needed. (Must possess a valid driver's license.)

DESIRED JOB QUALIFICATIONS

• One or more of the following certifications preferred:
• Certified Information Systems Security Professional (CISSP)
• Certified Intrusion Analyst (GCIA)
• Certified Incident Handler (GCIH)
• Reverse Engineering Malware Analyst (CREM)
• Global Information Security Certification (GIAC)
• Certified Ethical Hacker (CEH)
• Certified Information Systems Auditor (CISA)
• Project management experience.
• Advanced Degree in a related discipline.
• Experience in Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS).
• Experience in Sarbanes-Oxley (SOX) and North American Electric Reliability Corporation Critical. Infrastructure Protection (NERC CIP) compliance.
• Experience in multiple technical and business disciplines.
• Experience in designing and delivering security awareness training.

Note:The above requirements describe the experience and education qualifications for the Senior Cyber Security Engineer. Those with less experience will be hired at the Cyber Security Engineer I, II or III job grade level, as appropriate.

PHYSICAL AND MENTAL DEMANDS: The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of the position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Physical demands: While performing the duties of this position, the incumbent is primarily required to sit, stand, walk, stoop, bend and frequently utilize a keyboard/computer. Specific vision abilities include close vision, peripheral vision, depth perception and the ability to adjust focus.

Mental demands: While performing the duties of this position, the incumbent will be required to problem solve, read, write and analyze data, work under schedules and deadline pressure, present information to others, work independently and use discretion and judgment for confidential or sensitive projects/issues.

Work Environment: While performing the duties of this position, the employee is exposed to an office environment indoors, and will occasionally travel outdoors to multiple locations dependent on work.