Cyber Security Analyst

RESPONSIBILITIES:

- Responsible for planning, designing, and implementing a process for cyber security monitoring, incident detection, and incident response.
- Provides cyber and information security expertise in the analysis, assessment, development, and evaluation of security solutions and architectures to secure applications, operating systems, databases, and networks.
- Develops security requirements, conducts security risk assessments, designs security solutions, evaluates application and system architectures, and develops and reviews policies and standards.
- Provides cyber and information security risk consulting to business units, information technology (IT) organizations, and support and operational functions.
- Leads and manages the cyber and information security aspects of Smart Grid initiatives and projects to assist in mitigating security risks for operational applications and systems across the Smart Grid.
- Serves as a senior technical staff member who provides technical cyber and information security expertise and guidance to team members and collaborates with other Smart Grid teams to address and resolve security issues.
- Serves as a lead cyber and information security consultant to the Smart Grid project team by conducting security risk assessments and providing guidance on securing information systems, applications, and networks for Smart Grid deployment.
- Provides technical guidance and expertise in the areas of secure application development, security risk management and assessment, security policies and standards, security architectures and implementations, and effective security risk assessment practices.
- Performs application and technology design reviews, security risk assessments, requirements analysis, security testing oversight, risk remediation planning, and security project management.
- Develops, reviews, and implements security risk management policies, standards, and practices.
- Provides subject matter expertise in the development and implementation of information security strategies, governance, and plans for the Smart Grid information security program.
- Defines security and policy compliance requirements in supporting the acquisition and deployment of security software, systems, and services.

SKILLS

8+ years of experience, Bachelor's Degree in Computer Science, Information Technology (IT), or a related discipline. Minimum 8 years of cyber and information security experience. Demonstrated experience and subject matter knowledge in cyber and information security for applications, web architectures, operating systems, databases, and networks. Experience and proven capabilities in application risk assessment, application security architecture development, web application security, and application security testing. Experience in security risk assessment, requirements development, secure design analysis, architecture assessment and development, and security testing of applications and systems. Extensive experience developing, evaluating, and implementing cyber and information security architectures, technologies, standards, and practices to secure applications and IT systems. Knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards. Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP, SOX, PCI DFS, and HIPAA. Solid understanding and experience with security development life cycle (SDL) processes for internally developed applications, including the web based and Internet facing components. Knowledge and experience in application security standards, methodologies, and technologies. Solid capability to assess application and web architectures and operating systems for vulnerabilities and develop appropriate security countermeasures. Solid knowledge and experience with IT security aspects of operating systems, Active Directory, database (SQL) access, LDAP, Microsoft SharePoint, and web server configurations. Experience in assessing, configuring, and testing security applications and systems, such as Cisco Firewalls, security appliances, IDS/IPS, SSL or TLS, IPSec, and web services security. Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff. Prior vendor and security assessment testing management experience. Proven analytical and problem solving skills. Strong written and verbal communications skills. Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), or other equivalent security certifications preferred. Prior Smart Grid or Advanced Metering Infrastructure (AMI) experience is HIGHLY desirable.

Synectics is an Equal Opportunity Employer.