Senior Security Analyst

About RF:

ReliabilityFirst Corporation is a regulator focused on the reliability and security of the electric grid. ReliabilityFirst’s mission is to preserve and enhance the reliability, security, and resilience of the Bulk Power System across 13 states and the District of Columbia. ReliabilityFirst is uniquely positioned to work closely with transmission, generation, and other power companies as well as the federal government to help identify and ensure the mitigation of operational risks and physical and cyber security threats to the electric grid.

Purpose of Position:

The Senior Security Analyst will play a pivotal role in contributing and administering the comprehensive information security program within the Information Technology (IT) team. This role is responsible for researching, designing, and implementing the physical and cyber security solutions at RF. In coordination with our in-house Security Team, this role will work as the IT liaison for both internal and external stakeholders to ensure that security is factored in the evaluation, selection, installation and configuration process of hardware and software.

The Senior Security Analyst’s goal is to provide thought leadership and IT security support across the organization to improve the security posture of ReliabilityFirst overall. This position reports to the Manager, IT Infrastructure and Security and works closely with our Security and Data Analytics teams.

Key Responsibilities:

1. Cloud & Physical Security

Maintain high-level security posture for both the cloud and physical infrastructure environment by leading and assisting in IT security tasks as assigned.

Analyze and evaluate current security posture and propose changes/upgrades to firewalls, intrusion detection/prevention, endpoint protection, SIEM, data loss prevention, and vulnerability within our organization.

Assist with security related processes including, but not limited to, Access Management, Mobile Device compliance, Phishing, and Security Reviews.

2. Threat Lifecycle Management

Know the technical aspects of projects to identify risks, propose immediate solutions and provide guidance for the computer system solutions throughout the organization.

Analyze and resolve security vulnerabilities with applications software/firmware using carious scanning and patch management tools.

Assist in mitigation process of threats and vulnerabilities identified by internal or external penetration testing and vulnerability assessments.

Assist with preparation of assessment reports and resulting mitigation tracking documentation and root cause analysis (RCA).

3. Communication

Contribute to the design and implementation of security processes, procedures, and tools to meet the company’s compliance requirements as define in approved security frameworks.

Act as a liaison between RF’s IT and Security Team to accomplish mutual tasks and goals.

Must be able to convey technical language to other stakeholders often in non-technical terms and create buy-in for the technical solutions.

4. Report & Monitoring

Documenting and reporting any major security risk that has been identified to IT Manager and/or CSO while being available off-hours to respond to these risks.

Monitors and analyzes open source and internal data sources to identify trending security issues and alert management to developments, changes and shifts in risk.

5. Relationship Management

Develop, maintain, and evaluate relationships with vendor technology groups to ensure they are meeting company standards and are being utilized appropriately.

Develop strong working relationships with team members and leaders within ReliabilityFirst to have full grasp of security activities happening as it relates to the technical needs of each department.

Work collaboratively with NERC (North American Electrical Reliability Corporation), the Electric Reliability Organization (ERO), and the Information Technology Security Group (ITSG) to continuously monitor and assess best IT practices and lead continuous improvement.

Qualifications:

Bachelor's and/or Technical degree in Computer Science, Information Systems, Computer or Systems Engineering, or related technical field required

At least 7+ years of hands-on systems applications experience with cyber security experience across all security domains

Experience making strategic decisions derived from threat and risk-based analysis

Demonstrated understanding of best practices in cyber/physical security encompassing strategies, policies, principles, procedures, and standards

Strong leadership qualities

Excellent analytical skills

High attention to detail

Good communication skills

Desirable:

Desired certifications include: ISC(2) CISSP or SANS GCWN/GSEC/GCIH/GPEN

Significant experience with cloud security including Azure and M365

Experience with multiple security technologies to include firewalls, intrusion detection/prevention, endpoint protection, SIEM, data loss prevention, and vulnerability scanners

ReliabilityFirst is an equal opportunity employer and is committed to providing equal opportunities to all employees and applicants in accordance with local and federal laws. ReliabilityFirst's mission is to preserve and enhance bulk power system reliability and security. This mission cannot be accomplished without a diverse and inclusive staff - one that at all levels feels empowered, valued, respected, and engaged.

Learn more at: Diversity, Equity, & Inclusion at RF (rfirst.org)