To foster a cyber safety culture across the Cooperative by engaging Management and regularly communicating with employees through training and interactions. To bolster the Cooperative’s security posture through monitoring and protecting the Cooperative’s network(s), computers systems, and data from security issues, install/maintain security software, establish baseline configurations, document any security issues or incidents found and implement best practices. The Cyber Security Engineer will serve as a subject matter expert and is expected to stay up to date on the latest intelligence, including hackers’ methodologies. To perform assigned functions according to standardized policies and procedures.
Reporting
Reports to: Director of Security and Enterprise Infrastructure
Directs: None
Responsibilities
Collaborate with stakeholders to define, develop, implement, and maintain the company’s security framework (policies, standards, guidelines, and procedures) based on the needs and requirements of each department.
Conduct research and provide recommendations on solutions, designs, or architecture to harden the Cooperative’s current posture.
Develop, document, and verify security baseline configurations on Cooperative-owned assets.
Perform audits to validate adherence and implement new controls of the CIS framework.
Evaluate environment to design, implement, enhance and manage a zero-trust network.
Create a culture of security awareness by leading and enhancing cyber safety training.
Manage and maintain the phishing campaigns conducted by the Cooperative and provide relevant refresher training.
Maintain and manage the Security Information and Event Monitoring solution to monitor server logs, firewall logs, and network traffic for unusual or suspicious activity.
Conduct threat hunting on any anomalous behavior (blue/purple team activity) and lead remediation efforts.
Administrate and maintain the antivirus/endpoint detection and response solution.
Monitor the IPS/IDS for anomalous traffic patterns.
Perform risk assessments and testing of enterprise technology infrastructure.
Perform vulnerability scanning and provide recommendations to mitigate discovered vulnerabilities.
Analyze Cooperative business requirements and provide objective advice on the use of enterprise security solutions.
Define events vs alerts vs incidents for the organization and create incident classification, severity, and priority tables in line with all threats, risks, and vulnerabilities.
Facilitate penetration testing and follow through with all mitigating actions.
Manage and maintain physical access within the access control system.
Implement security improvements by assessing current situations and evaluating trends.
Create, maintain, and disseminate system documentation and Standard Operating Procedures for network and other duties.
Work with all Cooperative employees to realize enterprise approach to security.
Encourage cyber security awareness and implementation of best practices by third parties accessing enterprise infrastructure to minimize risk to the Cooperative.
Understand the latest hacker techniques and propose appropriate countermeasures.
Assist in special projects, as necessary.
Promote cyber safety culture by partnering with Management staff to further the Cooperative Strategic Plan.
Must be accountable to supervisor and the management of the Cooperative for the efficient performance of job responsibilities. Though some of the authorities may be delegated or assigned to another person, the accountability cannot be.
Education and Experience
Bachelor’s degree in Cybersecurity, Information Technology, or other related IT field, or 10 years related experience and/or training or equivalent.
Certified Ethical Hacker certification is preferred.
Previous working experience with a Security Information and Event Monitoring solution and reviewing Windows logs.
Familiarity with NERC-CIP standards is preferred.
Required Skills and Abilities
Must be able to maintain professionalism and control under all circumstances.
Has and maintains a valid driver’s license and acceptable driving record and is able to operate SVEC vehicles.
Must become and remain certified in CPR and first aid. Must also be skilled in the use of all safety equipment.
Proficient in Microsoft Office products including Excel and Word.
Strong verbal, written, analytical and interpersonal skills.
Ability to dissect and resolve complex problems quickly and systematically.
Organized, keen attention to detail, and efficient.
Ability to conduct research into IT security issues and products as required.
Analytical/logical thinking ability.
Ability to assemble facts in a clear, understandable manner.
Team-oriented and skilled in working within a collaborative environment.
Maintain high level of confidentiality with regards to associate, member-owner, and corporate information.
Possess effective techniques to research and access all sources necessary to fulfill position responsibilities.
Must have access to reliable transportation to and from work.
Physical Requirements
Participation in SVEC job safety and training programs, relevant workshops, seminars and other SVEC sponsored courses and events.
Must be able to use office equipment including telephone, computer, and other systems and related software in the performance of position responsibilities.
Must be able and available, during all types of weather conditions, to work weekends, holidays, evenings, and other times outside normal duty hours to assist in service restoration and other emergencies that may arise or when the workload demands.
Must always maintain an operating telephone or personal communication device at his/her place of residence. Ability to contact the telephone or personal communication device must be made available to SVEC for the purpose of contacting the manager to conduct legitimate routine and/or emergency business.
This position is primarily inside work. Must be able to work up to eight hours per day at a computer.
This position involves primarily inside work. Must be able to lift objects unassisted (up to 30 pounds). Some standing, walking, climbing, balancing, stooping, kneeling, crouching, or crawling to a minimal degree.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be constructed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.
Chartered in 1936, SVEC maintains over 8,100 miles of electric lines and serves more than 97,000 member accounts in the counties of Augusta, Clarke, Frederick, Highland (all), Page (all), Rockingham, Shenandoah and Warren in Virginia, and the city of Winchester (all). Shenandoah Valley Electric Cooperative was the first electric cooperative chartered in Virginia.
SVEC is governed by a democratically elected 10-member board of directors. Each year, at SVEC’s annual meeting, directors are elected by members. Directors serve four-year terms.