Salary assigned will be commensurate with experience.

Responsible for overall cybersecurity guidance including, but not limited to, proposing, coordinating, implementing, training, and enforcing information systems security policies, standards, and methodologies for all FPUA business units and information systems including corporate internal and AMI networks, all SCADA systems and all managed public-facing services such as FPUA.com. Reports to the ITS Manager.

Must possess:

• 
  comprehensive knowledge of data security administration principles, methods, and techniques
• strong functional knowledge of assigned application technology, architecture and technical infrastructure of information systems
• strong knowledge of data loss prevention technologies, incident response and remediation, network security services, ethical hacking and vulnerability scanning, firewall and intrusion detection technologies
• ability to provide expert guidance and directions for continuous improvement, performance and value for the SIEM/SOC platform for Information Security
• strong project management skills and execution of multiple development projects
• excellent verbal and written communication skills, as well as organizational skills

Graduation from an accredited college or university with a degree in Computer Science, Business or Engineering desired. Four (4) years of experience in information security infrastructure, design, operations, and information assurance required. Possession of any of the following certifications is desired: Security+, CSA+, CEH, CAP, CISM, CISSP, CASP, or GSEC.
When considering new job applicants, a comparable amount of training and experience may be substituted in lieu of some of the minimum qualifications.

(NOTE: There are also secondary functions that the employee will be required to perform.)

Evaluates, defines, implements, tests and maintains corporate security policies, incident response, disaster recovery and business continuity plans.
Schedules and maintains oversight of penetration testing, risk analyses and security assessments from third parties.
Plans, recommends, implements and upgrades security measures, appropriate tools, countermeasures, and controls.
Continuously monitors and reports findings with security, intrusion prevention, and detection systems (Check Point, Active Directory, etc.).
Continuously monitors, analyzes and responds to internal vulnerability scans (Nessus, Nmap, etc.) and prioritizes mitigations.
Continuously monitors cybersecurity alerts and bulletins (NERC, DNG-ISAC, MS-ISAC, etc.) for updates, emerging threats, vulnerabilities, and exploits. Quickly disseminates relevant information with FPUA as needed.
Continuously monitors, analyzes and responds to SEIM (Check Point, Intermapper, Card Access, etc.) alerts from monitoring tools, vendors, and third parties.
Investigates, documents, and reports any actual/potential IT security vulnerabilities, violations, breeches, or inappropriate computer use.
Prioritizes risk mitigations to be implemented by ITS or FPUA staff.
Provides ongoing security awareness and procedure training to all FPUA staff members.
Ensures security best practices are identified and integrated into all facets of the project including network, system designs/configuration, and implementations.
Evaluates internal software applications for implementation of secure coding methods.
Provides information security expertise to system development teams throughout the lifecycle process.
Represents FPUA when working with law enforcement on cybersecurity related issues.
Ensures compliance with internal cybersecurity policies, cybersecurity laws and regulations.
Interfaces with other teams and vendors to develop and implement overall solutions to meet necessary regulatory requirements.
Influences system requirements and design processes to incorporate the identification of Cyber requirements.
Suggests architecture solutions to the systems that support both the functional requirements of the systems and Cyber or IA requirements.
Identifies applicable security controls and analyzes assessment procedures to validate controls.
Makes recommendations to management on enhancements to existing and new security hardware, software or related tools. Assists in evaluating, planning, configuration and implementation of new/existing security applications/tools.
Performs other duties as assigned.