Entergy
Security Engineer
Entergy, The Woodlands, Texas, United States,
Entergy
Entergy is an integrated energy company that provides electricity to 3 million utility customers in Arkansas, Louisiana, Mississippi, and Texas. We power life.This position will be filled as an Information Security Engineer III or Sr depending on the candidate's experience and qualifications.This position may be filled in Jackson, MS; Little Rock, AR; The Woodlands, TX; or New Orleans, LA.Brief Position Description:The Senior Information Security Engineer is responsible for proactively improving and evolving a successful security engineering function within Information Security. The Security Engineering team owns the deployment and operation of security monitoring tools and processes designed for real-time analysis, triage, and response to events and alerts generated across the enterprise to protect the company’s assets, solutions, and services by reducing time to respond to and if necessary, remediate security incidents and risks. This role is focused on interpreting cyber security event data, security validation tests, user behavior analytics, third-party threat intel, and XDR data to develop security detection and response use cases as well as tune the systems that support the development of alert, response, and forensic data creation.Key responsibilities include:Act as primary detection engineer. Lead identification and implementation of detection and response use cases in partnership with the security operations center utilizing telemetry provided by or stored in one or more of the following sources: SIEM, XDR, Security Validation, External Threat Intelligence, User Behavior Analytics, and any additionally identified sources of security event data.Implement necessary monitoring policies, reference architectures, and procedures in compliance with statutory and regulatory requirements covering internal and external parties, regulated and non-regulated physical, operational, and business systems throughout the enterprise.Assist in satisfying specific requirements to ensure security of the environment in compliance with North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54).Execute on strategy & technology roadmap for the Security Information Event Management (SIEM) platform.Drive process excellence and maturity to push the envelope on delivering a world-class Cyber Security function to protect Entergy against cyber threats.Support life-cycle management of the SIEM platform, and other interconnected or related monitoring platforms including assistance with coordination and planning of upgrades, new deployments, and maintenance of current operational systems.Execute on world-class cyber defense capability for all information technology and operational technology assets including power generation units, nuclear plants, electric substations, SCADA, distribution automation, advanced metering infrastructure (AMI), email, and networks.Work closely with Consolidated Security Operations Center (CSOC), Threat & Vulnerability Management (TVM), other internal/external teams and management in a 24x7 operational environment.Execute the processes to monitor, analyze, and correlate logs and alerts across multiple platforms to identify advanced threats or incidents affecting the enterprise and aiding in the development of security monitoring use cases. This includes any potential source of security relevant logs and/or data.Assist in maintaining documentation and evidence to be used for after-action reporting and/or legal evidence.Monitor and respond to regulatory developments and industry best practices, with manager direction.Accountable for execution of security engineering support of all device classes (server, desktop, mobile, etc.), hosting models (on-premises, external, cloud) and applications to which security platforms apply.Work closely with all teams in Information Security to implement use cases for monitoring or SOAR.Deliver on KPIs to measure effectiveness of security engineering and report trends.Support security orchestration and automation efforts and help to identify opportunities to improve security response and precision.Collaborate and work across other IT and Information Security areas to design and onboard new systems to follow monitoring standards and best practices.Oversee and review work of junior resources as needed.Minimum Qualifications:Associate degree in computer science, cyber security or a related discipline or equivalent work experience.Information Security Engineer III:4 plus years of cyber security experience across multiple disciplines (monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering, application security, database, risk management, project management, etc.).1 year of experience working with Security Information Event Management platforms is a plus.Experience working with outsourced teams is a plus.Experience with vulnerability management, event management, security operations, incident management, and security reporting is a plus.Experience in designing, building, implementing, and supporting security monitoring solutions is a plus.Senior Security Engineer:At least 6 years of cyber security experience across multiple disciplines (monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering, data analytics, application security, database, risk management, project management, etc.).Experience developing Security detection and response use cases based around the Mitre ATT&CK Framework.Experience with Security Information Management, configuration, data aggregation, correlation and monitoring tools like a Security Incident and Event Management system, Security Monitoring tools, Endpoint Protection Platform and Extended Detection and Response technologies, Configuration Management tools, etc.Experience working with outsourced teams.Experience with vulnerability assessment, event management, operations, incident management and reporting.Experience in supporting Monitoring Tool solutions.Knowledge, Skills, and Abilities:Demonstrated technical engineering and process management skills and the ability to advocate and support positive transformation within the broader information technology organization.Knowledge of cloud monitoring strategies and techniques.Knowledge of Security orchestration, automation, and response.Knowledge of User and Entity Behavior Analytics.Broad knowledge of multiple UNIX OS platforms and Windows-based operating systems.Well-versed in security operations, cyber security monitoring, intrusion detection, and secured networks.Preferred Qualifications:Strong knowledge of security ramifications of businesses regulations (SOX, HIPAA, NERC CIP, FERC, and NRC Nuclear Cyber (10 CFR 73.54).Demonstrable experience developing and deploying security orchestration, automation, and response.Demonstrable experience developing and deploying user and entity behavior analytics platform and programs.Knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO ITIL, and ATT&CK.Knowledge of current IT Security trends and best practices in technology, as well as monitoring best practices and tools.Working knowledge with scripting languages such as Perl or Python.Strong understanding of cloud computing and patterns involved in monitoring across cloud, hosted and on-prem architectures.Strong report writing and communication and ability to effectively communicate across the IT organization.The ability to work well independently or with a team.Capable of meeting deadlines.Certificates, Licenses, etc.:CISSP, CISM, CISA or GIAC certifications are a plus.#LI-SB1#LI-HYBRIDPrimary Location:
Texas-The Woodlands, Mississippi: Jackson, Arkansas: Little Rock, Louisiana: New Orleans, Texas: The WoodlandsJob Function:
Information TechnologyFLSA Status:
ProfessionalRelocation Option:
No Relocation OfferedUnion description/code:
NON BARGAINING UNITNumber of Openings:
1Req ID:
116326Travel Percentage:
Up to 25%An Equal Opportunity Employer, Minority/Female/Disability/Vets.
#J-18808-Ljbffr
Entergy is an integrated energy company that provides electricity to 3 million utility customers in Arkansas, Louisiana, Mississippi, and Texas. We power life.This position will be filled as an Information Security Engineer III or Sr depending on the candidate's experience and qualifications.This position may be filled in Jackson, MS; Little Rock, AR; The Woodlands, TX; or New Orleans, LA.Brief Position Description:The Senior Information Security Engineer is responsible for proactively improving and evolving a successful security engineering function within Information Security. The Security Engineering team owns the deployment and operation of security monitoring tools and processes designed for real-time analysis, triage, and response to events and alerts generated across the enterprise to protect the company’s assets, solutions, and services by reducing time to respond to and if necessary, remediate security incidents and risks. This role is focused on interpreting cyber security event data, security validation tests, user behavior analytics, third-party threat intel, and XDR data to develop security detection and response use cases as well as tune the systems that support the development of alert, response, and forensic data creation.Key responsibilities include:Act as primary detection engineer. Lead identification and implementation of detection and response use cases in partnership with the security operations center utilizing telemetry provided by or stored in one or more of the following sources: SIEM, XDR, Security Validation, External Threat Intelligence, User Behavior Analytics, and any additionally identified sources of security event data.Implement necessary monitoring policies, reference architectures, and procedures in compliance with statutory and regulatory requirements covering internal and external parties, regulated and non-regulated physical, operational, and business systems throughout the enterprise.Assist in satisfying specific requirements to ensure security of the environment in compliance with North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54).Execute on strategy & technology roadmap for the Security Information Event Management (SIEM) platform.Drive process excellence and maturity to push the envelope on delivering a world-class Cyber Security function to protect Entergy against cyber threats.Support life-cycle management of the SIEM platform, and other interconnected or related monitoring platforms including assistance with coordination and planning of upgrades, new deployments, and maintenance of current operational systems.Execute on world-class cyber defense capability for all information technology and operational technology assets including power generation units, nuclear plants, electric substations, SCADA, distribution automation, advanced metering infrastructure (AMI), email, and networks.Work closely with Consolidated Security Operations Center (CSOC), Threat & Vulnerability Management (TVM), other internal/external teams and management in a 24x7 operational environment.Execute the processes to monitor, analyze, and correlate logs and alerts across multiple platforms to identify advanced threats or incidents affecting the enterprise and aiding in the development of security monitoring use cases. This includes any potential source of security relevant logs and/or data.Assist in maintaining documentation and evidence to be used for after-action reporting and/or legal evidence.Monitor and respond to regulatory developments and industry best practices, with manager direction.Accountable for execution of security engineering support of all device classes (server, desktop, mobile, etc.), hosting models (on-premises, external, cloud) and applications to which security platforms apply.Work closely with all teams in Information Security to implement use cases for monitoring or SOAR.Deliver on KPIs to measure effectiveness of security engineering and report trends.Support security orchestration and automation efforts and help to identify opportunities to improve security response and precision.Collaborate and work across other IT and Information Security areas to design and onboard new systems to follow monitoring standards and best practices.Oversee and review work of junior resources as needed.Minimum Qualifications:Associate degree in computer science, cyber security or a related discipline or equivalent work experience.Information Security Engineer III:4 plus years of cyber security experience across multiple disciplines (monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering, application security, database, risk management, project management, etc.).1 year of experience working with Security Information Event Management platforms is a plus.Experience working with outsourced teams is a plus.Experience with vulnerability management, event management, security operations, incident management, and security reporting is a plus.Experience in designing, building, implementing, and supporting security monitoring solutions is a plus.Senior Security Engineer:At least 6 years of cyber security experience across multiple disciplines (monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering, data analytics, application security, database, risk management, project management, etc.).Experience developing Security detection and response use cases based around the Mitre ATT&CK Framework.Experience with Security Information Management, configuration, data aggregation, correlation and monitoring tools like a Security Incident and Event Management system, Security Monitoring tools, Endpoint Protection Platform and Extended Detection and Response technologies, Configuration Management tools, etc.Experience working with outsourced teams.Experience with vulnerability assessment, event management, operations, incident management and reporting.Experience in supporting Monitoring Tool solutions.Knowledge, Skills, and Abilities:Demonstrated technical engineering and process management skills and the ability to advocate and support positive transformation within the broader information technology organization.Knowledge of cloud monitoring strategies and techniques.Knowledge of Security orchestration, automation, and response.Knowledge of User and Entity Behavior Analytics.Broad knowledge of multiple UNIX OS platforms and Windows-based operating systems.Well-versed in security operations, cyber security monitoring, intrusion detection, and secured networks.Preferred Qualifications:Strong knowledge of security ramifications of businesses regulations (SOX, HIPAA, NERC CIP, FERC, and NRC Nuclear Cyber (10 CFR 73.54).Demonstrable experience developing and deploying security orchestration, automation, and response.Demonstrable experience developing and deploying user and entity behavior analytics platform and programs.Knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO ITIL, and ATT&CK.Knowledge of current IT Security trends and best practices in technology, as well as monitoring best practices and tools.Working knowledge with scripting languages such as Perl or Python.Strong understanding of cloud computing and patterns involved in monitoring across cloud, hosted and on-prem architectures.Strong report writing and communication and ability to effectively communicate across the IT organization.The ability to work well independently or with a team.Capable of meeting deadlines.Certificates, Licenses, etc.:CISSP, CISM, CISA or GIAC certifications are a plus.#LI-SB1#LI-HYBRIDPrimary Location:
Texas-The Woodlands, Mississippi: Jackson, Arkansas: Little Rock, Louisiana: New Orleans, Texas: The WoodlandsJob Function:
Information TechnologyFLSA Status:
ProfessionalRelocation Option:
No Relocation OfferedUnion description/code:
NON BARGAINING UNITNumber of Openings:
1Req ID:
116326Travel Percentage:
Up to 25%An Equal Opportunity Employer, Minority/Female/Disability/Vets.
#J-18808-Ljbffr