Consolidated Edison Inc
Consolidated Edison Inc is hiring: Senior Cybersecurity Specialist- (Red Team) I
Consolidated Edison Inc, New York, NY, United States
Job Description
The ConEd Red Team focuses on performing real-world attacks and adversarial simulation to protect some of the nation's most critical infrastructure by proactively identifying attack chains that lead to sensitive information or potential service disruption. Work activities range from traditional penetration testing to complex, custom scenarios with the intent of bypassing security controls, avoiding detection, and obtaining sensitive levels of access or information. This is a new initiative where all team members are expected to assist with maturing the program and developing creative attack scenarios. ConEd's cloud environments, publicly available services, internal IT and OT infrastructure, and customer-facing and internal applications are all within scope. Red Team members will monitor trends, scenarios, and the changing threat landscape and will coordinate with the broader cyber security and infrastructure teams to take appropriate actions on both immediate needs and regularly scheduled cadences. The team also has related responsibilities to provide guidance and direction to its blue team counterparts and bolster the overall security posture and capabilities of the organization's cyber security program.
Responsibilities
Core Responsibilities
Qualifications
Required Education/Experience
About Us
Mission Statement:
Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) employees are required to follow health, safety, and environmental policies, EEO, Standards of Business Conduct, and all other applicable company policy and procedures. We all share a responsibility to advance the company's mission by excelling at our three corporate priorities - safety of our people and the public, operational excellence in all that we do, and ensuring the best possible customer experience.
About the Team
EEO Statement:
Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) are equal opportunity employers. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of the individual's actual or perceived disability, protected veteran status, race, color, creed, religion, sex, age, national origin, gender, gender identity, gender expression, genetic information, marital status, sexual orientation, citizenship, domestic violence victim status, or any other actual or perceived status protected by law.
Technical Difficulty Statement:
For technical issues, please contact us at careerconnect@coned.com
The ConEd Red Team focuses on performing real-world attacks and adversarial simulation to protect some of the nation's most critical infrastructure by proactively identifying attack chains that lead to sensitive information or potential service disruption. Work activities range from traditional penetration testing to complex, custom scenarios with the intent of bypassing security controls, avoiding detection, and obtaining sensitive levels of access or information. This is a new initiative where all team members are expected to assist with maturing the program and developing creative attack scenarios. ConEd's cloud environments, publicly available services, internal IT and OT infrastructure, and customer-facing and internal applications are all within scope. Red Team members will monitor trends, scenarios, and the changing threat landscape and will coordinate with the broader cyber security and infrastructure teams to take appropriate actions on both immediate needs and regularly scheduled cadences. The team also has related responsibilities to provide guidance and direction to its blue team counterparts and bolster the overall security posture and capabilities of the organization's cyber security program.
Responsibilities
Core Responsibilities
- Act as a senior technical resource, mentor team members, and contribute to the development of the ConEd Red Team Program.
- With oversight from management and the lead analyst, competently perform a variety of penetration testing, red team, and social engineering assessment activities that are of comparable sophistication to real-world adversarial attacks.
- Develop assessment strategies with key stakeholders.
- Create accurate documentation that provides concise explanations and conveys informative descriptions of findings, including technical explanations/walkthroughs, root causes, impact, and remediation/mitigation strategies.
- Continuously learn, improve, and hone your skills to deliver advanced assessments.
- Develop scripts and tools to automate tedious processes and increase efficiency.
- Stay abreast of TTPs, global security incidents, industry trends, advisories, publications, research, talks, and other relevant developments
- Effectively communicate technical concepts to non-technical audiences.
- Coordinate with business owners to remediate/mitigate findings and verify changes are successful.
- Represent the department in the company and industry with research, talks, publications, articles, posts, training, etc.
- Assist with developing internal methodologies and process improvement for the team, including mentoring and transferring knowledge across team members.
- Collaborate with blue teams to bolster detection and response capabilities.
Qualifications
Required Education/Experience
- Master's Degree and Minimum of five (2) years in information security, with a minimum of one (1) years in a red team or penetration testing role. Utility industry experience preferred. or
- Bachelor's Degree and Minimum of five (3) years in information security, with a minimum of one (1) years in a red team or penetration testing role. Utility industry experience preferred. or
- Associate's Degree and Minimum of five (5) years in information security, with a minimum of one (1) years in a red team or penetration testing role. Utility industry experience preferred. or
- High School Diploma/GED and Minimum of five (7) years in information security, with a minimum of one (1) years in a red team or penetration testing role. Utility industry experience preferred.
- Master's Degree and Minimum of five (2) years in information security, with a minimum of one (1) years in a red team or penetration testing role. Utility industry experience preferred.
- Perform OSINT/Reconnaissance to identify publicly damaging information, misconfigurations, and interesting targets Required
- Develops and delivers effective presentations
- Driver's License
- Other: OSWP, OSCP, OSCE, OSEP, OSWE, OSED, OSEE, GPEN, GCIH, GPXN, GWAPT, GMOB, GAWN, GCPN, and/or similar certifications are preferred Preferred
- Ability to push, pull, and lift up to 25 pounds
- Sit or stand to use a keyboard, mouse, and computer for the duration of the workday
- Must be able to respond to Company emergencies by performing a System Emergency Assignment to restore service to our customers.
- Must be able and willing to travel within Company service territory, approximately quarterly, but also as-needed.
About Us
Mission Statement:
Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) employees are required to follow health, safety, and environmental policies, EEO, Standards of Business Conduct, and all other applicable company policy and procedures. We all share a responsibility to advance the company's mission by excelling at our three corporate priorities - safety of our people and the public, operational excellence in all that we do, and ensuring the best possible customer experience.
About the Team
EEO Statement:
Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) are equal opportunity employers. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of the individual's actual or perceived disability, protected veteran status, race, color, creed, religion, sex, age, national origin, gender, gender identity, gender expression, genetic information, marital status, sexual orientation, citizenship, domestic violence victim status, or any other actual or perceived status protected by law.
Technical Difficulty Statement:
For technical issues, please contact us at careerconnect@coned.com