Entergy
Information Security Engineer III Job Details | Entergy
Entergy, Magnolia, Texas, us, 77353
Work Place Flexibility:
Hybrid
Legal Entity:
Entergy Services, LLC
*** These positions may be filled in any city within Entergy's service territory, The Woodlands Tx or New Orleans LA preferred ***
Brief Position Description
The OT Cyber Security team executes and/or oversees the activities required to secure Entergy's critical systems and assets as well as meet or exceed Entergy's commitment and obligation to the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards. This position is expected to have operational experience in areas of information technology, operational technology, and cyber security, with experience working in electrical power, professional auditing, and risk-based compliance processes preferred. Engineers are accountable to perform daily assigned activities, escalate issues identified while performing daily activities, and identification and implementation of process improvement opportunities, while ensuring Entergy can demonstrate compliance with the NERC CIP requirements.
Key responsibilities include:Ensure OT cyber assets meet or exceed regulatory requirements and industry best practicesFor OT environments, responsible for ensuring security and compliance with relevant regulatory compliance requirements (e.g. North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP), etc. Including but not limited to:
Configuration Baselines and monitoringElectronic Security Perimeters (ESP)Asset inventory and classificationCommissioning new assets including substations, control centers, data centersSecurity monitoring, logging, and alertingMalware prevention and vulnerability managementTransient cyber asset protectionsSecurity Patch Management
Daily reconciliation of configuration baseline changes against change authorizations to detect unauthorized deviations.Level I triage of detected cybersecurity logging failures. Collaborate with asset owners/stakeholders regarding cyber assets that have failed logging.Maintenance of cyber asset inventory information for accuracy.Facilitate change management reviews, task completion, and evidence corresponding work.Monitor systems for non-compliance with standards and escalate to appropriate members of leadership.Support change management initiatives and weekly activities, including security assessments and Change Advisory Board review and approvalsParticipate in disaster recovery planning, preparation and testing.Support other departmental initiatives such as vulnerability assessments, penetration testing, internal assessments/tiger teams, or as stakeholders in other teams capital projectsBe an active member in preparation for required auditsParticipate in audit interviews as directed by leadershipIdentify and Implement improvement opportunities including automation, tool configuration, and process changes.Support department projects, such as new hardware deployments, software upgrades, capability enhancements, etc.Expand services provided as directed by leadership.Other duties as requiredEducation Needed
Degree: Bachelor's degree preferredCertification/License: Cybersecurity certification preferred (e.g. CISSP, CISA, CRISC, etc.)Experiences Needed
Minimum Years of Experience: 5+
2+ years of technical experience in data collection and analysis.2+ years of experience in Cyber Security; preferred domains include Baseline Configuration Monitoring, Backup & Recovery, Change Management Oversight, Reuse & Disposal, NERC CIP, NIST CSF, Security Controls planning and/or auditing, security monitoring and analysis.Experience with OT environments preferred.Communication Skills: Excellent
Base Competencies:
Expert knowledge of PC, presentation, word processing and analytical softwareStrong data collection and analysis skillsStrong ability to work in cross-functional teamsStrong problem solving skillsExperience working in an on-call team rotation preferredStrong organizational and time management skillsStrong understanding of regulatory and compliance requirements; NERC CIP and/or SOX preferredExpert understanding of cyber security principlesStrong skills and experience in cyber security technical competencies (e.g. security tools, processes, etc.)Continuous Improvement mindset. Can develop or proposes automation and/or process improvement, when directed, to improve efficiencies.Job Specific Experiences/Competencies Desired:
Deep understanding of configuration monitoring tools and processes (e.g. Tripwire, Industrial Defender, etc.)Understanding of NERC CIP StandardsUnderstanding of security impacts of other regulations (NRC 10 CFR 73.54, SOX, HIPAA, etc.)Knowledge of security, risk, and control frameworks, standards, and best practices such as ISO 27001 and 27002, SANS-CAG, ITIL, NIST CSF, NIST 800-53, C2M2, etc.)Understanding of multiple cyber security domains, such as:
Asset, Change, and Configuration ManagementThreat and Vulnerability ManagementRisk ManagementIdentity and Access ManagementSituational AwarenessIncident Response and Continuity of OperationsThird-Party Risk ManagementCybersecurity ArchitectureCybersecurity Program Management
Understanding of SIEM, vulnerability detection/management, and malicious software prevention technologies such as Splunk, Tripwire, Symantec, BeyondTrust, Dragos, Nessus, Qualys, etc.Knowledge of multiple OS and platforms (e.g. Windows, Linux, UNIX, Cisco iOS, Checkpoint GAIA, etc.)Understanding of current cyber security trends and best practices in technology, as well as monitoring best practices and toolsHands-on technical engineering and process management skills and the ability to advocate positive transformation within the broader information technology organizationKnowledge with scripting languages such as Perl or PythonExperience working with outsourced teamsAbility to work effectively with team members and with customersStrong organizational and time management skillsCommitment to customer service with strong oral and written communication skillsAvailable to travel up to 25%Self-motivated, with ability to manage and follow-up on multiple tasks simultaneously.Capable of meeting deadlines
#LI-SB1
#LI-HYBRID
Primary Location:
Texas-The WoodlandsArkansas : Little Rock || Louisiana : New Orleans || Mississippi : Jackson || Texas : The WoodlandsJob Function : Information TechnologyFLSA Status : ProfessionalRelocation Option:
No Relocation OfferedUnion description/code : NON BARGAINING UNITNumber of Openings : 1Req ID:
114935Travel Percentage :Up to 25%
An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the EEI page, or see statements below.
EEO Statement: The Entergy System of Companies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a protected veteran in accordance with applicable federal, state and local laws. The Entergy System of Companies complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment including, but not limited to, recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.
The Entergy System of Companies expressly prohibits any form of unlawful employee harassment based on race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of the Entergy System of Company employees to perform their expected job duties is absolutely not tolerated.
Accessibility: Entergy provides reasonable accommodations for online applicants. Requests for a reasonable accommodation may be made orally or in writing by an applicant, employee, or third party on his or her behalf.If you are an individual with a disability and you are in need of an accommodation for the recruiting process please click
here
and provide your name, contact number, the accommodation requested and the requisition number that you are requesting the accommodation for. Employee Services will contact you regarding your request.
Additional Responsibilities: As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Entergy Pay Transparency Policy Statement: The Entergy System of Companies (the Company) will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company's legal duty to furnish information. 41 CFR 60-1.35(c).
Equal Opportunity
and
Pay Transparency
.
Pay Transparency Notice:
Pay Transparency Nondiscrimination Provision (dol.gov)
The non-confidential portions of the affirmative action program for individuals with disabilities and protected veterans shall be available for inspection upon request by any employee or applicant for employment. Please contactHRCompliance@entergy.com to schedule a time to review the affirmative action plan during regular office hours.
WORKING CONDITIONS:As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Please note:
Authorization to work in the United States is a precondition to employment in this position. Entergy will not sponsor candidates for work visas for this position.
Hybrid
Legal Entity:
Entergy Services, LLC
*** These positions may be filled in any city within Entergy's service territory, The Woodlands Tx or New Orleans LA preferred ***
Brief Position Description
The OT Cyber Security team executes and/or oversees the activities required to secure Entergy's critical systems and assets as well as meet or exceed Entergy's commitment and obligation to the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards. This position is expected to have operational experience in areas of information technology, operational technology, and cyber security, with experience working in electrical power, professional auditing, and risk-based compliance processes preferred. Engineers are accountable to perform daily assigned activities, escalate issues identified while performing daily activities, and identification and implementation of process improvement opportunities, while ensuring Entergy can demonstrate compliance with the NERC CIP requirements.
Key responsibilities include:Ensure OT cyber assets meet or exceed regulatory requirements and industry best practicesFor OT environments, responsible for ensuring security and compliance with relevant regulatory compliance requirements (e.g. North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP), etc. Including but not limited to:
Configuration Baselines and monitoringElectronic Security Perimeters (ESP)Asset inventory and classificationCommissioning new assets including substations, control centers, data centersSecurity monitoring, logging, and alertingMalware prevention and vulnerability managementTransient cyber asset protectionsSecurity Patch Management
Daily reconciliation of configuration baseline changes against change authorizations to detect unauthorized deviations.Level I triage of detected cybersecurity logging failures. Collaborate with asset owners/stakeholders regarding cyber assets that have failed logging.Maintenance of cyber asset inventory information for accuracy.Facilitate change management reviews, task completion, and evidence corresponding work.Monitor systems for non-compliance with standards and escalate to appropriate members of leadership.Support change management initiatives and weekly activities, including security assessments and Change Advisory Board review and approvalsParticipate in disaster recovery planning, preparation and testing.Support other departmental initiatives such as vulnerability assessments, penetration testing, internal assessments/tiger teams, or as stakeholders in other teams capital projectsBe an active member in preparation for required auditsParticipate in audit interviews as directed by leadershipIdentify and Implement improvement opportunities including automation, tool configuration, and process changes.Support department projects, such as new hardware deployments, software upgrades, capability enhancements, etc.Expand services provided as directed by leadership.Other duties as requiredEducation Needed
Degree: Bachelor's degree preferredCertification/License: Cybersecurity certification preferred (e.g. CISSP, CISA, CRISC, etc.)Experiences Needed
Minimum Years of Experience: 5+
2+ years of technical experience in data collection and analysis.2+ years of experience in Cyber Security; preferred domains include Baseline Configuration Monitoring, Backup & Recovery, Change Management Oversight, Reuse & Disposal, NERC CIP, NIST CSF, Security Controls planning and/or auditing, security monitoring and analysis.Experience with OT environments preferred.Communication Skills: Excellent
Base Competencies:
Expert knowledge of PC, presentation, word processing and analytical softwareStrong data collection and analysis skillsStrong ability to work in cross-functional teamsStrong problem solving skillsExperience working in an on-call team rotation preferredStrong organizational and time management skillsStrong understanding of regulatory and compliance requirements; NERC CIP and/or SOX preferredExpert understanding of cyber security principlesStrong skills and experience in cyber security technical competencies (e.g. security tools, processes, etc.)Continuous Improvement mindset. Can develop or proposes automation and/or process improvement, when directed, to improve efficiencies.Job Specific Experiences/Competencies Desired:
Deep understanding of configuration monitoring tools and processes (e.g. Tripwire, Industrial Defender, etc.)Understanding of NERC CIP StandardsUnderstanding of security impacts of other regulations (NRC 10 CFR 73.54, SOX, HIPAA, etc.)Knowledge of security, risk, and control frameworks, standards, and best practices such as ISO 27001 and 27002, SANS-CAG, ITIL, NIST CSF, NIST 800-53, C2M2, etc.)Understanding of multiple cyber security domains, such as:
Asset, Change, and Configuration ManagementThreat and Vulnerability ManagementRisk ManagementIdentity and Access ManagementSituational AwarenessIncident Response and Continuity of OperationsThird-Party Risk ManagementCybersecurity ArchitectureCybersecurity Program Management
Understanding of SIEM, vulnerability detection/management, and malicious software prevention technologies such as Splunk, Tripwire, Symantec, BeyondTrust, Dragos, Nessus, Qualys, etc.Knowledge of multiple OS and platforms (e.g. Windows, Linux, UNIX, Cisco iOS, Checkpoint GAIA, etc.)Understanding of current cyber security trends and best practices in technology, as well as monitoring best practices and toolsHands-on technical engineering and process management skills and the ability to advocate positive transformation within the broader information technology organizationKnowledge with scripting languages such as Perl or PythonExperience working with outsourced teamsAbility to work effectively with team members and with customersStrong organizational and time management skillsCommitment to customer service with strong oral and written communication skillsAvailable to travel up to 25%Self-motivated, with ability to manage and follow-up on multiple tasks simultaneously.Capable of meeting deadlines
#LI-SB1
#LI-HYBRID
Primary Location:
Texas-The WoodlandsArkansas : Little Rock || Louisiana : New Orleans || Mississippi : Jackson || Texas : The WoodlandsJob Function : Information TechnologyFLSA Status : ProfessionalRelocation Option:
No Relocation OfferedUnion description/code : NON BARGAINING UNITNumber of Openings : 1Req ID:
114935Travel Percentage :Up to 25%
An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the EEI page, or see statements below.
EEO Statement: The Entergy System of Companies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a protected veteran in accordance with applicable federal, state and local laws. The Entergy System of Companies complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment including, but not limited to, recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.
The Entergy System of Companies expressly prohibits any form of unlawful employee harassment based on race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of the Entergy System of Company employees to perform their expected job duties is absolutely not tolerated.
Accessibility: Entergy provides reasonable accommodations for online applicants. Requests for a reasonable accommodation may be made orally or in writing by an applicant, employee, or third party on his or her behalf.If you are an individual with a disability and you are in need of an accommodation for the recruiting process please click
here
and provide your name, contact number, the accommodation requested and the requisition number that you are requesting the accommodation for. Employee Services will contact you regarding your request.
Additional Responsibilities: As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Entergy Pay Transparency Policy Statement: The Entergy System of Companies (the Company) will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company's legal duty to furnish information. 41 CFR 60-1.35(c).
Equal Opportunity
and
Pay Transparency
.
Pay Transparency Notice:
Pay Transparency Nondiscrimination Provision (dol.gov)
The non-confidential portions of the affirmative action program for individuals with disabilities and protected veterans shall be available for inspection upon request by any employee or applicant for employment. Please contactHRCompliance@entergy.com to schedule a time to review the affirmative action plan during regular office hours.
WORKING CONDITIONS:As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Please note:
Authorization to work in the United States is a precondition to employment in this position. Entergy will not sponsor candidates for work visas for this position.