Flux is currently seeking an Information System Security Engineer 2 to join our project team onsite with our client in Vancouver, WA. This contract Information System Security Engineer (ISSE) 2 position is located in the Security & Compliance Team (SCT) within the Transmission Technology (TT) organization of the organization. This position is focused on supporting capital improvement projects by facilitating the research and development of current and new systems. This position requires a wide range of specialized skills and depth of knowledge to adapt procedures, techniques and tools to meet specialized needs. Additionally, the position will provide technical support and assistance to other Security Control Assessors, Cybersecurity/InfoSec personnel and Transmission Technology (TT) co-workers on a variety of ad hoc and formal projects & programs requiring technical and policy/process/procedure analysis.
Position Responsibilities include:
· Provide Security & Design support to Enterprise/Solutions Architects within the TT organization:
o Changes to BES cyber systems, software applications, databases, and processes, as well as infrastructure support tools for code/release management, bug tracking, storage, and monitoring.
o System security engineering, planning, cross-functional configuration analysis, security requirements development,
o Draft and recommend monitoring security measures for the protection of TO computer networks and information.
o Identify security integration issues related to the implementation of new systems within the existing infrastructure.
o Research/review proposed new systems, networks, and software security issues including supply chain risk management.
o Provide recommendations and input into technical reviews of proposed projects.
o Draft initial designs using best practices and compliance requirements per Policy, Department of Energy (DOE), Department of Homeland Security (DHS) and the North American Electric Reliability Corporation (NERC CIP).
o Plan, design and facilitate requirements gathering meetings.
o Upon request, provide stage-gate input into systems/software architecture & designs for potential security risks/impacts.
o Conduct or assist with vulnerability testing of new implementations prior to releasing to production.
• Technical Writing and Communications; technical information via telephone, e-mail correspondence, and in-person meetings:
o Draft System Security & Compliance Plans (SSP/SSCP) in accordance with applicable policies and procedures.
o Provide recommendations for Account Management Plans for new systems.
o Draft Lessons Learned documents in conjunction with completed systems implementations.
o Provide functional documents including topology and data flow diagrams.
• Assist in implementing improved risk based practices such as NIST Risk Management Framework, over a multi-year horizon:
o Turn recommendations into draft plans and processes as required.
o Stay abreast of tools related to vulnerability and risk assessment Apply authorization to operate, and certification & accreditation/compliance processes in a FISMA and NERC CIP context.
• Assist in developing and improving cybersecurity capability:
o Review operating practices and documentation to verify if controls and security measures are adequate. Recommend necessary changes and alert the manager of any concerns.
o Research new and emerging techniques to determine their applicability for support of the needs of operations.
o Report into Transmission Operations Capability Maturity Model (TOCM2) improvement efforts.
• Provide technical input, recommendations, and assistance with the implementation of granular cyber security and solutions that incorporate cyber security controls and best practices into software programs, configurations, and processes that maintain compliance with laws, regulations, or Presidential directives:
o Assist with the development and implementation of configuration management plans for a secure, complex environment.
o Collaborate closely with IT’s Cyber Security organization (JB) to evaluate current Cyber Security controls.
· A Master’s degree in Computer Science, Information Assurance, Information Technology Management, Cyber Security, Forensics, Homeland Security, or a closely related technical discipline is preferred.
o With an applicable Bachelor’s degree, 4 years of experience is required.
o Without an applicable degree, 6 years of experience is required.
o Certain industry-recognized security certifications may substitute for 1 year of experience, with hiring manager approval.
· Experience must include:
o Developing and operating enterprise software applications on a variety of operating systems and versions.
o Developing and operating Industrial Control Systems (ICS).
o Evaluating the adequacy and existence of IT security controls, including Operations Technology (ICS).
Documenting evidence of testing and evaluation activities sufficient for a third-party auditor to follow.
· 4 years of experience with hands-on technical implementation of networks and systems commensurate with the professional certification of MCSE/MCITP, GIAC, CISSP, etc. The hands-on experience should have been technical in nature, employing or leveraging technologies involved in enterprise computing such as but not limited to, Active Directory, MS SQL or other RDBMS, IPSEC, IPv4/IPv6, operating system security configurations (DISA GOLD, STIG, FDCC, etc.), programming frameworks, scripting tools, and web services (Apache, Internet Information Server, etc.).
· 1 year of experience in security system engineering, including experience effectively performing security control implementation on networks, servers and systems and/or vulnerability assessments, e.g.
· One or more of the following networking or security certifications are required:
o Certified Secure Software Lifecycle Professional (CSSLP)
o Certified Information Systems Security Professional (CISSP)
o Certified Information Systems Auditor (CISA)
o Certified Information Security Manager (CISM)
o EC-Council Certified Ethical Hacker (CEH)
o EC-Council Hacking Forensics Investigator (CHFI)
o Global Information Assurance Certification (GIAC) in ICS, Cyber Defense, or Secure Software Programmer
o Microsoft Certified Solutions Expert (MCSE)
Apply on company website