Domain Engineer II (Privacy Matters Investigator) #22-63387

Full-time
San Diego Gas & Electric
Description
Job Description

SDG&E is an innovative San Diego-based energy company that provides clean, safe and reliable energy to better the lives of the people it serves in San Diego and southern Orange counties. The company is committed to creating a sustainable future by providing its electricity from renewable sources; modernizing natural gas pipelines; accelerating the adoption of electric vehicles; supporting numerous non-profit partners; and, investing in innovative technologies to ensure the reliable operation of the region’s infrastructure for generations to come. SDG&E is a subsidiary of Sempra Energy (NYSE: SRE).

Our highly trained and responsive employees with their diverse skills, talents and ideas are the reason we can deliver on our commitment and are building America’s best energy company. They are also the reason why we have been recognized with the industry’s most coveted awards. Our employees undertake challenging work, and receive highly competitive compensation and benefits. As one of the region’s largest employers, we’re always searching for talented and bright people to join our team. After all, it takes the best to build the best. Learn more about benefits HERE.

Diversity and inclusion are core values of SDG&E. Empowering our employees to be their whole selves at work is our competitive advantage. This is where new ideas come from and meaningful collaboration gets an authentic start. By bringing together people with different perspectives, diverse backgrounds and real commitment to their own individuality, we have built a stronger business. Learn more about our commitment to diversity and inclusion HERE.

For more information, visit SDGEnews.com or connect with SDG&E on Twitter (@SDGE), Instagram (@SDGE) and Facebook.

 

Primary Purpose

The Domain Engineer II – Cybersecurity contributes to the cybersecurity capabilities for the organization. Collaborates with cybersecurity teams to identify and mitigate risks to ensure Information Technology (IT) and Operations Technology (OT) applications, information, network, and infrastructure are designed and implemented to reduce risk to an acceptable level. Performs and assists other staff in performing IT and OT security risk assessments of projects, programs and/or cybersecurity controls and tools. Participates in company projects from a cybersecurity technical perspective.

Duties and Responsibilities

  • Conducts investigations pertaining to potential data breach scenarios involving Company data, Customer Data and other regulated information. Participates with security team by identifying low to medium risk enterprise-level cybersecurity threats and risks. With team direction, supports product teams with cybersecurity consulting and embracing a continuous monitoring approach. Evaluates cybersecurity technology tools according to delivery framework for business-critical functional areas. Drafts documentation for implementations of cybersecurity systems or technology, documenting process and contributing to reports on potential enhancements and proposed controls.
  • Author reports documenting the investigation and describing the data at risk and the quantity thereof. Work with legal teams and business units to discuss investigations and provide findings. Performs low to medium risk security risk analysis and assessments of company infrastructure and assets for company business units and assists in developing and delivering final assessment reports. May assist other cybersecurity staff with security risk assessments that are more complex or larger in scope. Completes analyses focused on supporting performance, risk assessment, and capacity management in the end-to-end assessment of cybersecurity related capabilities (where a capability is a technical service, process, function, or application, e.g. cybersecurity compliance, risk management). Supports maintenance of cybersecurity systems and related technology tools.
  • Assist in identification of enterprise level cybersecurity threats and risks, investigates, documents and participates in Third Party Risk Management activities. Participates in evaluation and selection of cybersecurity technology (systems, platforms, or networks) to mitigate identified risks, with an emphasis on automation to enable strategic capabilities, including risk assessments and process reviews as part of the technical team. Partners with other engineers and architects to ensure cybersecurity impacts are noted and performance needs are met.
  • Delivers work in accordance with an agile mindset. Agile is a methodology supporting new ways of working emphasizing incremental delivery, value prioritization, often using scrum process. Assists in incremental value creation and business agility, adopting scrum or kanban methodologies as appropriate to their team. Kanban and scrum are frameworks used for organizing work in an agile way, focused on managing flow of knowledge and operational work and driving continuous improvement for a team.
  • Performs other duties as assigned (no more than 5% of duties).
Qualifications

Required Qualifications: 

  • Bachelor’s Degree Information Systems, Software Engineering, Computer Science, related field or equivalent training and/or experience.
  • 3 years – Professional experience working in IT delivery or cybersecurity engineering, including experience in cybersecurity process, risk assessments, and troubleshooting of systems.
  • 1 year – Experience working with cybersecurity and technology, with experience in endpoint security, network security, risk management, and/or application security. Significant experience performing vulnerability assessments and/or remediating security vulnerabilities, and developing security capabilities.
  • Cybersecurity Acumen – Knowledge of cybersecurity design and architecture (application, data, and technical) with understanding of how systems and processes work together as aligned to business and IT imperatives.
  • Technical Writing – The ability to communicate effectively in writing and produce high-quality reports for senior leadership.
  • Cybersecurity Engineering – Ability to deliver holistic support to secure systems, identifying threats and vulnerabilities in systems and applications, creating security applications and solutions, designing for resiliency and security to enhance security capabilities protecting data from theft, compromise or attack.
  • Cybersecurity Risk Assessment – Ability to evaluate existing systems and solutions for security risk and vulnerabilities, designing solutions and systems that provide quality and traceability of risk data and analytics to inform security recommendations.
  • Network Security Skills – Ability to deliver network security services through preventing unauthorized access to network resources (data and voice systems), managing network security related incidents and providing on-going services to maintain network security operations functions (firewall, DNZ, corporate LANs, etc.).
  • Identity and Access Management – Knowledge related to design and delivery of solutions for establishing user, applications and device credentials and processes for applying those credentials to access enterprise systems and applications.
  • Development Languages – Knowledge and understanding of one or more IT programming languages and database architectures, and ability to write code and develop applications using those languages.

Preferred Qualifications:

  • 3 years – Experience with National Institute of Standards and Technology (NIIST) Cybersecurity Framework (CSF) or Risk Management Framework (RMF) such NIST 800-53.
  • 1 year – Experience with hands-on development and programming of software and systems.
  • CompTIA Security+, Global Information Assurance Certification (GIAC) or GIAC Security Essentials (GSEC).
  • Cybersecurity Engineering – Ability to deliver holistic support to secure systems, identifying threats and vulnerabilities in systems and applications, creating security applications and solutions, designing for resiliency and security to enhance security capabilities protecting data from theft, compromise or attack.
  • DevSecOps Practices – Strong understanding of automation and security concepts and processes (e.g., test automation, code coverage, DevSecOps, Continuous Integration / Continuous Delivery (CI/CD) pipelines, etc.), and ability to drive the integration of development, operations, and security into enterprise software development.
  • Software Delivery Frameworks – Strong knowledge of delivery frameworks such as Agile Scrum, Kanban, and/or Software Development Lifecycle (SDLC); proven ability executing projects in a collaborative, fast paced environment.
  • IT Service Management – Ability to manage IT services lifecycle (service strategy, design, transition, operation, continuous service improvement) and use DevOps methodology and tools to analyze results.

 

  • May require 24/7 response availability.

 

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability or protected veteran status.

Menu