We use cookies to improve your experience on our site. To find out more, read our privacy policy.

Get Into Energy Jobs

Jobs in
Nuclear Energy
Jobs in
Natural Gas Energy
Jobs in
Renewable Energy
Jobs in
Electric Power
Business Careers
in Energy
Jobs in Nuclear Energy
Jobs in Natural Gas Energy
Jobs in Renewable Energy
Jobs in Electric Power
Business Careers in Energy
Home View All Jobs (9,161)

Job Information

ConEdison Senior Cybersecurity Analyst - (Red Team) IT Information Security in New York, New York

Senior Cybersecurity Analyst - (Red Team) IT Information Security

Job Info

112543

Posting Expiration Date:Jun 20, 2024

Schedule Type:Full-Time

Minimum Salary:$100000

Maximum Salary:$135000

Organization:IT Engineering & Operations

Department:Information Security

Section:IT ENG Information Security

Location:NY-New York-4 Irving Pl Headquarters

Similar Jobs

Sr System Analyst - IT Identity and Access Management (https://careers.coned.com/jobs/14420619-sr-system-analyst)

Systems Manager, IT BSD CGI Product Dev

Systems Specialist-Portfolio Manager, Enterprise Data & Analytics (https://careers.coned.com/jobs/14411110-systems-specialist)

Sr System Cyber Analyst - Information Security

System Analyst, IT Information Security (https://careers.coned.com/jobs/14403921-system-analyst)

Job Description

Mission Statement

  • Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) employees are required to follow health, safety, and environmental policies, EEO, Standards of Business Conduct, and all other applicable company policy and procedures. We all share a responsibility to advance the company’s mission by excelling at our three corporate priorities – safety of our people and the public, operational excellence in all that we do, and ensuring the best possible customer experience.

Core Responsibilities

  • Act as a senior technical resource, mentor team members, and contribute to the development of the ConEd Red Team Program.

  • With oversight from management and the lead analyst, competently perform a variety of penetration testing, red team, and social engineering assessment activities that are of comparable sophistication to real-world adversarial attacks.

  • Develop assessment strategies with key stakeholders.

  • Create accurate documentation that provides concise explanations and conveys informative descriptions of findings, including technical explanations/walkthroughs, root causes, impact, and remediation/mitigation strategies.

  • Continuously learn, improve, and hone your skills to deliver advanced assessments.

  • Develop scripts and tools to automate tedious processes and increase efficiency.

  • Stay abreast of TTPs, global security incidents, industry trends, advisories, publications, research, talks, and other relevant developments

  • Effectively communicate technical concepts to non-technical audiences.

  • Coordinate with business owners to remediate/mitigate findings and verify changes are successful.

  • Represent the department in the company and industry with research, talks, publications, articles, posts, training, etc.

  • Assist with developing internal methodologies and process improvement for the team, including mentoring and transferring knowledge across team members.

  • Collaborate with blue teams to bolster detection and response capabilities.

Required Education/Experience

  • High School Diploma/GED and Minimum of five (5) years in information security, with a minimum of one (1) years in a red team or penetration testing role. Utility industry experience preferred. or

  • Associate's Degree and Minimum of four (4) years in information security, with a minimum of one (1) years in a red team or penetration testing role. Utility industry experience preferred. or

  • Bachelor's Degree and Minimum of three (3) years in information security, with a minimum of one (1) years in a red team or penetration testing role. Utility industry experience preferred.

Preferred Education/Experience

  • Bachelor's Degree Information Technology, Computer Science, Math, Engineering or business related disciplines.

  • Master's Degree Information Technology, Computer Science, Math, Engineering or business related disciplines.

Relevant Work Experience

  • Less than 2 years Perform OSINT/Reconnaissance to identify publicly damaging information, misconfigurations, and interesting targets Required

  • Less than 2 years Perform scoping, define rules of engagement, and deliver assessments from kickoff through remediation Required

  • 3-5 years Be experienced with common pentesting platforms, such as Kali Linux, as well as related tooling, such as for network analysis (e.g. nmap), vulnerability analysis (e.g. Nessus), exploitation (e.g. Metasploit), and web app pentesting (e.g. Burp Suite) Required

  • 3-5 years Possess a solid understanding of network architecture and design, network protocols, covert channels, encryption, and data exfiltration Required

  • 3-5 years Be experienced with Windows, Mac, Linux, Unix operating systems, virtualization, storage, databases, and other related systems and technologies and their respective security considerations Required

  • 3-5 years Possess a thorough understanding of network/systems pentesting procedures Required

  • 3-5 years Be able to differentiate between safe and risky/dangerous techniques Required

  • 3-5 years Be able to communicate to both technical and executive/business audiences Required

  • 3-5 years Be able to work independently and within a team Required

  • Less than 2 years Be comfortable and effective working remotely within a distributed team Required

  • Less than 2 years Coach teams to build in security by design Required

  • 3-5 years Leverage critical thinking and creativity; think outside the box and do not rely on tooling Required

  • 3-5 years Effectively manage large amounts of information from complex environments and applications Required

  • 3-5 years Possess a deep understanding of general information security concepts and defensive controls, such as risk management, governance, compliance, least privilege, network monitoring, malware protection and analysis, endpoint security, DLP, intrusion detection/prevention, and SIEM systems Preferred

  • 3-5 years Be familiar with assessment frameworks, such as MITRE ATT&CK, PTES, OSSTMM, OWASP Testing Guide, etc. Preferred

  • Less than 2 years Possess a detailed understanding of systems/network hardening, secure coding practices, and mitigation/remediation strategies Preferred

  • Less than 2 years Be able to perform assessment activities in a quiet/stealthy manner and circumvent security controls Preferred

  • 3-5 years Be competent with one or more scripting languages, such as Bash, PoSh, Python, Ruby, etc. Preferred

  • Less than 2 years Be able to perform threat modeling and possess an in-depth understanding of threat and vulnerability analysis Preferred

  • 2 years Familiarity with several web development languages, such as Java, PHP, Ruby on Rails, C#/ASP.NET, SQL, Go, Javascript/Node, HTML, etc. Preferred

  • The ability to perform exploit development/modification and reverse engineering is preferred Preferred

  • Be competent with wireless penetration testing procedures and wireless technologies; experience beyond 802.11 (e.g. Bluetooth, Zigbee, etc.) is preferred Preferred

  • Possess an understanding of physical security controls and their weaknesses Preferred

  • Have experience with phishing, vishing, and/or on-site/in-person social engineering Preferred

  • Be competent with application, mobile, and API penetration testing procedures; the ability to perform source code review is preferred Preferred

  • Be familiar with cloud computing concepts, cloud-native services, and DevOps (CI/CD, Kubernetes, etc.) Preferred

  • Experience with assessing IoT devices is preferred Preferred

  • Provide thought leadership within the organization and the industry Preferred

  • Participation in challenges and CTF events (Hack the Box, Pentester Academy Labs, etc.) is preferred Preferred

  • Interest in research and published CVEs are preferred Preferred

Skills & Ability

  • Strong written and verbal communication skills

  • Ability to drive multiple projects to successful completion

  • Develops and delivers effective presentations

Licenses & Certifications

  • Driver's License Required

  • Other: OSWP, OSCP, OSCE, OSEP, OSWE, OSED, OSEE, GPEN, GCIH, GPXN, GWAPT, GMOB, GAWN, GCPN, and/or similar certifications are preferred Preferred

Physical Demands

  • Must push, pull, lift up to 25 pounds

  • Must sit or stand to use a keyboard, mouse, and computer for entire shift

Other Physical Demands

  • Must be able to respond to Company emergencies by performing a System Emergency Assignment to restore service to our customers.

  • Must be able and willing to travel within Company service territory, approximately quarterly, but also as-needed.

Technical Difficulty Statement

  • For technical issues, please contact us at [email protected]

Equal Opportunity Employer

  • Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) are equal opportunity employers. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of the individual’s actual or perceived disability, protected veteran status, race, color, creed, religion, sex, age, national origin, gender, gender identity, gender expression, genetic information, marital status, sexual orientation, citizenship, domestic violence victim status, or any other actual or perceived status protected by law.
DirectEmployers