Natural Rural Electric Cooperative Engineer, Cyber Security in Arlington, Virginia
Provides expert research, support and guidance to other architects, developers, technical staff and business owners to ensure that NRECA adequately safeguards its data and information systems based upon a detailed technical understanding across multiple security Domains. Creates and implements, in collaboration within IT and with business areas, a foundation and framework of Information Security infrastructures, processes, methods and standards. Works as subject matter expert to all information technology teams on vulnerability management, threat management, application security and contributes to any project requiring complex cyber security support.
Essential Duties and Responsibilities:
Conducts security vulnerability assessments using tools such as tenable Nessus or IBM Appscan to evaluate attack vectors, identifies vulnerabilities and collaborate with team leads to develop remediation plans.
Participates in the building of tools and automation that enables operational efficiency for security services defined by the information security program using Shell Scripting, Python and Windows PowerShell.
Builds and maintains dashboards that present actionable vulnerability data to IT teams and IT leadership in an intuitive manner.
Builds and delivers reports for IT staff and leadership for the tracking of vulnerability remediation SLAs and NRECA’s current threat landscape.
Performs risk assessments to leveraging vulnerabilities data to determine business risk.
Maintains technology infrastructure used to deliver vulnerability scanning, and web application assessment capabilities.
Assists with the build out and maintenance of infrastructure utilized for Red Team engagements.
Performs network and web application penetration testing and assist with remediation of identified vulnerabilities.
Performs validation testing of security vulnerabilities that have been remediated and evidence the results for closure.
Utilizes dynamic and static code analysis tools to assist application teams in applying application security best practices.
Performs periodic threat modeling to help improve enterprise security posture.
Effectively communicates findings and strategies to client stakeholders including technical staff, executive leadership, and legal counsel.
Maintains ongoing proficiency in network and application exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities and network security.
Assists in applying security controls (PCI-DSS, SOX, HIPAA, ISO, CSC) as well as web application security topics such as OWASP top 10, CWE top 25, and authentication infrastructure (SAML, OAuth).
Works closely with business and Information Technology Units to identify and understand applicable security requirements that relate to business and regulatory drivers.
Responsible for the proper security and disposal of any confidential information that he or she may possess in the course of performing this position’s job duties, in accordance with NRECA’s Personnel & Administrative Policy and HIPPA Privacy and Security Policies & Procedures Manuals.
Direct Reports to this Position: