Cyber Security Analyst

At ERCOT, our diverse and dynamic work environment provides a platform on which employees can work together to build the future of the Texas power grid and wholesale market utilizing the latest technologies and resources. We encourage you to join our talented, dedicated workforce to develop world-class solutions for today and tomorrow’s energy challenges while learning new skills and growing your career. ERCOT is committed to fostering inclusion at all levels of our company. It is the cornerstone of our corporate values of accountability, leadership, innovation, trust, and expertise. We know that individuals with a wide variety of talents, ideas, and experiences propel the innovation that drives our success. An inclusive and diverse workforce strengthens us and allows for a collaborative environment to solve the challenges that face our industry today and in the future. JOB SUMMARY Provides support in solving all phases of a large and complex Critical Infrastructure Security (CIS) program. Provides a full range of analytic duties using knowledge of multidisciplinary security concepts, principles and practices applicable to security administration. Responds to, and reports on, IT security incidents, providing initial assessment of impact severity and types of incidents being addressed. Performs periodic operating system and application security assessments of simple-to-moderate complexity and review for evidence of vulnerability or compromise and assisting with the implementation of resolution. Monitors computing resources for evidence of compromise and report security incidents. JOB DUTIES Level 2: Implements, monitors and maintains preventive and detective controls Monitors computing resources for evidence of compromise and report security incidents Analyzes compromised computing resources of routine to moderate complexity, to assist in improving security design and policy compliance, and to understand and document new threat profiles Develops and implements mitigation strategies for threat reduction based on monitoring of IT systems Researches, analyzes, designs, tests and implements new or vendor supplied security software solutions Provides up to date documentation and procedures on security software product administration Assists in the development of technical security standards to support policies, including creating, coordinating and monitoring standards and incident investigation procedures Works as a member of the Incident Response Team and perform analysis of security breaches Studies and grows current knowledge of security issues Supports the development, documentation, deployment, review and maintenance of information security policies Communicates information security requirements and principle Ensures compliance with security related regulatory and corporate requirements Uses software tools to gather system configuration information and vulnerabilities Promotes and delivers security-related material promoting security awareness. Maintains current knowledge of security trends, vulnerabilities, threats, and mitigation methods Produces and presents compelling security-related training content Creates and consistently delivers awareness material promoting security awareness Senior Level: All of the above tasks, and Implements, monitors and maintains preventive and detective controls Monitors computing resources for evidence of compromise and report security incidents Analyzes compromised computing resources of routine to moderate complexity, to assist in improving security design and policy compliance, and to understand and document new threat profiles Develops and implements mitigation strategies for threat reduction based on monitoring of IT systems Researches, analyzes, designs, tests and implements new or vendor supplied security software solutions Provides up to date documentation and procedures on security software product administration Assists in the development of technical security standards to support policies, including creating, coordinating and monitoring standards and incident investigation procedures Works as a member of the Incident Response Team and perform analysis of security breaches Studies and grows current knowledge of security issues Supports the development, documentation, deployment, review and maintenance of information security policies Communicates information security requirements and principle Ensures compliance with security related regulatory and corporate requirements Designs cyber security monitoring program, including technologies and processes Investigates and analyzes computing resources for evidence of compromise and reports security incidents Enforces security policies and procedures by administering and monitoring security profiles, reviews security violation reports and investigates possible security exceptions, updates, and maintains and documents security controls Functions as a member in the security group’s Incident Response Team Analyzes complex compromised computing resources to improve security design and policy compliance, and to anticipate and prevent new threat profiles Develops and defends new technical security standards to support policies, including creating, coordinating and monitoring standards and incident investigation procedures Performs periodic and complex operating system and application security assessments to determine the likelihood of vulnerability or compromise, and prepares possible resolutions for implementation Analyzes security breaches Expands expert knowledge of security issues Reports issues to the department personnel responsible for the resource Serves as a mentor for junior security teammates EXPERIENCE Level 2 Requirements: Minimum of two years (in excess of degree requirements stated above) of progressively responsible experience in IT analysis or IT security administration. Senior Level Requirements: Requires minimum 5 years related work experience in excess of degree requirements EDUCATION Bachelor's Degree : Cyber Security, Computer Science, MIS, or related discipline (Preferred) or a combination of education and experience that provides equivalent knowledge to a major in such fields is required CERTIFICATIONS CISSP Certified Information Systems Security Professional (Preferred) Other Preferred Certs: Security+, GSEC, GCIH, GCIA and or GREM Physical work location is Taylor, TX with a hybrid schedule of 2 days per week. The foregoing description reflects the minimum qualifications and the essential functions of the position that must be performed proficiently with or without reasonable accommodation for individuals with disabilities. It is not an exhaustive list of the duties expected to be performed, and management may, at its discretion, revise or require that other or different tasks be performed as assigned. This job description is not intended to create a contract of employment with ERCOT. Both ERCOT and the employee may exercise their employment-at-will rights at any time. #LI-DN ERCOT is firmly committed to equal employment for all qualified persons without regard to race, sex, medical condition, religion, age, creed, national origin, citizenship status, marital status, sexual orientation, physical or mental disability, ancestry, veteran status, genetic information or any other protected category under federal, state or local law. Expected Salary Range: $90,000 - $124,000 The Electric Reliability Council of Texas (ERCOT) manages the flow of electric power to 27 million Texas customers - representing about 90 percent of the state's electric load. As the independent system operator for the region, ERCOT schedules power on an electric grid that connects more than 54,100 miles of transmission lines and 1,250 generating units. ERCOT also performs financial settlement for the competitive wholesale bulk-power market and administers retail switching for 8 million premises in competitive choice areas. ERCOT is a membership-based 501(c)(4) nonprofit corporation, governed by a board of directors and subject to oversight by the Public Utility Commission of Texas and the Texas Legislature. ERCOT's members include consumers, cooperatives, generators, power marketers, retail electric providers, investor-owned electric utilities (transmission and distribution providers,) and municipal-owned electric utilities. ERCOT offers an excellent benefits package, which includes health, dental, vision, life insurance, long/short-term disability insurance, long-term care insurance, Section 125 Flexible Spending Account, and a Retirement Savings Plan. The medical, dental, vision, and quality-of-life benefits offered by ERCOT are second to none. Full-time employees are eligible to enroll in benefits on the first of the month following the date of hire. Additionally, 401(k) plans are available to help employees plan for the future. The ERCOT Internship Program provides college students the opportunity to develop their skills in a professional work environment. Each intern will receive unique projects and assignments that aim to solve real challenges facing the electric industry. ERCOT internships provide professional learning experiences that offer meaningful, practical work related to each student's desired career path. Eligible candidates should be enrolled in an academic bachelors or post graduate degree program maintaining a GPA of 3.0 or higher. The ERCOT Engineer Development Program (EDP) is a 12- to 16-month, self-paced program geared toward entry-level engineers looking to start a career in the power industry. Through the program, an EDP Engineer receives one-on-one mentoring, specialized training, and exposure to the work performed by each of the engineering groups at ERCOT. The program allows engineers to develop the fundamental skills necessary to reach their full potential while gaining an understanding of the types of engineering work ERCOT has to offer. EDP management supports participants each step of the way as they progress through the program. Upon completion, graduates are placed as full-time engineers within one of ERCOT’s engineering groups. The GMS Development Program (GDP) is designed to provide entry-level and early career professionals with the skills necessary to become successful Power System and Computer Engineers. The program, which is based in ERCOT’s Grid and Market Solutions (GMS) Department, will provide experience in day-to-day work and instruction in the fundamentals of electric power systems engineering, grid and market applications, software programming, and IT service and operations management. The GDP offers one-on-one mentoring, training, field trips, and special assignments. These assignments allow GDP engineers to become knowledgeable and familiar with the various business areas at ERCOT. The GMS leadership team prepares GDP engineers for a future career at ERCOT in power systems and computer engineering. The System Operator Development Program (ODP) is intended to combine real-time daily operations in an exciting work setting to prepare participants with the vital skills necessary to be successful in such a critical position — providing 24x7x365 on-demand support to manage the flow of electric power to more than 26 million Texas customers. If you are new to the industry, this program introduces you to the Bulk Electric System by combining introductory courses with the NERC Certification Exam Preparation Program in preparation to pass the NERC Certification Exam.