UNS Energy Corporation IT Security Engineer in Tucson, Arizona
UNS Energy Corporation, headquartered in Tucson, Arizona, is a subsidiary of Fortis Inc., the largest investor-owned electric and gas distribution utility in Canada. UNS Energy Corporation’s public utility subsidiaries, Tucson Electric Power Company, UNS Electric, Inc. and UNS Gas, Inc., provide electric and gas service to customers in southern and northern Arizona. For more information about UNS Energy Corporation, visit http://www.uns.com.
Tucson Electric Power provides safe, reliable electric service to approximately 414,000 customers in Southern Arizona. Although our company has been in business for more than 120 years, we continue to look for innovative ways of providing value, comfort, convenience and security to our customers every day. We’re evaluating cutting-edge energy technologies, reshaping our energy portfolio and expanding our renewable power and energy-efficiency programs. While our line of work can be challenging, it can also be rewarding. Our team of dedicated professional’s values engagement, enthusiasm, innovation and collaboration.
In return, TEP offers a competitive compensation and benefits package that includes a 401k plan with a generous company match, a company-sponsored pension plan, tuition reimbursement, life insurance, long-term disability insurance and much more.
We are currently seeking a talented individual for the position of IT Security Engineer. The successful candidate will be responsible for the architecture, design, engineering, planning, testing, and implementation of regulatory requirements and industry-wide accepted information security principles, practices, and information systems to ensure the protection of information assets processed, stored, or transmitted at UNS Energy Corporation. Evaluate the effectiveness of information security solutions and processes in place, keeping in mind the state of world events. Monitor for and identify security risks and exposures, determine the causes of security violations, assess, and implement procedures to halt future incidents. Understand and provide assistance to system users relative to information systems security matters. Participates in a team environment that provides cost-effective IT security services to the various business units. Works closely with other areas to insure optimum reliability and cohesiveness.
- Evaluate, design, implement, and support IT security systems for all data networks.
- Defines and communicates security strategy, architecture, standards, and technical requirements.
- Evaluates new and emerging security technologies, features, and products to determine their application in the protection of company information and assets.
- Documents logical architecture of the IT security systems.
- Defines and follows standards and procedures for IT security systems, their constituent devices and interfaces.
- Works closely with security operations teams, in a senior level capacity, to support design of secure infrastructure. Works with cross-functional Security Incident Response Team as needed.
- Performs security analysis, including architecture review, baselines, vulnerability assessments, and risk assessments to proactively identify security risks and exposures.
- Monitors security events across the network and ensures alerting and resolution of security issues and threats.
- Ensures change control processes are followed and service levels affected by those changes are maintained.
- Works with internal and external project managers to complete projects and efforts on time.
- Leads or participates in IT projects to provide information security expertise, guidance, or training.
- Works with internal and external auditors to implement technical aspects of regulatory/compliance/privacy controls, such as Sarbanes-Oxley, NERC CIP, HIPAA, and PCI DSS.
- Works with Human Resources and Legal to provide support for sensitive investigations or litigation holds.
Knowledge is expected in the following disciplines:
- Authentication and Access Control Tools, Management and Administration
- Anti-Virus, Spam and Malware Tools, Management and Administration
- Application Security Architecture & Cloud Computing Concepts
- Change & Security Configuration Audit and Control
- Encryption Processes, Management and Administration
- Firewall Management and Administration
- Hardware/Software Security Testing and Evaluation
- Identity and Access Management
- Intrusion Detection/Prevention
- Incident Response Practices and Procedures
- Computer Forensic Practices and Procedures
- Layer 2 and 3 routing and switching protocols (TCP/UDP, IPv4, IPv6, OSPF, etc.)
- Security Information & Event Management (SIEM) and Logging
- Scripting Languages, such as PowerShell or Python
- VOIP Technology Security
- VPN’s (Virtual Private Networks) and SSL
- Vulnerability Assessment Practices/Technology (i.e. Operating Systems, Network, Application, Database, and Web)
- Wireless Security Infrastructure
- Security Industry Standards, such as CIS, ISO, NIST & FISMA
- Regulatory Requirements of NERC CIP, SOX, HIPAA, PCI DSS and other applicable regulations
- Information Security Awareness Programs and Communications
- Information Security Policy and Standards
- Information Security Risk Assessment
- This position may provide services to affiliates of the Company subject to the UNS Energy Code of Conduct and the related Policies and Procedures.
Knowledge, Skills & Abilities
(Equivalent combination of education and experience will be considered.)
*IT Security Engineer *
*Minimum Qualifications *
- Requires industry certifications (e.g. GIAC, CISSP, CEH) or equivalent experience of seven or more years in Information Security.
- Effective written and oral communication skills are required plus a willingness to learn in a rapidly changing environment.
- Provide mentoring and guidance to junior members of the team.
- Experience leading IT security engineering projects and initiatives.
- Experience in completing projects and providing strategic direction on how the IT systems infrastructure should evolve.
- Strong ability to document engineering designs in Microsoft Visio.
- Bachelor’s degree in Information Security, Management Information Systems, Computer Science, or related field.
- Individual is considered at full proficiency in the information security field and a leader on the security team.
- Works with other IS groups to ensure the understanding and coordination of effective results.
- Ensures that information security standards and practices are understood and consistently applied.
*IT Security Engineer Senior *
*Minimum Qualifications *
- Requires all minimum qualifications for an IT Security Engineer.
- Requires self-direction and the ability to work with vendors on creating statements of work and completing that work.
- Experience leading IT security engineering projects with emphasis on project management methodologies.
- Experience in creating and managing project budgets.
- Experience in providing strategic direction on how the IT security infrastructure is engineered to meet business needs.
- Master’s degree in Information Security, Management Information Systems, Computer Science, or related field.
- Eight or more years of experience in Information Security.
- Visionary that is proficient at all required information security aspects and helps others to become more proficient.
Company: Tucson Electric Power
Location: Tucson, AZ
Job Category: Information Technology
Position Type: Unclassified