Portland General Electric Cyber Security Operations Analyst / Senior Cyber Security Operations Analyst – Vulnerability Management in Portland, Oregon
This is an exciting time to join Portland General Electric. As Oregon’s largest electric utility, Portland General Electric is leading an energy transformation that will harness the power of clean and renewable resources. Our vision for a clean energy future relies on three interrelated and overarching strategies: de-carbonize through investing in clean and reliable energy; modernize through a smarter more resilient grid; and empower our customers in their energy technology choices.
We’re searching for innovative, customer and results-obsessed leaders to help power our mission and lead the way in championing the world’s clean energy future!
This role is posted at two levels.
Cyber Security Operations Analyst / Senior Cyber Security Operations Analyst – Vulnerability Management
In this role, you will have the unique opportunity to join our Cyber Security Team!
You will be part of the team that is responsible for enterprise security vulnerability management. This role will include: tool implementation, monitoring, security controls testing & assessments, configuration management. You will implement and analyze enterprise vulnerability activities required for security mitigation. You may have responsibility for adherence to corporate cyber security program, so we continue to mature our security program.
Cyber Security Operations Analyst
Information Security - Performs security risk, vulnerability assessments and business impact analysis for medium complexity information systems. Explains the purpose of and provides advice and guidance on the application and operation of elementary physical, procedural and technical security controls. Investigates suspected attacks and manages security incidents. Uses forensics where appropriate.
Incident Response - Responds to and records security breaches and action taken. Identifies registers and categorizes incidents. Gathers information to enable incident resolution and promptly allocates incidents as appropriate. Maintains records and advises relevant persons of actions taken.
IT Architecture - Provides technical expertise to enable the correct application of operational procedures. Uses network and security management tools to determine network load and performance statistics. Contributes to planning and implementing maintenance and installation work. Implements agreed network and security changes and maintenance routines. Identifies operational problems and contributes to their resolution, checking that they are managed in accordance with agreed standards and procedures. Provides reports and proposals for improvement to analysts, users and managers.
Applications Support - Identifies and resolves issues with applications. Uses application management software and tools to collect agreed performance statistics. Carries out agreed application maintenance tasks
Critical Infrastructure Compliance - Drafts and maintains procedures for compliance with relevant legislation. Maintains an inventory of information assets, which are subject to relevant legislation. Collects information and compliance documentation for submission to the relevant regulatory authorities.
Education / Experience / Certifications
Typically requires a bachelor’s degree in Cyber Security, Computer Science or other Information Technology related field or equivalent experience.
Typically, five or more years in information systems, computer programing, cyber security, information assurance/security or related field.
Preferred: GSEC/CCNA Security/GCFE
Senior Cyber Security Operations Analyst
Information Security: Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Investigates major breaches of security and recommends appropriate control improvements. Contributes to development of information security policy, standards and guidelines.
Incident Response: Investigates suspected attacks and manages security incidents. Uses forensics where appropriate. Prioritizes and diagnoses incidents according to agreed procedures. Investigates causes of incidents and seeks resolution. Escalates unresolved incidents. Facilitates recovery, following resolution of incidents. Documents and closes resolved incidents according to agreed procedures.
IT Architecture: Leads or consults with other Cyber Security Analysts to enable the correct application of operational procedures using network and security management tools to determine network load and performance statistics. Plans and implements maintenance and installation work for network and security changes and maintenance routines. Identifies and resolves operational problems. Oversees development of reports and proposals for operational improvements.
Applications Support: Maintains application support processes and checks that all requests for support are dealt with according to agreed procedures. Uses application management software and tools to investigate issues, collect performance statistics and create reports.
Critical Infrastructure Compliance: Determines need for, drafts and maintains the standards and procedures for compliance with relevant legislation. Makes business decisions based on that information, including the need to make changes to systems. Reviews proposals for new digital initiatives and provides analyst advice on information management, including advice on and promotion of collaborative working and assessment and management of information- related risk. Creates and maintains an inventory of information assets, which are subject to relevant legislation. Prepares reviews and submits periodic compliance reports to the relevant regulatory authorities.
Requires a bachelor’s degree in Cyber Security, Computer Science or other Information Technology related field or equivalent experience.
Typically, eight or more years in information systems, computer programming, cyber security, information assurance/security or related field.
Intermediate (Mid-Level) / Advanced (Senior Level) knowledge of the following Functional Competencies:
Principles, methods and tools for assessing vulnerabilities and developing, or recommending, appropriate mitigation countermeasures.
Principles, practices, methods, technology and tools for securing personnel, facilities and information.
Forensic investigative techniques.
Surveillance and counter-surveillance techniques, policies, and laws, including overt and covert methods and electronic, optical, and video surveillance methods and tools.
Laws, rules and regulations about Critical Infrastructure Protection (CIP).
Join us today and power your potential!
To be considered for this position, please complete the following employment application by the posting close date. A cover letter may be needed with your application to be considered for this position.
PGE believes in rewarding strong performance. We provide a total compensation package that is designed to reward your contributions to the company, and, at the same time, support your well-being and professional development, both now and into the future.
PGE is committed to diversity and inclusion in the workplace and is an equal opportunity employer. PGE will not discriminate against any employee or applicant for employment based on race, color, national origin, gender, gender identity, sexual orientation, age, religion, disability, protected veteran status, or other characteristics protected by law.
Assisting with storms or other Company emergencies is a part of all positions at Portland General Electric.
Talent Acquisition Contact:
This job posting will close at 12:01 am Pacific Time on the closing date listed below:
At Portland General Electric, we’re innovators, builders, and achievers. We’re committed to powering our customers’ potential and making a difference for our community and the planet. Today, that commitment includes developing an intelligent and resilient electric grid, electrifying transportation and de-carbonizing the energy sector.
We’re proud to deliver an exceptional experience to help our customers thrive. Our mission is to make clean, reliable and affordable energy services available to all. We obsess over serving customers and are committed to growing employee career paths with purpose. Equity and inclusion are core business values; we celebrate our differences and are committed to developing teams that reflect the communities we serve.