Get Into Energy Jobs

Job Information

Entergy Information Security Engineer III in The Woodlands, Texas

Information Security Engineer III

Date: Jun 4, 2024

Location: The Woodlands, Texas, United States

Company: Entergy

Work Place Flexibility: Hybrid

Legal Entity: Entergy Services, LLC

* These positions may be filled in any city within Entergy's service territory, The Woodlands Tx or New Orleans LA preferred *

Brief Position Description

The OT Cyber Security team executes and/or oversees the activities required to secure Entergy’s critical systems and assets as well as meet or exceed Entergy’s commitment and obligation to the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards. This position is expected to have operational experience in areas of information technology, operational technology, and cyber security, with experience working in electrical power, professional auditing, and risk-based compliance processes preferred. Engineers are accountable to perform daily assigned activities, escalate issues identified while performing daily activities, and identification and implementation of process improvement opportunities, while ensuring Entergy can demonstrate compliance with the NERC CIP requirements.

Key responsibilities include:

  • Ensure OT cyber assets meet or exceed regulatory requirements and industry best practices

  • For OT environments, responsible for ensuring security and compliance with relevant regulatory compliance requirements (e.g. North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP), etc. Including but not limited to:

  • Configuration Baselines and monitoring

  • Electronic Security Perimeters (ESP)

  • Asset inventory and classification

  • Commissioning new assets including substations, control centers, data centers

  • Security monitoring, logging, and alerting

  • Malware prevention and vulnerability management

  • Transient cyber asset protections

  • Security Patch Management

  • Daily reconciliation of configuration baseline changes against change authorizations to detect unauthorized deviations.

  • Level I triage of detected cybersecurity logging failures. Collaborate with asset owners/stakeholders regarding cyber assets that have failed logging.

  • Maintenance of cyber asset inventory information for accuracy.

  • Facilitate change management reviews, task completion, and evidence corresponding work.

  • Monitor systems for non-compliance with standards and escalate to appropriate members of leadership.

  • Support change management initiatives and weekly activities, including security assessments and Change Advisory Board review and approvals

  • Participate in disaster recovery planning, preparation and testing.

  • Support other departmental initiatives such as vulnerability assessments, penetration testing, internal assessments/tiger teams, or as stakeholders in other teams capital projects

  • Be an active member in preparation for required audits

  • Participate in audit interviews as directed by leadership

  • Identify and Implement improvement opportunities including automation, tool configuration, and process changes.

  • Support department projects, such as new hardware deployments, software upgrades, capability enhancements, etc.

  • Expand services provided as directed by leadership.

  • Other duties as required

Education Needed

  • Degree: Bachelor’s degree preferred

  • Certification/License: Cybersecurity certification preferred (e.g. CISSP, CISA, CRISC, etc.)

Experiences Needed

  • Minimum Years of Experience: 5+ 2+ years of technical experience in data collection and analysis.

  • 2+ years of experience in Cyber Security; preferred domains include Baseline Configuration Monitoring, Backup & Recovery, Change Management Oversight, Reuse & Disposal, NERC CIP, NIST CSF, Security Controls planning and/or auditing, security monitoring and analysis.

  • Experience with OT environments preferred.

  • Communication Skills: Excellent

Base Competencies:

  • Expert knowledge of PC, presentation, word processing and analytical software

  • Strong data collection and analysis skills

  • Strong ability to work in cross-functional teams

  • Strong problem solving skills

  • Experience working in an on-call team rotation preferred

  • Strong organizational and time management skills

  • Strong understanding of regulatory and compliance requirements; NERC CIP and/or SOX preferred

  • Expert understanding of cyber security principles

  • Strong skills and experience in cyber security technical competencies (e.g. security tools, processes, etc.)

  • Continuous Improvement mindset. Can develop or proposes automation and/or process improvement, when directed, to improve efficiencies.

Job Specific Experiences/Competencies Desired:

  • Deep understanding of configuration monitoring tools and processes (e.g. Tripwire, Industrial Defender, etc.)

  • Understanding of NERC CIP Standards

  • Understanding of security impacts of other regulations (NRC 10 CFR 73.54, SOX, HIPAA, etc.)

  • Knowledge of security, risk, and control frameworks, standards, and best practices such as ISO 27001 and 27002, SANS-CAG, ITIL, NIST CSF, NIST 800-53, C2M2, etc.)

  • Understanding of multiple cyber security domains, such as:

  • Asset, Change, and Configuration Management

  • Threat and Vulnerability Management

  • Risk Management

  • Identity and Access Management

  • Situational Awareness

  • Incident Response and Continuity of Operations

  • Third-Party Risk Management

  • Cybersecurity Architecture

  • Cybersecurity Program Management

  • Understanding of SIEM, vulnerability detection/management, and malicious software prevention technologies such as Splunk, Tripwire, Symantec, BeyondTrust, Dragos, Nessus, Qualys, etc.

  • Knowledge of multiple OS and platforms (e.g. Windows, Linux, UNIX, Cisco iOS, Checkpoint GAIA, etc.)

  • Understanding of current cyber security trends and best practices in technology, as well as monitoring best practices and tools

  • Hands-on technical engineering and process management skills and the ability to advocate positive transformation within the broader information technology organization

  • Knowledge with scripting languages such as Perl or Python

  • Experience working with outsourced teams

  • Ability to work effectively with team members and with customers

  • Strong organizational and time management skills

  • Commitment to customer service with strong oral and written communication skills

  • Available to travel up to 25%

  • Self-motivated, with ability to manage and follow-up on multiple tasks simultaneously.

  • Capable of meeting deadlines

#LI-SB1

#LI-HYBRID

Primary Location: Texas-The Woodlands Arkansas : Little Rock || Louisiana : New Orleans || Mississippi : Jackson || Texas : The Woodlands

Job Function : Information Technology

FLSA Status : Professional

Relocation Option: No Relocation Offered

Union description/code : NON BARGAINING UNIT

Number of Openings : 1

Req ID: 114935

Travel Percentage :Up to 25%

An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please clickhere (https://jobs.entergy.com/content/EEO/?locale=en_US) to view the EEI page, or see statements below.

EEO Statement: The Entergy System of Companies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a protected veteran in accordance with applicable federal, state and local laws. The Entergy System of Companies complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment including, but not limited to, recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

The Entergy System of Companies expressly prohibits any form of unlawful employee harassment based on race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of the Entergy System of Company employees to perform their expected job duties is absolutely not tolerated.

Accessibility: Entergy provides reasonable accommodations for online applicants. Requests for a reasonable accommodation may be made orally or in writing by an applicant, employee, or third party on his or her behalf. If you are an individual with a disability and you are in need of an accommodation for the recruiting process please click here (humanr@entergy.com?subject=Accessibility) and provide your name, contact number, the accommodation requested and the requisition number that you are requesting the accommodation for. Employee Services will contact you regarding your request.

Additional Responsibilities: As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

Entergy Pay Transparency Policy Statement: The Entergy System of Companies (the Company) will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company’s legal duty to furnish information. 41 CFR 60-1.35(c). Equal Opportunity (https://www.dol.gov/agencies/ofccp/manual/fccm/2l-equal-opportunity-clauses-and-other-requirements/2l00-equal-opportunity) and Pay Transparency (https://www.dol.gov/sites/dolgov/files/OFCCP/pdf/pay-transp_%20English_formattedESQA508c.pdf) .

Pay Transparency Notice:

Pay Transparency Nondiscrimination Provision (dol.gov) (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf)

The non-confidential portions of the affirmative action program for individuals with disabilities and protected veterans shall be available for inspection upon request by any employee or applicant for employment. Please contact HRCompliance@entergy.com to schedule a time to review the affirmative action plan during regular office hours.

WORKING CONDITIONS:

As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

Please note: Authorization to work in the United States is a precondition to employment in this position. Entergy will not sponsor candidates for work visas for this position.

Job Segment: Cyber Security, Information Security, Compliance, Testing, Risk Management, Security, Technology, Legal, Finance

DirectEmployers