IT Security Engineer II or III

Equal Opportunity Employer/Veterans/Disabled

As of January 1 2023 Benton PUD will be including a full wage scale or salary range for positions under the salary section shown per the Engrossed Substitute Senate Bill 5761 that amends portions of the Equal Pay and Opportunity Act. Please see the target hiring range for this position under the Position Purpose/Summary section.

Protect Critical Infrastructure. Defend What Matters.
Full-Time Exempt Mid to Senior Level Growth Opportunity

Cyber threats are evolving. Critical infrastructure is increasingly targeted. At Benton PUD security isnt just an IT function its a public trust.

We are looking for a highly motivated technically elite IT Security Engineer who is passionate about cybersecurity IT/OT environments network architecture and physical security systems. This is a leadership-level role responsible for safeguarding essential services that power and support our community.

This is more than a job its a work alongside professionals who care deeply about protecting essential services and strengthening infrastructure that thousands rely on every day.

If youre a security professional who thrives on challenge takes ownership of risk mitigation and wants to help keep Benton PUD safe from emerging threats we encourage you to apply.

Join us. Protect what powers our community.

The primary purpose of this position is to support or lead the Districts cyber and physical security programs with a strong emphasis on Cybersecurity. This role is responsible for designing implementing and maintaining secure architectures that protect Benton PUDs IT OT and physical infrastructure. The IT Security Engineer II or III serves as a technical authority for enterprise security systems ensuring resiliency compliance and risk reduction across digital and physical environments including substations facilities networks systems and critical infrastructure; developing and carrying out information and physical security plans and policies.

1. Support the Districts mission to serve our customers and foster a positive workplace by personally choosing behavior aligned with our values and ethical code.
2. Monitor audit and execute security controls and tools to maintain network security by identifying potential security issues to include performing network security threat/impact assessments and scans recommending security measures installing and monitoring security devices and installing patches and updates as needed; lead mitigation efforts to remediate discovered security deficiencies.
3. Manage the risk of security exposure or compromise within District systems by providing awareness training on information security standards policies and best practices.
4. Participate as a key member of the Security Incident Response Team by leading investigations and incident response activities ensuring IR plan is followed and liaising with external support entities such as E-ISAC DHS PURMS etc. as appropriate.
5. Provide guidance and recommendations to ensure the security and resiliency of the converged IT/OT and physical security systems.
6. Ensure a resilient network infrastructure by supporting implementation and securing design principles in network infrastructure and helping establish and verify secure network components and secure communications channels as per design.
7. Establish and maintain logging monitoring alerting and threat-hunting capabilities across cyber and physical security platforms. Monitor and respond to notifications or indications of compromise.
8. Ensure resiliency of secure network authentication and access by supporting design and implementing appropriate encrypted communication methods.
9. Develop review and assist CISO in standards and policies for cybersecurity practices in both IT and OT environments working closely with other stakeholders and groups to build out best practices and manageable criteria for increasing security posture.
10. Oversee and technically manage enterprise physical security systems including access control systems (ACS) surveillance cameras intrusion detection duress/panic systems and emergency notification platforms.
11. Ensure the District achieves and maintains mandated compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) NERC CIP and PCI-DSS by supporting implementation of a comprehensive network security architecture and adhering to internal District security policies.
12. Perform vulnerability assessments security risk assessments system audits and penetration testing activities to test and audit existing or proposed systems networks functions or software: recommend changes in identified design gaps; and lead remediation or mitigation efforts.
13. Guide program improvement by performing annual security posture assessment and developing tasks and plans to increase posture based on findings and focus areas.
14. Respond to security threats and alerts during and after hours for the purpose of resolving immediate security concerns.
15. Oversee security-related incident reporting and response conduct after-action review direct investigations of all security-related incidents; demonstrate sound judgement in working with federal state and local law enforcement for potential criminal investigations.
16. Collaborate with internal departments utilities vendors and external agencies to enhance overall security posture and resilience.
17. Complete special projects and other duties as assigned to meet team department and organization goals.

1. Lead District efforts to achieve and maintain mandated compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) NERC CIP and PCI-DSS by designing and implementing a comprehensive network security architecture and adhering to internal District security policies.
2. Perform or lead vulnerability assessments security risk assessments system audits and penetration testing activities to test and audit existing or proposed systems networks functions or software: recommend changes in identified design gaps; and lead remediation or mitigation efforts.
3. Guide program improvement by leading annual security posture assessment and developing tasks and plans to increase posture based on findings and focus areas.
4. Lead investigations regarding suspected malware or phishing attacks and follow digital forensics best practices when handling potential evidence or sensitive information whose integrity must be maintained.
5. Respond to security threats and alerts during and after hours for the purpose of resolving immediate security concerns.

Education and Experience:
Required:

IT Security Engineer II

• BA/BS Computer Science Cyber Security or related field
• 3 to 4 years of experience in implementation theory and troubleshooting as a security engineer with a strong networking background.

• BA/BS Computer Science Cyber Security or related field
• 5 to 7 years of experience in implementation theory and troubleshooting as a security engineer with a strong networking background.

• In-depth knowledge in server operating systems (Linux Windows)
• In-depth experience with security testing (DoS XRSF XXS Brute Force)
• In-depth knowledge of a SIEM application
• In-depth knowledge of Network Management Software and Monitoring Tools
• In-depth knowledge of Data Loss Prevention Intrusion Detection and Intrusion Prevention
• In-depth knowledge of Automated security testing software
• In-depth knowledge of Forensic investigation and analysis

• Experience with network protocols and architectures (TCP/IP VLANs routing protocols DNS DHCP).
• Experience configuring maintaining and securing enterprise networking equipment and firewalls.

• Knowledge of electronic and mechanical physical security systems including access control video surveillance intrusion detection and audit logging.
• Experience integrating physical security platforms with IT and cybersecurity monitoring systems.
• Knowledge of risk vulnerability and threat assessment methodologies.

• Strong problem-solving skills to effectively research investigate and offer solutions to issues that are more complex and difficult in nature
• Good verbal and written communication skills with the ability to communicate security-related concepts to a broad range of technical and non-technical staff to include leadership
• Ability to stay current with technology and apply training and experience to real world problems
• Highly motivated and independent strategist capable of creating and implementing comprehensive security policies

• Attendance:Consistent need to attend work at the job site or work location. Frequent or constant need for punctuality.
• Physical Effort:Most all of the time is spent sitting in the same position or standing/walking or there is some requirement to lift or handle material or equipment of moderate weight (8 - 20 pounds sometimes more).
• Environment:Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.
• Hazards:Most of the time is spent in general office or equivalent conditions.
• Sensory Attention:Typically requires regular use of one or more senses of medium intensity and long duration.
• Job Pressure/Deadline Orientation:Must meet reasonable deadlines quotas or demands for accuracy and/or may be involved in some mildly unpleasant situations.

Applications may be filed online at:

Questions

Contact Amber Melling via phone at or email