LosAngelesRecruiter Since 2001
the smart solution for Los Angeles jobs

DevSecOps / Sr Domain Engineer - Cybersecurity

Company: SoCalGas
Location: Los Angeles
Posted on: November 23, 2021

Job Description:

Primary PurposeThe Senior Domain Engineer - Cybersecurity runs cybersecurity capabilities with emphasis on detecting, responding and preventing cybersecurity incidents within the organization. Assesses risk and identifies mitigations. As a specialist in security techniques, provides visibility across the enterprise technology landscape to identify, assess and recommend risk mitigation tasks. Handles complex long-term initiatives in area of expertise, collaborating with multiple teams and stakeholders to developimproved cybersecurity technology and processes with a focus on continuous improvement.Responsibilities:

  • Identifies and prioritizes enterprise level cybersecurity threats and risks with leadership, monitoring operational tools in order to reduce risks and vulnerabilities to the enterprise. Designs and evaluates related cybersecurity technology and technology tools according to delivery framework for business critical functional areas, to remediate cybersecurity risk. Ensures cybersecurity presence throughout development life cycles, supporting product teams with operational oversight and cybersecurity engineering consulting. Leverages DevSecOps expertise to enhance continuous monitoring by integrating security practices with product teams. Creates processes and templates for cybersecurity related implementations, focused on risk mitigation. Creates and maintains appropriate documentation for cybersecurity initiatives
  • Evaluates current state processes and drives selection of cybersecurity technology (systems, platforms, or networks) with an emphasis on automation to enable strategic capabilities. Analyzes new technology to identify and mitigate risks, leading efforts to define recommendations for security optimization. Proactively develops new security engineering capabilities that align with business needs, enterprise controls, and overall risk strategy. Develops procedures, processes and guidelines for implementing security controls, and technical assessments while co-creating with engineering and architecture teams for greater alignment. Provides insights for delivery teams to support adherence to operating company standards and policies. Provides expertise for system, platform or network cybersecurity enhancements for delivery teams to support greater risk mitigation.
  • Participates in analysis, diagnosis and assessment of cybersecurity related capabilities (systems, platforms, or networks), ensuring adequate performance, risk management, and capacity management. Conducts maintenance support for cybersecurity applications and related technology tools.
  • Delivers work in accordance with an agile mindset. Agile is a methodology supporting new ways of working emphasizing incremental delivery, value prioritization, often using scrum process. Assists in incremental value creation and business agility, adopting scrum or kanban methodologies as appropriate to their team. Kanban and scrum are frameworks used for organizing work in an agile way, focused on managing the flow of knowledge and operational work and driving continuous improvement for a team. Mentors less experienced technology staff on cybersecurity knowledge best practices, procedures, and processes.
  • Performs other duties as assigned (no more than 5% of duties).Education:Bachelor's Degree Information Systems, Software Engineering, Computer Science, related field or equivalent training and/or experience. RequiredExperience:
    • 5 years - Progressive experience working within IT and/or enterprise cybersecurity with experience in cybersecurity process, risk assessments, and troubleshooting of systems. Required
    • 3 years- Experience working with cybersecurity and technology, with experience in endpoint security, network security, risk management, and/or application security. Significant experience performing vulnerability assessments and/or remediating security vulnerabilities, and developing security capabilities. Required
    • 5- Experience with National Institute of Standards and Technology (NIIST) Cybersecurity Framework (CSF) or Risk Management Framework (RMF) such NIST 800-53. Preferred
    • 3 years- Experience with hands-on development and programming of software and system Preferred
    • Experience with Operations Technology (OT)/Industrial Control Systems (ICS) such as securing Supervisory Control And Data Acquisition (SCADA), Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), Intelligent Electric Devices (IEDs), and Human Machine Interfaces (HMIs). Preferred
    • Experience with DevSecOps Practices Continuous Integration / Continuous Delivery (CI/CD) pipelines, etc.), and ability to drive the integration of development, operations, and security into enterprise software development- PreferredSkills and Abilities:
      • Cybersecurity Acumen - Knowledge of cybersecurity design and architecture (application, data, and technical) with understanding of how systems and processes work together as aligned to business and IT imperatives Advanced
      • Cybersecurity Engineering - Ability to deliver holistic support to secure systems, identifying threats and vulnerabilities in systems and applications, creating security applications and solutions, designing for resiliency and security to enhance security capabilities protecting data from theft, compromise or attack. Advanced
      • Cybersecurity Risk Assessment - Ability to evaluate existing systems and solutions for security risk and vulnerabilities, designing solutions and systems that provide quality and traceability of risk data and analytics to inform security recommendations. Advanced
      • Application Security - Ability to define and operate secure application programs, as well as perform security reviews and tests of applications to meet security and compliance requirements while minimizing the risks of losses through exploitable security defects in applications. Intermediate Vulnerability Management - Ability to perform security reviews and tests to meet security and compliance requirements while effectively minimizing the risks of losses through exploitable security vulnerability. Intermediate
      • Network Security Skills - Ability to deliver network security services through preventing unauthorized access to network resources (data and voice systems), managing network security related incidents and providing ongoing services to maintain network security operations functions (firewall, DNZ, corporate LANs, etc.). Intermediate
      • Identity and Access Management - Knowledge related to design and delivery of solutions for establishing user, applications and device credentials and processes for applying those credentials to access enterprise systems and applications. Intermediate
      • Development Languages - Knowledge and understanding of one or more IT programming languages and database architectures, and ability to write code and develop applications using those languages. Intermediate Preferred:
      • DevSecOps Practices - Strong understanding of automation and security concepts and processes (e.g., test automation, code coverage, DevSecOps, Continuous Integration / Continuous Delivery (CI/CD) pipelines, etc.), and ability to drive the integration of development, operations, and security into enterprise software development. Intermediate
      • Software Delivery Frameworks - Strong knowledge of delivery frameworks such as Agile Scrum, Kanban, and/or Software Development Lifecycle (SDLC); proven ability executing projects in a collaborative, fast paced environment. Intermediate
      • IT Service Management - Ability to manage IT services lifecycle (service strategy, design, transition, operation, continuous service improvement) and use DevOps methodology and tools to analyze results IntermediateInternal/ External VerbiageNOTE: This position can be filled at a different level based on the final scope of job responsibilities and job requirements.Southern California Gas Company is an EEO/AA EmployerEqual Opportunity Employer Minorities/Women/Protected Veterans/Disabled

Keywords: SoCalGas, Los Angeles , DevSecOps / Sr Domain Engineer - Cybersecurity, Engineering , Los Angeles, California

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest California jobs by following @recnetCA on Twitter!

Los Angeles RSS job feeds