LosAngelesRecruiter Since 2001
the smart solution for Los Angeles jobs

DevSecOps Domain Engineer III Cybersecurity Engineering

Company: SoCalGas
Location: Los Angeles
Posted on: January 16, 2022

Job Description:

The Domain Engineer III - Cybersecurity supports cybersecurity capabilities with emphasis on detecting and reducing risk within organization. Identifies and mitigates risks in technology systems. As a specialist in security techniques, provides visibility across enterprise technology landscape to identify, assess and recommend risk mitigation tasks.

Responsibilities:

  • Identifies enterprise-level cybersecurity threats and risks with teams monitoring operational tools in order to reduce risks and vulnerabilities to enterprise. Supports design and evaluating cybersecurity technology and technology tools according to delivery framework for business-critical functional areas, providing expertise and insight to mitigate cybersecurity risk and propose controls. Supports product teams with operational oversight and cybersecurity engineering consulting. Contributes to development of relevant applications and systems. Mitigates risk by integrating cybersecurity earlier in development lifecycle, embracing a continuous monitoring approach in parallel with product teams. Writes documentation for implementations of cybersecurity systems or technology, documenting process and contributing to reports on potential enhancements and proposed controls.
  • Evaluates needed technical capabilities and assists in selection of cybersecurity technology (systems, platforms, or networks) with an emphasis on automation to enable strategic capabilities, including risk assessments and process reviews. A capability is a function or service primarily focused on setting enterprise standards or directions and/or running reliable business as usual operations (e.g. a cross[1]product team such as Quality Assurance or Compliance). Contributes to recommendations to mitigate identified risks. Consults with other teams to provide cybersecurity input regarding system, platform or network enhancements for greater risk mitigation. Partners with other engineers and architects to document cybersecurity impacts are meet performance needs. Provides insights for delivery teams to support adherence to operating company standards and policies.
  • Performs analysis and assessment of cybersecurity related capabilities, ensuring adequate performance, risk assessment, and capacity management. Supports maintenance of cybersecurity systems and related technology tools.
  • Delivers work in accordance with an agile mindset (a mentality supporting new ways of working emphasizing incremental delivery, value prioritization, often using scrum process). Assists in incremental value creation and business agility, adopting scrum or kanban methodologies as appropriate to their team. Kanban and scrum are frameworks used for organizing work in an agile way, focused on managing the flow of knowledge and operational work and driving continuous improvement for a team.
  • Performs other duties as assigned (no more than 5% of duties).Requirements:
    Bachelor's Degree Information Systems, Software Engineering, Computer Science, related field or equivalent training and/or experience. Required

    4 years - Progressive experience working within IT and/or enterprise cybersecurity with experience in cybersecurity process, risk assessments, and troubleshooting of systems. Required

    2 years - Experience working with cybersecurity and technology, with experience in endpoint security, network security, risk management, and/or application security. Significant experience performing vulnerability assessments and/or remediating security vulnerabilities, and developing security capabilities. Required

    4 years - Experience with National Institute of Standards and Technology (NIIST) Cybersecurity Framework (CSF) or Risk Management Framework (RMF) such NIST 800-53 Preferred

    2 years - Experience with hands-on development and programming of software and systems. Preferred

    Knowledge, Skills and Abilities:
    Required: Cybersecurity Acumen - Knowledge of cybersecurity design and architecture (application, data, and technical) with understanding of how systems and processes work together as aligned to business and IT imperatives Intermediate

    Cybersecurity Engineering - Ability to deliver holistic support to secure systems, identifying threats and vulnerabilities in systems and applications, creating security applications and solutions, designing for resiliency and security to enhance security capabilities protecting data from theft, compromise or attack. Intermediate

    Cybersecurity Risk Assessment - Ability to evaluate existing systems and solutions for security risk and vulnerabilities, designing solutions and systems that provide quality and traceability of risk data and analytics to inform security recommendations. Intermediate

    Application Security - Ability to define and operate secure application programs, as well as perform security reviews and tests of applications to meet security and compliance requirements while minimizing the risks of losses through exploitable security defects in applications. Beginner

    Vulnerability Management - Ability to perform security reviews and tests to meet security and compliance requirements while effectively minimizing the risks of losses through exploitable security vulnerability. Beginner

    DevSecOps Practices - Strong understanding of automation and security concepts and processes (e.g., test automation, code coverage, DevSecOps, Continuous Integration / Continuous Delivery (CI/CD) pipelines, etc.), and ability to drive the integration of development, operations, and security into enterprise software development. Beginner

    Identity and Access Management - Knowledge related to design and delivery of solutions for establishing user, applications and device credentials and processes for applying those credentials to access enterprise systems and applications. Beginner

    Network Security Skills - Ability to deliver network security services through preventing unauthorized access to network resources (data and voice systems), managing network security related incidents and providing on[1]going services to maintain network security operations functions (firewall, DNZ, corporate LANs, etc.). Beginner

    Knowledge, Skills and Abilities Description Proficiency Development Languages - Knowledge and understanding of one or more IT programming languages and database architectures, and ability to write code and develop applications using those languages. Intermediate

    Preferred: Software Delivery Frameworks - Strong knowledge of delivery frameworks such as Agile Scrum, Kanban, and/or Software Development Lifecycle (SDLC); proven ability executing projects in a collaborative, fast paced environment. Intermediate

    IT Service Management - Ability to manage IT services lifecycle (service strategy, design, transition, operation, continuous service improvement) and use DevOps methodology and tools to analyze results Intermediate

    Licenses and Certifications: CompTIA Security+, Global Information Assurance Certification (GIAC) or GIAC Security Essentials (GSEC) Preferred

    Other Qualifications:
    May require work outside of normal business hours and/or 24/7 response availability for system and application maintenance, enhancements, production releases and/or operational emergencies.

    Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled

Keywords: SoCalGas, Los Angeles , DevSecOps Domain Engineer III Cybersecurity Engineering, Engineering , Los Angeles, California

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Get the latest California jobs by following @recnetCA on Twitter!

Los Angeles RSS job feeds