Cyber Security Analyst II
Duluth, Minnesota
Full Time Entry-level / Junior USD 78K - 97K
ALLETE
ALLETE delivers affordable, reliable energy services in the Upper Midwest, owns a lignite mine in North Dakota and has investments in real estate and the America Transmission Co.ALLETE is headquartered in Duluth, Minnesota, on beautiful Lake Superior, and has operations throughout the United States. We invest in energy-centric businesses and transmission infrastructure. Our companies include clean-energy producers and developers, and regulated utilities that already deliver more than 50% renewable energy. Each of our businesses—Minnesota Power; Superior Water, Light & Power; ALLETE Clean Energy; New Energy Equity; ALLETE Renewable Resources; and BNI Energy—plays a unique and significant role in ALLETE’s sustainability-in-action strategy. Our culture drives excellence through our shared values of integrity, safety, people, and the planet.
ALLETE is seeking a Cyber Security Analyst II to join its Cyber Security & Compliance department to proactively and reactively defend ALLETE and its subsidiaries against evolving cyber threats. In this new position, you’ll have the exciting opportunity of first revamping the NERC-CIP-004 program, along with performing moderate ongoing maintenance on the revamped program. Outside of facilitating the NERC-CIP-004 program, this role will utilize and contribute to enterprise cyber security technologies including Application Control (AC), Endpoint Detection and Response (EDR/XDR), Security Information and Event Management (SIEM), Security Orchestration Automation and Response (SOAR), Open-Source Intelligence (OSINT), and more! When you join ALLETE’s Cyber Security & Compliance team as a Cyber Security Analyst II, you will work closely with cross-functional teams to ensure the confidentiality, integrity, and availability of data. Additionally, you will assist in promoting security awareness and ensuring users understand and follow necessary procedures to maintain cybersecurity.
RESPONSIBILITIES:
- Enhance and sustain Minnesota Power's NERC CIP-004 program by working closely with standard owners and Subject Matter Experts (SME) to ensure compliance and continuous improvement.
- This program includes Cyber Security Awareness Training (R1 & R2), Personnel Security Risk Assessment (R3) where you’ll work with SMEs, Access Management (R4, R5, R6).
- Conduct regular assessments across systems to identify and mitigate vulnerabilities before they can be exploited.
- Perform moderately complex tasks related to the security of information systems and data under moderate direction.
- Assess, recommend, monitor, and maintain standards, guidelines, and procedures to protect information systems and data, while minimizing security risks.
- Mitigate a variety of issues by recognizing potential threats and responding to reported security breaches.
- Analyze, recommend, and apply updates to procedures and systems to enhance information systems security.
- Facilitate security awareness education and training for all users.
- Support Information Technology compliance initiatives to ensure adherence to all regulatory standards.
- Conduct research and remain informed about emerging issues and technological advancements.
- Consistently enhance understanding of the organization, its processes, and customers while developing proficiency and skills within the discipline.
REQUIRED EDUCATION:
- Bachelor’s degree is required.
- Degree in Computer Science, Management Information Systems, Business Administration, Accounting, or Communications is preferred.
- Information Security certifications are preferred but not required.
REQUIRED EXPERIENCE:
- Four years or more job-related experience is required.*
*Experience should include technical experience in compliance and security or computer system analysis and/or technical support of computer information systems.
PREFERRED EXPERINECE:
- Technical experience in cyber security, enterprise architecture, programming, IT systems administration, or another IT technical field is strongly preferred.
- Project management and technical writing experience is preferred.
- Experience with one or more of the following is desired:
- NERC CIP or other regulatory standards
- Managing technical projects and technical writing
- Cyber security frameworks (MITRE, CIS, STIG, NIST)
- Security of cloud computing resources (Azure, AWS, GCP)
- Supporting identity governance and administration (IGA) through identity and access management (IAM)/role-based access control (RBAC) solutions
- Utilizing several enterprise cyber security technologies (EPP, EDR/XDR, SIEM, SOAR, Vulnerability Scanning and Management, Application Control, etc.)
- Windows and Linux OS architecture and security
- Operational technology (RTUs, HMIs, PLCs) and their security
- Image and container security
- Modern DevSecOps practices to support software and infrastructure lifecycles
SPECIAL REQUIREMENTS:
- This position may be considered for a hybrid work arrangement based on ALLETE’s needs. A Hybrid work arrangement means the employee's position will be a blend of work performed both in-person and at an offsite location such as an employee's home office. This position will report to Duluth, MN.
- This position is subject to NERC CIP (North American Electric Reliability Corporation - Critical Infrastructure Protection) standards.
- Strong interpersonal and communication skills required to establish and maintain positive working relationships.
- This position may be subject to assessment of skills, job match and/or aptitude.
BENEFITS:
- The expected annual compensation range for this position is $78,000 – $97,000. Compensation offered to the selected candidate will vary depending on relevant knowledge, skills, training, experience, and market conditions. Additionally, this position qualifies for a comprehensive benefits package, including an Incentive Program, Retirement Benefits, Medical, Dental & Vision Plans, Health Savings Account, Flexible Spending Account, Life Insurance, Disability, Tuition Reimbursement, Voluntary Benefits, Paid Absences, and more.
Employer will not sponsor Visas for position.
External applicants must apply online via www.allete.com/careers.
This job posting will be available for application until the position has been filled OR the posting close date noted herein, whichever date is earlier.
ALLETE is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, gender identity, sexual orientation, age, status as a protected veteran, among other things, or status as a qualified individual with disability.
If you are an individual with disabilities who needs accommodation or you are having difficulty using our website to apply for employment, please contact our Human Resources department at 218-723-7553.
EEO/AA/F/M/Vet/Disabled
Tags: Automation AWS Azure Cloud Compliance Computer Science DevSecOps EDR GCP Governance IAM Linux NERC CIP NIST OSINT Risk assessment SIEM SOAR Strategy Vulnerabilities Windows XDR
Perks/benefits: Equity / stock options Flex hours Flexible spending account Gear Health care Insurance
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.