Operational Technology Cyber Security Analyst

Requisition ID: 18887

 

Join us in building a better future for Arizona!

SRP is one of the largest public power and water utilities in the U.S. providing electricity to approximately one million customers in the greater metropolitan Phoenix area. Since its founding in 1903, SRP has fostered a culture of stewardship and customer service consistently ranking as an industry leader in customer service according to J.D. Power and named one of Arizona's best employers by Forbes. SRP continues to adapt to its changing business environment by seeking innovative ways to reimagine utility service and the provision of critical resources essential to the life and economy of Arizona.

 

Why Work at SRP

At SRP, we foster an inclusive work environment and believe everyone should have a fair chance to work, regardless of who they are. That’s why we value teams with diverse perspectives, experiences, and backgrounds to help SRP deliver on its mission of providing reliable, affordable and sustainable water and power.

 

SRP's success is rooted in our employees' happiness, health, and safety. That's why we offer a comprehensive benefits package to meet the needs of our employees and enhance their well-being. In addition to competitive pay and performance incentives, eligible employees can take advantage of the following benefits:

 

• Pension Plan (at no cost to the employee)
• 401(k) plan with employer matching
• Available your first day: Medical, vision, dental, and life insurance
• Over 200+ hours of PTO (includes vacation days, holidays, floating holidays, and sick leave)
• Parental leave (up to 4 weeks) and adoption assistance
• Wellness programs (including access to a recreation and fitness facility)
• Short and long-term disability plans
• Tuition assistance for both undergraduate and graduate programs
• 10 Employee Resource Groups for career development, community service, and networking

 

Summary

The Cyber Security Analyst will work in SRP's Security Operations Center (SOC) which is responsible for detection, response, and remediation of cyber security events across the enterprise. The Analyst will respond to security events, participate in incident response activities, and support tools used by the SOC team. This role will focus on SRP's Operational Technology environments and ensuring adequate monitoring and security controls are deployed to support detection and response objectives. Applicants should have excellent analytical, communication, and problem-solving skills.

What You'll Do

• Identify, triage, and respond to cyber security events in SRP's operational technology (OT) environments

• Analyze data from multiple sources and tools to discover anomalous and adversarial behavior

• Maintain awareness of current threat landscape utilizing threat intelligence from government and industry partners, as well as information security community resources

• Develop alerts, reports, and dashboards within the SIEM to facilitate detection and triage

• Create playbooks and procedures to support detection and response scenarios

• Advise and support implementation of security controls and new defensive capabilities

• Provide technical and NERC/CIP compliance support for OT monitoring systems

• Develop thorough understanding of relationship between IT/OT environments, business value of OT systems, and potential attack vectors in OT environments

• Interface with OT technology/security support staff on other teams, foster relationships, and develop processes for monitoring and response

• Participate in department on-call rotation to respond to after-hours events

What It Takes To Succeed

Ideal candidates should have 2+ years of experience in an Operation Technology focused role, Security Operations Center or cyber security incident response role, or 3 to 5 years of Information Technology and/or InfoSec experience.

 

The applicant should have a moderate to strong understanding of two or more of the areas listed below and have at least basic knowledge across most areas.

• SIEM technologies (Splunk experience a plus)

• Knowledge of common OT/ICS communication protocols, control systems, and architectures used in electric generation, transmission, and distribution environments

• Windows and Linux architectures, administration, and hardening

• Thorough understanding of the TCP/IP network stack, including common protocols and network topologies

• Network traffic analysis and packet capture tools (Wireshark, Bro/Zeek, etc)

• Internal Network Security Monitoring technologies for OT (Dragos, EmberOT, Nozomi, Claroty, etc or experience using ElasticSearch)

• IDS/IPS technologies

• Enterprise antimalware/Endpoint Detection & Response (EDR) platforms

• Microsoft Azure/M365 architectures and security features

• Incident response and forensic analysis tools and procedures

• Vulnerability management and mitigation concepts

• Programming or scripting experience (PowerShell, Python, etc)

Experience

We are targeting an Associate to Journey level caniddate:

• For a Level 1 (Associate), a minimum of no previous years of experience to two years related experience is required (if no degree, four-six years of relevant experience or equivalent combination of education and related experience totaling four-six years).

• For a Level 2 (Journey), a minimum of two years of experience to four years related experience is required (if no degree, six-eight years of relevant experience or equivalent combination of education and related experience totaling six-eight years).

 

Computer Information Systems, Computer Science, Cyber Security or degree in a similar technical discipline is preferred.

 

Industry security certifications are beneficial but not required. Examples of relevant certifications include CISSP, SANS/GIAC (GSEC, GICSP, GRID, GCIP, GMON, GCIA, GCFA, etc), Security+, CCNA/CCNP Security.

Education

A bachelor’s degree related to the assignment from an accredited institution is preferred.

 

Hybrid Workplace

SRP currently offers a hybrid workplace, which allows employees whose jobs can be performed remotely, and who have sufficient technical capability, to telework up to three days per week. Although teleworking is available, all employees must live and work in Arizona.

 

Drug/Alcohol Policy Statement

To promote the safety and well-being of our employees, customers, and the communities we serve, SRP is committed to maintaining a drug/alcohol free work environment. Although marijuana may now be legal in Arizona, except as otherwise specified under Arizona law, SRP considers it to be an illegal drug for the purpose of our drug/alcohol policy because marijuana remains illegal at the federal level. Any candidate found to be impaired during the hiring process or who has the presence of an illegal drug or unauthorized substance in their system during the pre-employment drug/alcohol test may be disqualified from further consideration in the hiring process.

 

Equal Opportunity Employer Statement

Salt River Project (SRP) is committed to equal employment opportunity regardless of race, color, religion, sex (including pregnancy), gender identity, sexual orientation, national origin, age, disability, genetic information, military status, or any other protected status under applicable federal, state or local law.

 

Work Authorization

All candidates must be legally authorized to work in the United States.
Currently, SRP does not sponsor H1B visas, OPT, or other employment-related visa's.