Job Description

The Security Analyst plays a key role in securing industrial control systems for the electric grid and is GSOC's first line of defense against security threats. To perform this essential function, the Security Analyst must demonstrate a high degree of technical and analytical capability, as well as an ability to learn and adapt to quickly changing technologies, procedures, and compliance requirements.

The Security Analyst supports the GSOC compliance program by maintaining knowledge of NERC Critical Infrastructure Protection (CIP) standards and related policies in the areas of security event monitoring, access management, change management, and vulnerability assessments. Creates and maintains evidence of compliance with these standards and related policies. The Security Analyst contributes to efforts to update and improve related policies.

Responsible for compliance with all applicable laws, regulations, industry standards, corporate policies, guidelines and procedures, including but not limited to, RUS, OSHA, NERC, FERC and ITS requirements.

Job Duties:

• Analyst I:
  • Manages support requests from end-users. Resolves tier 1 requests, such as user password resets and application access problems. Facilitates routing of user access requests for authorization. Escalates and routes other requests to facilitate rapid resolution. Investigates optimal solutions to commonly encountered issues and drafts processes and related knowledge articles to address them.
  • Actively monitors the environment for detected configuration changes. Attempts to reconcile detected changes to approved change requests. Escalates unreconciled changes for remediation.
  • Reviews and responds to security alerts. Determines which alerts are false-positive or associated with non-malicious activity to mark for resolution. Escalates other alerts for remediation.
  • Follows provided procedures to maintain asset inventory within the Change Management Database (CMDB). Facilitates assessment of new assets for NERC CIP classification. Ensures asset statuses are maintained in the CMDB through the implementation of provided asset management, change management and sanitization procedures.
  • Actively monitors the environment for the creation and modification of user accounts and changes to permissions and roles associated with user accounts. Attempts to reconcile these account events to approved access authorizations. Escalates unreconciled account events for remediation.
  • Maintains knowledge of NERC CIP standards and related policies in the areas of security event monitoring, access management, change management, and vulnerability assessments. Creates and maintains evidence of compliance with these standards and related policies.
  • Participates in periodic reviews and activities associated with access management and vulnerability assessments.
• Analyst II:
  • Coordinates the GSOC asset management program. Works with various GSOC stakeholders to ensure the process is followed and identify opportunities for process improvement. Ensures the Change Management Database (CMDB) is maintained in a complete, accurate, and timely manner.
  • Provides Tier 2 support for escalated security alerts, configuration changes, and user account activities. Maintains knowledge of the environment and technologies necessary to diagnose and resolve escalated events.
  • Performs post implementation review of approved change requests to ensure scope of the approved change was implemented correctly and identified security controls were not adversely affected.
  • Manages key metrics to identify common problems and alerts. Develops knowledge and documentation to resolve these common events.
  • Coordinates with Security Engineering team to configure various security monitoring tools. Suggests additional sources for security-related events and alert configuration.
  • Maintains knowledge of NERC CIP standards and related policies in the areas of security event monitoring, access management, change management, and vulnerability assessments. Creates and maintains evidence of compliance with these standards and related policies. Contributes to efforts to update and improve related policies.
  • Identifies security alerts and events that should be tuned to reduce noise.
  • Assists in the development and maintenance of desk procedures for the Security Analyst team.

Required Qualifications:

Education : Bachelor's Degree in Computer Science or related field.

Experience :

• Analyst I: Requires 0-2 years of experience in an industrial control systems environment, information technology, or information security role.
• Analyst II: Requires 2 or more years of experience in an industrial control systems environment, information technology, or information security role.

Equivalent Experience :

• Analyst I:
  • Associates degree in Information Systems, Computer Science, Engineering, or related field with 2 or more years of experience in an industrial control systems environment, information technology, or information security role, OR
  • High school diploma with 4 or more years of experience in an industrial control systems environment, information technology, or information security role.
• Analyst II:
  • Associates degree in Information Systems, Computer Science, Engineering, or related field with 4 or more years of experience in an industrial control systems environment, information technology, or information security role, OR
  • High school diploma with 6 or more years of experience in an industrial control systems environment, information technology, or information security role.

Specialized Skills : Requires strong technical skills and understanding of various security events across multiple operating system and appliance platforms. Ability to learn and adapt quickly to changes in technologies, processes, and compliance standards. Strong customer service attitude. Strong analytical skills. Ability to document resolutions to customer issues and security alerts. Capability to provide leadership over implementation of processes. Resolve issues amongst a diverse group of stakeholders. Must be able to pass a NERC CIP personnel risk assessment screening.

Unusual Hours : Occasional overtime may be required. Supports customers, incident response processes, and systems after hours, as needed.

Georgia System Operations Corporation is an Equal Employment Opportunity Employer, including veterans and disabled. We are a drug-free workplace. All applicants are subject to substance abuse testing.

Job Tags

Similar Jobs