Sr. Systems Analyst 2L/Systems Specialist 2H - IT Information Security - Threat Management

Job Info

Dec 13, 2019

102797

Posting Expiration Date: Mar 31, 2020

Schedule Type: Full-Time

Organization: Information Technology

Department: Information Security

Section: IT IS Threat Management

Location: NY-New York-4 Irving Pl Headquarters

Job Description

Mission Statement

  • Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) employees are required to follow health, safety, and environmental policies, EEO, Standards of Business Conduct, and all other applicable company policy and procedures. We all share a responsibility to advance the company’s mission by excelling at our three corporate priorities – safety of our people and the public, operational excellence in all that we do, and ensuring the best possible customer experience.

Core Responsibilities

  • Sr. Systems Analyst/Systems Specialist under the general guidance of the IT Architect or Systems Manager will be responsible for evaluating and implementing new technologies, analyzing infrastructure and software designs and implementations, and identify and resolve potential issues to help enhance and secure a large enterprise network. The position requires a broad foundation of IT architectural experience with an understanding of current PaaS and SaaS technologies. Familiarity with Internet facing technologies, server/storage technologies, cloud services and hybrid cloud integration is a must. The Senior Systems Analyst/Systems Specialist will be responsible for designing complex and innovative solutions addressing vulnerability detection, threat and risk analysis, network intrusion, securing technology assets across the application, infrastructure, cloud and data tiers and development/implementation of vulnerability mitigation strategies. This is a hands-on team member who actively works with various teams including security, infrastructure and development teams to improve our overall security standards. This position is expected to be the last level of technical escalation within the company for the assigned responsibilities
  • Guides engineering teams and makes informed security decisions on the design of infrastructure, systems and applications
  • Works with tech leads and teams to ensure security is built into app development, network infrastructure and cloud systems. Work with necessary Information Technology groups to satisfy specific technology related issues. Act as an Information Security liaison between the customers and all groups in Information Technology
  • Implements industry leading practices around cyber risks and Cloud security and perform security assessments of cloud platforms/environments using industry standard frameworks such as ISO, CSA-CSM and NIST
  • Designs and develops security policies, standards and procedures e.g. firewall management, SSL/IPSec, security incident and event management (SIEM), data protection (DLP, encryption), user account management (SSO, SAML), and password/key management.
  • Identifies software weaknesses that could lead to exploitable vulnerabilities such as SQL injection, cross-site scripting, cross-site request forgery, buffer overflows, use of hard-coded passwords, weak encryption, sensitive data.
  • Seasoned professional with detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation. Can advise on architecture decisions at technical and product level.
  • Adequate knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures) and of network/web related protocols.
  • Experience designing the secure deployment and monitoring of applications and infrastructure into public cloud services (e.g., AWS or Microsoft Azure).
  • Constantly looking for better ways of solving security problems and designing the solution, not afraid of challenging the status quo.
  • Support various systems and become SME for them
  • Respond swiftly to all alerts; performing initial risk/impact assessments or escalating issues as appropriate
  • Follow change management controls and guidelines
  • Support operating organizations during corporate emergencies. Participate in the Company's emergency management processes, cyber security and storm plans
  • Perform other related tasks and assignments as required.

Required Education/Experience

  • Associate's Degree And Sr. System Analyst 2L: Four (4) years work experience in IT.
  • System Specialist 2H: 5 years of relevant work experience in IT. Or
  • Bachelor's Degree And Sr. System Analyst 2L: Three (3) years work experience in IT.
  • System Specialist 2H: Four (4) years of relevant work experience in IT.

Preferred Education/Experience

  • Bachelor's Degree Information Technology, Computer Science, Math, Engineering or business related disciplines. And Sr. System Analyst 2L: Information Security experience preferred. Technical certifications (e.g. AWS Certified Solutions Architect, Cloud Certified Professional, Microsoft Cloud Certifications, CISSP, CISM, CIPP, etc.). are preferred but not mandatory. Experience in Agile Development, with specific Security Architect (or similar) experience preferred. Knowledge of security tools, python, scripting is preferred
  • System Specialist 2H: Information Security experience preferred. Technical certifications (e.g. AWS Certified Solutions Architect, Cloud Certified Professional, Microsoft Cloud Certifications, CISSP, CISM, CIPP, etc.). are preferred but not mandatory. Experience in Agile Development, with specific Security Architect (or similar) experience preferred. Knowledge of security tools, python, scripting is preferred
  • Master's Degree Information Technology, Computer Science, Math, Engineering or business related disciplines. Sr. System Analyst 2L: Two (2) years work experience in IT. Information Security experience preferred. Technical certifications (e.g. AWS Certified Solutions Architect, Cloud Certified Professional, Microsoft Cloud Certifications, CISSP, CISM, CIPP, etc.). are preferred but not mandatory. Experience in Agile Development, with specific Security Architect (or similar) experience preferred. Knowledge of security tools, python, scripting is preferred
  • System Specialist 2H: Three (3) years of relevant work experience in IT. Information Security experience preferred. Technical certifications (e.g. AWS Certified Solutions Architect, Cloud Certified Professional, Microsoft Cloud Certifications, CISSP, CISM, CIPP, etc.). are preferred but not mandatory. Experience in Agile Development, with specific Security Architect (or similar) experience preferred. Knowledge of security tools, python, scripting is preferred

Required Work Experience

  • 3-5 years Thorough understanding of communication protocols and security standards. Req And
  • Must be comfortable and skilled at driving information security processes and techniques. Must be able to communicate designs and give persuasive presentations. Must be able to interact with all levels of management and communicate technical concepts to a non-technical audience. Req And
  • Ability to handle multiple assignments with changing priorities while meeting deadlines. Req And
  • Must be flexible and able to work off-hours as required to support deployments, resolve production problems or respond to corporate emergencies. Req And
  • Ability to establish medium and long-term plans and priorities and estimate investment requirements. Req And
  • 3-5 years Strong understanding of cyber security principles. Pref And
  • 3-5 years Experience designing, developing, implementing secure architectures and/or processes. Pref And
  • 2 years Threat management, Risk management and/or, Compliance experience Pref Or
  • Experience with implementing or integrating commercially available infrastructure components. Pref Or
  • Experience in evaluating technology and establishing standard designs. Pref And
  • Must be conversant in emerging technologies and practices, e.g. Next Generation Firewalls, security devices, and cloud computing components. Pref Or

Skills & Ability

  • Ability to lead/manage others
  • Builds and manages effective teams
  • Effectively coaches and delivers constructive feedback
  • Ability to inspire and develop staff
  • Strong written and verbal communication skills
  • Develops and delivers effective presentations

Licenses & Certifications

  • Driver's License Required

Physical Demands

  • Must push, pull, lift up to 25 pounds

Other Physical Demands

  • Must be able to respond to Company emergencies by performing a System Emergency Assignment to restore service to our customers.

Technical Difficulty Statement

Equal Opportunity Employer

  • Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) are equal opportunity employers. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of the individual’s actual or perceived disability, protected veteran status, race, color, creed, religion, sex, age, national origin, gender, gender identity, gender expression, genetic information, marital status, sexual orientation, citizenship, domestic violence victim status, or any other actual or perceived status protected by law.

SHARE: