Sr. Information Security Engineer
Direct Energy is a leading energy and energy-related services provider with nearly five million residential and commercial customers in North America. Direct Energy provides customers with choice and support in managing their energy costs through a portfolio of innovative products and services. A subsidiary of Centrica plc (LSE: CNA), one of the world’s leading integrated energy companies, Direct Energy operates in 50 U.S. states plus the District of Columbia and 10 provinces in Canada. To learn more about Direct Energy, please visit www.directenergy.com.
This is a high performance position within Information Security and will be directly responsible for the delivery of DE’s (North America) IT security program which includes security architecture and special projects, secure hardening programs, vulnerability and threat management, secure SDLC and application security. Position will require critical thinking, adaptive learning and research, and collaboration / relationship building across IT departments.
Education required to competently achieve responsibilities:
- BS degree in Engineering or Computer Science and/or proven related work experience in IT security
- CISSP/GISP certification is required. GIAC or other security certifications preferred, in addition.
Work experience required to competently achieve responsibilities:
- Must have a minimum of 7 years of IT security experience
Required knowledge required to competently achieve responsibilities:
- Breadth of IT knowledge across network, operating system, application, middleware, storage, compute, and virtualization technologies
- Familiar with Windows/Linux/UNIX internals, and TCP/IP protocols and their functions
- Familiar with multiple database types (MSSQL, Oracle, MongoDB, MySQL) and DDL vs DML statements
- Familiar with multiple web technologies, including IIS, Apache, Tomcat, Nginx and web application firewalls
- Familiar with advanced networking concepts
- Familiar with encryption technologies both at rest and in transit
- Experience with NIST, ISO 27001, Cobit, SOX and/or other information security management frameworks or regulations
- Utilizes a risk based approach in security design, and understands security vs. usability
- Expertise in Windows Active Directory, Kerberos authentication, SAML 2.0, and Group Policy
- Expertise in IEEE 802.11 security concepts
- Expertise in security architecture and systems design consulting, including producing deliverables
- Experience with interpreted (Perl/Python/Ruby) and compiled languages (C++/Java)
- Building and implementing a secure hardening program across infrastructure, network, database, and application platforms
- Experience in continuous monitoring and process improvement programs to monitor secure hardening implementation
- Experience in penetration testing, red teaming, and whitehat evaluation of IT systems and applications
- Experience in data protection programs including DLP and data classification
- Ability to think critically
- Willingness to learn outside of work and outside of comfort level
- Ability to convey technical information to a non-technical group or audience in a way where all parties understand the information.
- IT incident handling and management experience, including simulation and triage activities
- Ability to manage numerous threads in a hectic work environment and follow through on open items
The IndividualDirect Energy and its subsidiaries are an Equal Opportunity Employer - EOE AA M/F/Vet/Disability
Additional Website Text