*

PacifiCorp is seeking customer-centric candidates to grow and sustain our commitment to a culture of customer service excellence, environmental sustainability inclusion & belonging.

General Purpose

This position will be the primary security role for patching, configuration, and other security-related activities in an Operational Technology environment.

Manage and maintain security systems (logging, anti-malware, user management, vulnerability scanning, backup, etc) and security technology in corporate and industrial control systems environments. Conduct analysis, create system specifications, develop, test and implement new monitoring and control systems. Parse, archive, and analyze incoming data from across the enterprise for the creation of alarms and digests to the security analyst team. Support Supervisory Control And Data Acquisition systems (SCADA) and Distributed Control Systems (DCS) at electrical generation facilities. With minimal guidance and oversight research and deploy new commercial/OSS tools and projects to meet security requirements, and develop in-house solutions using OSS and custom code. Provide technical assistance/consulting to enable the company to meet security goals and requirements.

Responsibilities

• Perform hardware installations, upgrades, operating systems and application software installations and upgrades, backup and recovery administration, maintaining users and peripheral equipment, troubleshooting system and application issues. (20-40%)
• Ensure operational adherence to the Center for Information Security Critical Security Controls, Information Security Management Systems and ISO 27001 certification programs for the enterprise. (15-30%)
• Maintain the Security Information Event Management (SIEM), Intrusion Detection Systems (IDS), Vulnerability Scanner, ELK research stack, syslog collectors, and other Information Security assets as needed. (10-40%)
• As needed, perform SCADA communication configuration and data preparation prior to placing an electrical facility under SCADA service. Work closely with field technicians, business system analysts, and engineering staff in this process. (10-30%)
• Perform vulnerability scans against internal and external targets, both scheduled and ad-hoc in response to internal or external concerns. Use additional data (system logs, network context, etc) to analyze and prioritize identified risks in concert with asset owners. (10-20%)
• Perform log management for the enterprise, maintaining evidence, where required to support compliance obligations. Includes working with various system owners across the enterprise to assist in bringing logs into the system and developing parsers for new log streams (10-15%)
• Ensure adherence to various regulatory and policy requirements, including the Critical infrastructure Protection Standards (CIPS) (5-15%)
• Create and tune automated log analysis and alerting to meet internal system/network changes and ongoing developments in the overall security landscape. (5-15%)
• Stay abreast of current security trends, and identify new technology that could provide value to the organization. Research/evaluate, acquire/develop, and deploy new Information Security systems, either as standalone systems or as part of larger corporate projects. (5-15%)
• Provide timely and accurate cross-platform support in response to security threats that may arise that poses a risk systems across the company’s computing enterprise, including forensic investigations. (5%)
• May act as a lead within a work group; train and mentor level 1&2 security engineers. (0-5%)
• Perform additional responsibilities as requested or assigned (0-5%)

In addition to the above, level 3 will include the following responsibilities:

• May act as a lead within a work group; train and mentor level 1&2 security engineers. (0-5%)

Requirements

• Bachelor’s degree in Computer Science, Information Technology, or related field; or equivalent work experience. (Typically four years of additional related, progressive work experience would be needed for candidates applying for this position who do not possess a Bachelor’s degree. A minimum of two years additional directly related technical experience is required.)
• A minimum of three or more years of experience in Security Information Management and Intrusion Detection systems with associated incident response experience.
• A minimum of one to three years of experience working with Industrial Control Systems (ICS) or a manufacturing environment.
• Demonstrated knowledge of security principles through achievement and/or active pursuit of advanced security certification including CISM or CISSP.
• System administration skills on Windows and Linux systems.
• Exposure to programming languages such as PERL as well as open source security tools such as SNARE, SNORT, etc.
• Ability to construct and execute complex database queries using SQL.
• Advanced technical knowledge of complex database, network software, and disaster recovery practices.
• Demonstrated knowledge of information technology terms, equipment, systems, functions, and major vendors.
• Excellent oral and written communication skills, including presentation skills.
• Effective interpersonal skills and customer relationship skills.
• Effective analytical, problem-solving and decision-making skills.
• Project management skills; ability to prioritize and handle multiple tasks and projects concurrently.
• Availability as a resource for problem resolution on a rotating 24-hour basis.
  

Requirements for Level 3 position include the following:

• A minimum of five or more years of experience in Security Information Management and Intrusion Detection systems with associated incident response experience.
• A minimum of three years of experience working with Industrial Control Systems (ICS) or a manufacturing environment

Preferences

• Knowledge of Energy Management Systems.
• Experience with integration and administration of physical security technology.
• Experience with GE iFix, GE Mark VIe, Schneider Modicon, Siemens DCS, Emerson Ovation.

Additional Information

Req Id: 113254
Company Code: PacifiCorp
Primary Location: Portland, Salt Lake City, Des Moines, Las Vegas or Omaha
Department: PacifiCorp Corporate
Schedule: FT
Personnel Subarea: Exempt
Hiring Range: $90,200 - $122,000
This position is eligible for an annual discretionary performance incentive bonus of up to ???????12-15% of salary.

Benefits: Health care, retirement, paid time off, tuition assistance, paid short-term and long-term disability, paid bereavement leave. For more information, please visit:

Employees must be able to perform the essential functions of the position with or without an accommodation.

PacifiCorp is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion or religious creed, age, national origin, ancestry, citizenship status (except as required by law), gender (including gender identity and expression), sex (including pregnancy), sexual orientation, genetic information, physical or mental disability, medical condition, veteran or military status, familial or parental status, marital status or any other category protected by applicable local, state or U.S. federal law.

Unless otherwise required by law, all offers of employment are contingent upon the successful completion of a background check and drug screening including for marijuana. While marijuana is legal in several states, including Oregon, a positive test for positions in Oregon may disqualify a candidate. The company complies with the laws of Washington and California and only obtains and considers positive tests for marijuana in safety-sensitive positions or those covered by U.S. Department of Transportation regulations.

PI170206d6d0dc-35196-36947189