Title: Security Engineer
Location: Los Angeles or Rosemead, CA
1. Security is the key requirement, and the expectation is for the candidate to understand the NIST framework and their controls, few listed below
a. Access Management
b. Configuration Management
c. Patch management
d. Vulnerability scanning
e. Logging and Monitoring - Splunk and log monitoring tool
2. For those controls
a. What the nature of work they have done ?
b. What tool was used for each of them?
c. In case of Vulnerabilities, how do they
i. categorize the findings
ii. how to they prioritize them
iii. how do they come up plan for remediation?
iv. how they implement the remediation plan (or coordinate with the concerned team for remediation)
a. Can they talk about any memorable experience while doing any of the above?
2. If they mention that they have NERC CIP experience or any experience, they should be able to take about the same (to the level of drilling down that can happen during the interview)
3. They should be able to communicate well
4. Possess good soft skills such as
a. Ability to listen (before responding)
b. Be transparent when they don’t know an answer rather than beating around the bush
c. Show willingness to learn
if they have compliance experience other that NERC like SOX and HIPA also good but they should have experience in security controls listed above. As mentioned earlier, candidates with 5 years of experience should suffice.
Description:
Provide subject matter expertise for Security and Compliance requirements of SCADA systems during Project Design and Implementation phase and evaluation of POC results.
Technical feasibility exception (TFE) preparation and submittal; compliance evidence gathering, quality verification, packaging, and storage. Cyber assets classification and validation.
Assess risk of security vulnerabilities, patches for servers and workstations, and assess the applicability and risk of newly discovered vulnerabilities. Liaise with System Administrators to remediate risk. Ensure Electronic/physical security controls adherence, and system security administration.
Perform in depth analysis of technical solutions and implement to resolve technical issues and ensure security and compliance requirements are met.
Perform periodic (annual, quarterly, monthly, weekly, daily) compliance activities as required.
Experience in asset configuration management and familiar with basic change management process.
Experience in system security event monitoring and ability to review and identify abnormal events.
Ability to work independently and in a team environment, including identifying project needs, prioritizing multiple projects, and following through all assignments.
Provide timely updates on tasks and meet internal and client deadlines with high quality deliverable
Excellent communication and interpersonal skills
Skills:
Bachelor’s Degree in Computer Science, Information Systems, Engineering, or related technical major.
Five (5) years of experience in Cyber Security field performing complex analysis, consulting, and providing recommendations.
Three (3) years of combined hands-on experience in one or more of the following areas:
o Experience with NERC Critical Infrastructure Protection standards V6.
o Experience with UNIX scripting/LINUX and Windows Operating Systems.
o Experience with PowerShell, Python Scripting, and understanding of the OSI/TCP IP Model.
Three (3) years of experience with Process design (Workflow, Visio, documentation, templates).
Three (3) years of experience with Office Suite - (Microsoft Word, Excel, PowerPoint, and Project).
Experience working within a SCADA/ Industrial Control System environment.
Experience or working knowledge of Splunk or Tenable
,
Lalitha Bommasani
Email:
Web Site :
Direct No