6977- -Senior Information Security Engineer � Industrial Control Systems (Only candidates who currently reside in the Sacramento)

6977- -Senior Information Security Engineer Industrial Control Systems (Only candidates who currently reside in the Sacramento)

Location : Sacramento, Ca

Job Type : Temp/Contract

Reference Code : 6977

Hours : Full Time

Travel : No

Relocation : No

Job Description :

The ideal candidate possesses a combination of technical knowledge, strong analytical skills, and excellent interpersonal skills with a Bachelor's degree in computer science related. The candidate should have at least 8 years experience in the multiple roles in information security field (e.g., network security, SOC analyst, endpoint management, vulnerability management, cloud security, incident response, programming/scripting). Knowledge of control systems, security best practices, security frameworks.

• Excel Expertise: Proficient in using Excel for data analysis and reporting. Advanced skills in pivot tables, graphing, and data analysis.
• SharePoint: Intranet information sharing.
• Power BI: Developing and maintaining reports and dashboards.
• Project Management & Coordination: Utilizing Teams for project management, coordination, and communication.
• Data Visualization: Presenting data insights in a clear and actionable manner.
• Reporting: Generating reports across multiple projects and providing insights.
• Information Security: Knowledge of security controls, policies, and standards.

Required Qualifications :

• Any industrial control system experience
• Any wastewater or water systems experience or electrical background
• EPA regulation experience for water waste water
• Evaluating and reviewing new and upgrade technologies for security risks
• Performing risk and security assessments for new proposed applications
• Assist in risk and vulnerability mitigations
• Developing, updating and reviewing System Security Plans
• Developing and updating IRPs (business and control systems), playbooks, tabletop exercises and simulation
• Incident response and coordination following Incident Command Structure when appropriate
• Monitoring district assets (e.g., servers, computers, devices, networks, applications) for potential security threats and vulnerabilities
• Working with technical security systems such as SIEM, firewalls, endpoint security, vulnerability management, patch management, PKI, and cloud security management
• Working with security awareness and training platforms to deploy training and phishing simulations. Ensuring timely completion of training and addressing those who are repeat offenders
• Presenting at security workshops (technical and nontechnical) utilizing demos, & videos when appropriate
• Performing security audits, testing, and assessments with tracking identified vulnerabilities to mitigation or risk acceptance in line with the criticality.
• Evaluating risk acceptance requests and providing options for mitigating controls if needed.
• Using administrative tools to configure policies for enterprise security platforms.
• Working with CIS Benchmarks/CIS-CAT to identify standards and those assets that are not meeting standards
• Developing and testing scripts to automate security operations tasks.
• Developing, deploying, and supporting security policies, standards, guidelines, and procedures to ensure ongoing security compliance.
• Experienced in Cloud Security with the major cloud platform providers
• Experienced and proficient in networking, Windows domain administration, PAM, DLP, MFA, SOC applications, SIEM applications
• Proficient in Python, and Power Shell.
• Supporting change management processes.