(CIRT) is responsible for ensuring effective detection and response to all security incidents at Duquesne Light. CIRT operates as part of the Office of the CISO under the Cyber Security Operations and Engineering (“SecOps”) team. The SecOps team is responsible for ensuring that Duquesne Light corporate systems and networks are designed and operated in a secure manner that minimizes the risk to a level acceptable to management.The Cybersecurity Incident operated (CIRT) is responsible for ensuring effectivedetection and response to all security incidents at Duquesne Light. CIRToperates as part of the Office of the CISO under the Cyber Security Operationsand Engineering (“SecOps”) team. The SecOps team is responsible forensuring that Duquesne Light corporate systems and networks are designed andoperate in a secure manner that minimizes the risk to a level acceptable tomanagement.
· Lead and serve as a mentor for internal Threat Hunting, Incident Response, and Forensics, actively improving our capabilities
· Partner with Cyber Security Operations and Engineering groups to improve operations, detection, response, and recovery
· Drive end-to-end Cyber security incident response activities, serve as an escalation point for high priority or complex incidents
· Drive continuous refinement and improvement of incident response processes, playbooks, and Standard Operating Processes (SOPs)
· Grow and mature Threat Intelligence Program and applicability of detected threats to drive actionable intelligence
· Identify gaps in visibility and detection methodologies. Regularly evaluate current log quality and content development strategies, identify new data sources to enrich logs and new threat detection logic
· Provide incident metrics to other Cybersecurity and business leadership
· Build and maintain relationships with IT and business stakeholders
· Build and maintain relationships with local lawe nforcement and cyber defense authorities
· Build and maintain relationships with key vendors
· Participate in internal and/or external audits as required
· Assist in developing and enhancing Cybersecurity strategy and roadmap
· Collaborate with Cybersecurity and IT Risk Management peers to improve automated correlation, vulnerability scanning, code review/applications testing, and other detection security tools
· Manage security tools and associated professional service contracts and deliver capabilities
· Partner with Infrastructure and Security leadership teams to develop use cases for security automation and response,logging, monitoring and threat defense
Contribute to the execution of Cyber Security operations, incident response, and investigations spanning across all functions of the Cybersecurity organization
· Experience in IT in the Information Security area
· Demonstrated ability to lead technical teams and strategic projects
· Strong communication and problem-solving skills
· Development of incident response, operations processes, and playbooks
· Understanding common security tools,instrumentation, and detection methodologies – EDR, SIEM, IDS/IPS, proxies,etc.
· Understanding core networking concepts (TCP/IP,etc.) and common protocols (HTTP, SMB, etc.)
· Understanding of tools and techniques used by hackers to breach networks, server systems, cloud workloads, or applications
· Demonstrated understanding of security-related technologies and practices including authentication and authorization systems,endpoint protection, encryption, segmentation strategies, vulnerability management, network, and Host Incident Detection and Prevention, Data Loss Prevention, Data Security, risk-based and strong authentication, cloud access security, secure remote access, firewalls, Application Security, etc.
· Diverse technical background and exposure to enterprise networking, firewall, storage options, server infrastructure,operating systems, application development, database technologies, desktop operating systems and Cybersecurity
· Deliver on SLA/OLA commitments under tight deadlines and/or budgetary and other resource constraints
· Experience working in transmission and distribution operations services industry or other highly regulated and/or compliance-oriented environments
· Exposure to security standards NIST Cybersecurity Framework, NIST SP800-61 R2 and ISO/IEC 27035
