Cyber Security Vulnerability Specialist

Job Summary

This position is an experienced, senior level, hands-on technical lead, performing IT security functions and maintaining systems, while providing technical guidance to the team. Ensures the implementation of robust security measures to protect organization communications and control networks, reducing the risk of unauthorized access and cyber threats. Implements and maintain effective measures to prevent data leaks, safeguarding sensitive information and ensuring compliance with data protection policies and regulations.

Job Responsibilities

Include but are not limited to:

•Performing vulnerability and compliance management activities, while providing technical guidance to the team.

•Operates vulnerability, compliance, and pen testing tools, and complies with security policies and procedures (T0028)

•Support incident response activities as needed. (T0041)

•Provides technical expertise and support to IT management and staff in cybersecurity threat risk assessments, development, testing and the implementation and operation of appropriate information security plans, procedures, and control techniques designed to prevent, minimize or quickly recover from cyber-attacks or other serious events.

•Evaluate the severity and potential impact of identified vulnerabilities aligned to PSEG’s risk tolerance and business priorities.

•Coordinate and oversee the patching process to ensure timelines align to the defined cadences.

•Develop and present key security reports on the status of vulnerabilities, risk assessments, and mitigation efforts to various security stakeholders and PSEG leadership.

Job Specific Qualifications

Required

• Bachelor's degree in Computer Science, Information Systems, Cyber Security, or Engineering
• In lieu of a degree, 10 years of cyber experience
• 6 or more years of experience in Information Security Proficient with vulnerability management solutions such as Qualys, Nexpose, Nessus, Kenna Security, Tanium and open source
• Experience leading and managing organization-wide vulnerability scanning and remediation processes.
• Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle.
• Experience with key information security technologies such as SIEM, firewalls, intrusion detection/prevention systems, vulnerability assessment, encryption, identity and access control systems, anti-malware, and security event analysis.
• Travel approximate 5%

This role that can be performed remotely but require some level of onsite work/in-person interactions on a regular basis, require employees to live within a commutable distance and, since business needs vary by position and may change over time, managers will set expectations and flexibility regarding where and when work is performed.