Position Summary:

Responsible to deliver Company-wide security services for IT/OT environments (e.g. data systems, network and/or web, cloud / SaaS / IaaS / ICS) to ensure security risks are managed across the corporation.

Primary Duties:

• Participate in development and maintenance of formal security policies, procedures, and methodologies utilized for information systems and IT/OT infrastructure technologies for the business.
• Identify and document security risks, exposures, and procedures to enhance the organization's security posture.
• Investigate and resolve security issues and recommend security architectural control design to enhance the organization's security posture.
• Conduct technical research on system upgrades to determine feasibility, cost, time required and compatibility with current systems.
• Prepare security analysis reports and findings reports.
• Collect and compile historical data on system access and generate reports and analysis.
• Coordinate the resolution of issues in a risk register.
• Architect and design user authentication, authorization, and access controls.
• Perform user provisioning and de-provisioning.
• Maintain understanding of future direction of application system technologies/products and participate in the determination of tactical and strategic upgrades necessary to meet business requirements.
• Develop security work group procedures.
• Develop capabilities to automate and orchestrate security events.
• Support multiple, complex, and/or advanced application systems and business processes.
• Participate in the development and delivery of security training and awareness.
• Coordinate internal and third-party audits.
• Perform technical support as needed for daily operations, implementation and upgrade projects, and resolution of system issues.
• Interpret internal/external business issues and recommend best practices as a member of various governance teams.
• Recommend improvements to business processes as supported by application systems.
• Perform security event coordination activities including task and resource management.

Requirements:

• Bachelor's degree required OR
• High school diploma/ GED or higher education along with six (6) years’ experience in directly related position(s).
• Two (2) years' experience in a cyber security related role.
• Valid state driver’s license.

RELOCATIONS IS NOT AUTHORIZED FOR THIS JOB

Knowledge, Skills, and Abilities:

• Working knowledge of procedures for the securing of OGE information systems and IT/OT infrastructure technologies.
• Working knowledge of OGE supported hardware, software, networks, operating systems, databases and applications.
• In depth understanding of System/Solution Delivery Lifecycle (SDLC).
• In depth understanding of SOX, NIST, NERC, COBIT, ITIL, ISO and/or similar information governance frameworks.
• Ability to develop effective briefings and materials to present to all organizational levels.
• In depth knowledge of risk assessments, application security, control design, vulnerability assessments or penetration testing.
• Strong leadership skills.
• Proven analytical and problem solving skills.
• Ability to work in a fast-paced team environment.
• Ability to investigate and analyze information and draw conclusions.
• Ability to plan, implement, test and troubleshoot system software.
• Ability to communicate technical guidance and instruction to users on the use of systems and/or applications.

Non-Technical Skills:

• Candidate must be able to demonstrate their ability to be action oriented.
• Candidate must have the ability to deal with ambiguity as it relates to reviewing and taking action related to discovered threats and vulnerabilities.
• The candidate must demonstrate creativity in determining solutions to unique and complex issues impacting OGE.
• Candidate must demonstrate customer focus through the ability to establish and maintain effective relationships by gaining trust and respect.
• Candidate must demonstrate superior ability to make decisions using a mixture of analysis, wisdom, experience and judgment.
• Candidate must demonstrate their ability to get things done both through formal channels and the informal network.
• Candidate must demonstrate superior ability to form peer relationships with other members of a team in order to find common ground and solve problems for the good of the organization.
• Candidate must demonstrate their ability to prioritize activities in order to ensure that critical tasks are completed within required timelines.
• Candidate must possess superior problem-solving capabilities to understand the impact of threats and vulnerabilities to the organizations.
• Candidate must demonstrate their abilities related to personal development recognizing the need for constant improvement and learning within the face paced and varied security industry.
• Candidate must demonstrate superior verbal and written communications skills utilizing a variety of styles to convey messages across the organization.
• Candidate must demonstrate an ability to be a self-starter and produce high quality work with minimal supervision.

Technical Skills:

• Candidate must demonstrate understanding and use of Automated Vulnerability Scanning tools
• Candidate must demonstrate understanding of Security Information and Event Management (SIEM) tools
• Candidate must demonstrate understanding of Microsoft Windows operating systems
• Candidate must demonstrate understanding of Unix based operating systems
• Candidate must demonstrate understanding of Microsoft Active Directory
• Candidate must demonstrate understanding of Microsoft System Center Configuration Management
• Candidate must demonstrate ability to perform batch and shell scripting
• Candidate must demonstrate proficiency with HTML, SQL, JSON, and XML
• Candidate must demonstrate ability to review information systems for indicators of compromise
• Candidate must demonstrate understanding of TCP/IP based networks
• Candidate must demonstrate familiarity with NIST Special Publication 800-53
• Candidate must demonstrate familiarity with the OWASP Top 10
• Candidate must demonstrate familiarity with the OWASP ASVS

Working Conditions:

• Office environment with extensive use of a computer.
• May require travel.
• May work outside of normal workday/workweek to meet deadlines and maintain support levels.

Safety Sensitive:

• All positions in which driving is an essential function of the job, regardless if the job code is marked safety sensitive or not, will also be included as safety sensitive. Individuals in positions in which driving is an essential function are subject to the terms and conditions set forth in OGE Energy Corp.’s Drug Testing Plan.

Required Skills Required Experience

REQUIRED SKILLS: 

Experience in securing systems and network platforms, such as Active Directory or Cisco technologies

Knowledge of various aspects and components of information security such as encryption methods/standards, real-time intruder detection, perimeter security, event correlation, authentication services, vulnerability analysis, and incident handling and forensics

 EXPERIENCE IN A MAJORITY OF THE FOLLOWING SKILLS:

     Threat identification and isolation

     Network Access Control

      IPS / IDS Technologies • Next Generation Firewalls

      Web Application Firewalls

     Cryptography

      Virtual Private Networks – Site-to-Site and Client

      Anti-Malware tools

      Anti-Spam tools

      Identity and Access Management.

      Content Filtering

      Data Classification

      Network and Architecture

      System administration

      Multi-factor authentication

      Patch and configuration management