Status: Actively Recruiting
Interested candidates can post their updated resume to firstname.lastname@example.org
Available Opening: 1
Duration: 6 Months
Description:During the interviewing process we are looking for 'demonstrated'
skills and ability to perform the functions listed below (along with other items on our job posting). We are looking for a very strong, professional candidate that will represent AEP and the Security Engineering team as they are working with BU & IT partners and customers, as well as external vendors. We want to know that they can perform risk assessments and explain to the project team, customers, or vendors the security recommendation based on the risk, as well as AEP's Security Policies & Standards.
The successful candidate will be part of AEP’s Cyber Security Engineering team supporting gridSMART and other projects as assigned. The position involves applying the candidate’s security engineering and problem solving skills to develop solutions to complex problems in the electric power delivery infrastructure related to grid modernization. The Security Architect’s role is to provide end-to-end security architecture (holistic, enterprise-wide view) for the assigned projects.
Typical responsibilities will include:
· Designing and/or architecting end-to-end secure solutions for one or
more of the following: network-centric systems, secure wireless mesh networking and embedded systems, large IT systems and internet security.
· Security Policy/Standards - provide consultation and Enterprise
Security Policy/Standard interpretation
· Process - analyze the business processes to identify issues with
service or product delivery caused by failure of internal controls, information systems or through weaknesses in operating procedures
· Reviewing requirements and approving implementation plans - The
requirements must consider a holistic approach to security, all layers:
network; host; application (presentation logic, business logic and data access logic); runtime services and components; platform services and components and operating system
· Architecture design - The security architect must have a thorough
understanding of the technical architecture to recommend and implement security controls
· Implementation guidance - hands-on project consulting on security
issues and design
· Regulatory and legislative compliance (NERC CIP, SOX, PII) – consult
and provide guidance on complying with appropriate policy/standards/measures
· Assists testing lead to ensure that security related test cases are
written and executed
· Participate in all stages of the SDLC process; includes business
process analysis, requirements documentation & reviews, system and architecture designs, testing, deployment & implementation, etc. (meeting deadlines and providing documentation/deliverables are critical)
· Attending meetings, participating in activities and developing
relationships with other managers and project team members; and
· Performing other duties and responsibilities as requested.
CISSP or other security certification preferred. Bachelors Degree in Computer Science, Security/Systems Engineering or a related field; or an equivalent combination of education, training, and work experience.
Typically possesses five or more years of experience in Information
Technology security with a focus on:
· Process: SDLC; communications and network security, Vulnerability
Management; Threat Management
· Deployment & Infrastructure: data, applications, host, network
· Architecture & Design: Authentication; authorization; configuration
management; sensitive data, session management; cryptography; parameter manipulation; exception management; auditing & logging
· Component Analysis: Web Services; Enterprise Services; Remote
Services; Data Access
· Interest or participation in regulatory or national organizations
such as NIST, NERC, DOE, ISO, etc., as collaboration with these agencies is needed for policies & standards, data security, and privacy.
· Demonstrated experience performing analysis, developing
specifications, designing, constructing, testing and implementing secure solutions designs (i.e. red team analysis, penetration testing).
· Demonstrated ability to abstract the solution architecture into
different views and domains, apply critical thinking skills, technical ingenuity, creativity, and resourcefulness to ensure the security will continue to be viable.
· Demonstrated knowledge of security standards and testing tools and
methods (i.e. NIST800-53, PKI).
· Demonstrated strong oral and written communication skills, and be
customer focused to understand and appropriately respond to business requirements.
· Demonstrated experience interfacing and collaborating with clients,
peers, and management to develop solutions.
· Must demonstrate the ability to integrate work across relevant areas,
develop the business and services to enhance customer satisfaction and productivity, manage risks and safety appropriately, develop and execute business plans, manage information, and provide exceptional service to internal and external customers.
· Must demonstrate effective resource and project planning, decision
making, results delivery, team building, and staying current with relevant technology and innovation.
· Must demonstrate strong ethics, influence and negotiation,
leadership, interpersonal skills, communication, the ability to effectively manage stress and engage in continuous learning.