Cyber Threat Specialist - Threat Intelligence Analyst

Requisition ID # 167047 

Job Category: Information Technology 

Job Level: Individual Contributor

Business Unit: Information Technology

Work Type: Hybrid

Job Location: Concord

Department Overview

The Cybersecurity function is led by PG&E’s Senior VP and Chief Information Security Officer and is responsible for cybersecurity and risk management across the organization.

The Security Intelligence and Operations Center (SIOC) is responsible for ensuring that PG&E proactively identifies and assesses threats to its user and operational network and data, monitors its network for malicious activity, investigates intrusions and other relevant events, and has a sophisticated and detailed understanding of the evolving threat landscape.

Position Summary

Delivers information security services in support of PG&E's enterprise security goals and objectives. Utilizes a variety of commercial and custom tools and processes to provide the information security services. Designs improvised solutions on the fly when dealing with active threats. Produces metrics and statistics that feed complimentary processes in PG&E such as risk assessment, patching, anti-virus, firewall management, etc.

This position is for Day-Shift, and the Threat Intelligence Analyst will be responsible for working towards continuous improvement through new processes, mastering and being a subject matter expert of current processes, waste elimination efforts, and collaboration with teams both within and outside of Cybersecurity. 

This position is hybrid, working from our Concord location Tuesday, Wednesday, and Thursday.  The remaining days will be from your remote office. 

PG&E is providing the hourly range that can reasonably be expected for this position at the time of the job posting. This hourly range is specific to the locality of the job. The actual hourly rate paid to an individual will be based on multiple factors, including, but not limited to, internal equity, specific skills, education, licenses or certifications, experience, market value, and geographic location. The decision will be made on a case-by-case basis related to these factors. This job is also eligible to participate in PG&E’s discretionary incentive compensation programs.  

Pay range is: $49.04/hr - $69.81/hr

Job Responsibilities

• Identifies, tracks, and monitors emerging security threats, vulnerabilities and trends
• Keeps current with changing technologies, threat actors and geopolitical events which could impact stability and operations
• Maintain knowledge of adversary activities, including intrusion tactics, attack techniques and operational procedures.
• Use intelligence feeds and OSINT to maintain situational awareness to identify, track, and monitor emerging security threats and trends regarding threats to PG&E, the utility industry and US critical infrastructure
• Provide orated threat briefs to internal Cybersecurity teams, various teams across the organization, and sometimes executives
• Ability to fulfill all job responsibilities of an Associate level Cyber Threat Specialist with limited oversight and guidance by senior team members and management
• Ability to perform basic coding and use these skills to automate simple repetitive tasks to perform job more efficiently and effectively
• Demonstrated deeper expertise in security tools by using advanced functionalities of tools and/or producing new reports
• Document procedures/process for security tools/services
• Have knowledge of current vulnerability exploits and malware as well as a familiarity with underground sources
• Identify opportunities to improve current security services, tools, processes, and procedures and work with management to implement these changes as appropriate.
• Perform basic forensic analysis using security tools and monitoring systems to discover the source of anomalous security events
• Perform moderately complex system administration tasks (e.g. hardware maintenance, network configuration) for security tools
• Perform vulnerability analysis, security research, suggest countermeasures and issue alerts/advisories to asset owners per defined processes and procedures
• Provide direction and oversight to junior team members performing security analysis functions
• Work with other PG&E operations teams to remediate immediate threats (e.g. Anti- virus, blocking at mail gateway or firewall, etc.)Collaborate with teams within the SIOC, cybersecurity as a whole, IT as a whole, and the multiple lines of business we interact with
• Work cross-functionally to recommend, facilitate, and test security control improvements
• Share on-call responsibility outside of business hours, onsite and remote

Qualifications

Minimum:

• High School or GED-General Educational Development-GED Diploma
• 2 years experience in IT-Information Technology security, multi-platform, or job-related experience

Desired:

• Bachelor’s degree in Cybersecurity, Computer Science, or job-related discipline or equivalent work experience
• Basic scripting skills
• Knowledge of MITRE ATT&CK Enterprise Matrix
• Knowledge of all layers of the OSI stack
• Formal IT Security/Network Certification, such as WCNA, CompTIA Network+ and Security +, Cisco CCNA, ISC2 CISSP, GIAC GCIH, GMON, GCFA, GCFE, GREM, GICSP, GRID, or other relevant certifications
• Previous experience supporting cyber defense analysis of Operational Technology (OT) Networks, including Industrial Controls Systems (ICS), Supervisory Control and Data Acquisition (SCADA), and Process Control Networks (PCN)
• Utility Industry experience
• Technical knowledge of operating systems (e.g., UNIX, Windows).
• Experience with compliance standards: NERC-CIP, SOX, TSA
• Previous experience working with various Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), and digital forensic technologies