Title: Information Security Engineer III or Sr (OT Cyber Security) Date: Jul 9, 2021 Legal Entity: Entergy Services, LLC Description: *** Thispositionmay be filledin any city within Entergy's service territory *** At Entergy, we've been planning for the future for more than 100 years. We've experienced a lot of change, generating power first from sawdust to now splitting atoms, harnessing sunlight and using abundant, clean and efficient natural gas. We are on the verge of a monumental technology convergence, where reality swiftly catches up to possibility. The utility of the future does much more than keep the lights on and the gas flowing. It's knowledgeable and skillful workforce will solve challenges and fuel a brighter, smarter, more prosperous future for everyone. Having the lowest retail electricity rates of any utility in the United States drives economic growth within Entergy's region, a key ingredient to sustained growth for any utility. We also believe a diverse workforce committed to personal and professional growth is critical to our success. We place a high priority on developing talent to meet current and future needs, giving employees opportunities to grow their careers their way. Brief Position Description The OT Cyber Security team executes the activities required to secure Entergy's critical systems and assets as well as meet or exceed Entergy's commitment and obligation to the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards.This position is expected to have operational expertise in areas of information technology, operational technology, cyber security, electrical power, professional auditing, and risk-based compliance processes. Engineers are accountable to perform daily assigned activities, escalation of issues identified while performing daily activities, and identification and implementation of process improvement opportunities while ensuring Entergy is able to demonstrate compliance with the NERC CIP requirements. Key responsibilities include: Support implementation and maintenance of the OT asset life-cycle management Ensure OT cyber assets meet or exceed regulatory requirements and industry best practices For OT environments, responsible for ensuring security and compliance with relevant regulatory compliance requirements (e.g. North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP), etc. Including but not limited to: Functional Groups (Ports & Services) Electronic Security Perimeters (ESP) Asset inventory and classification Commissioning new assets including substations, control centers, data centers Configuration management and security baselines Monitor systems for non-compliance with standards and escalate to appropriate members of leadership. Support change management initiatives and weekly activities, including Change Advisory Board review and approvals Participate in disaster recovery planning, preparation and testing. Be an active member in preparation for required audits Participate in audit interviews as directed by leadership Identify and Implement process improvement opportunities Expand services provided as directed by leadership Other duties as required Experiences needed Level III: 3 to 5 years of cyber security experience across multiple disciplines (monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering, application security, database, risk management, project management, etc.) Level Senior: 5 to 7 years of cyber security experience across multiple disciplines (monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering, application security, database, risk management, project management, etc.) Experience working with outsourced teams Exposure to operational best practices like ITIL Understanding of vulnerability assessment, event management, operations, incident management and reporting Understanding of SIEM, configuration and monitoring technologies such as Splunk, Tripwire, Symantec Understanding of NERC CIP Standards Ability to work effectively with team members and with customers Strong organizational and time management skills Minimum knowledge, skills, and abilities required of the position Hands-on technical engineering and process management skills and the ability to advocate positive transformation within the broader information technology organization Commitment to customer service with strong oral and written communication skills Knowledge of multiple UNIX OS platforms and Windows-based operating systems Knowledgeable about security operations, cyber security monitoring, intrusion detection, and secured networks Strong knowledge of security ramifications of energy related regulations (SOX, HIPAA, NERC CIP, FERC, and NRC Nuclear Cyber (10 CFR 73.54) Knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL Understanding of current IT Security trends and best practices in technology, as well as monitoring best practices and tools Knowledge with scripting languages such as Perl or Python Strong writing and communication skills Available to travel Self-motivated, with ability to manage and follow up on multiple tasks simultaneously Capable of meeting deadlines Education Associate's degree in computer science, cyber security or a related discipline or equivalent work experience. Bachelor's degree preferred. Any certificates, licenses, etc., required for the position ISACA certification, such as CISSP, CISM, CISA recommended Relevant vendor credentials offered by companies such as Cisco recommended #LI-JL1 Primary Location: Texas - The Woodlands Job Function: Information Technology FLSA Status: Professional Relocation Option: No Relocation Offered Union description/code: NON BARGAINING UNIT-NBU Number of Openings: 1 Req ID: 100759 Travel Percentage: 25% to 50% An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the full statement. WORKING CONDITIONS: As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.