Senior Cybersecurity Engineer

Talen Energy is looking for a dynamic Senior Security Engineer with additional experience with NERC CIP compliance and functional knowledge of NERC EACMS. In this role, you will collaborate closely with IT and stakeholders, and various business units to ensure the security and integrity of the enterprise. You will audit configurations, integrate, manage, and monitor security controls and systems. You will proactively seek threats and vulnerabilities that drive the vulnerability management cycle. Your expertise will be essential in maintaining compliance with security standards and protecting our digital assets.

How You’ll Power the Future

At Talen Energy, your work fuels progress. In this role, you’ll do more than contribute you’ll drive meaningful change by:

• Work in a self-directed environment and capable of providing consistent results with minimal daily guidance.

• Develop IT security policies and procedures and implement necessary controls and procedures to cost effectively protect information technology assets from intentional or inadvertent modification, disclosure, or destruction.

• Exhibit technical skill in configuring and maintaining cyber security tools.

• Oversee ongoing operations of security assets to ensure that a defense in depth security model is in place. Ability to deploy, manage and maintain all security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus/endpoint security software.

• Participate in penetration testing of all systems to identify system vulnerabilities.

• Ability to review logs for unusual or suspicious activity, interpret and make recommendations for resolution.

• Recommend, coordinate, and apply fixes, security patches, disaster recovery procedures, and any other measures required in the event of a security breach.

• Collect meaningful metrics and key performance indicators for reporting cyber security threats and trends.

• Focus on customer by providing business value. Build partnerships with key contacts in the business line by understanding their business needs, communicating these needs to appropriate IT staff, vendors, and consultants, and developing solutions to those problems.

• Produce communications both oral and written to a variety of audiences. Effectively interact on business or technical matters and convey complex and/or critical material in an easy-to-understand style and manner.

• Problem solving. Assure timely resolution of operational problems by utilizing effective problem management techniques. Display the highest level of critical thinking; making timely and sound decisions; reach decisions under conditions of uncertainty.

• Support internal and external IT and security audits as needed.

• On-call rotation assignment.

• Occasional travel as requested.

NERC CIP areas of responsibility include:

• NERC CIP Compliance which Includes maintaining NERC procedures and logs and other required documentation.

• NERC EACMS (Electronic Access Control or Monitoring Systems) are cyber assets that perform electronic access control or monitoring for the Bulk Electric System (BES) Cyber Systems or Electronic Security Perimeters.

  • Maintain all NERC CIP defined equipment to ensure they are kept up to date with all the latest cyber security updates

• Identify and investigate potential anomalies and/or non-compliances and escalate to management, as necessary; perform root cause analyses and develop corrective actions to mitigate the potential reoccurrence of near-misses and/or non-compliances.

• Assist in the preparation of self-reports.

• Support and assist in all efforts to prepare, draft, and coordinate materials responsive to regulatory questionnaires, and other Requests for Information.

What You Have

Minimum Requirements

• One Industry certification required. CISSP, CCSP

• A minimum of 10 years in IT/systems engineering with 5-7 (can be concurrent) years in Cybersecurity disciplines.

• A bachelor's degree in computer science, Information Technology, Information Security, or related discipline may be considered as substitution for experience.

• Advanced understanding of security control environment (access control, logging, authentication, encryption, integrity, etc.); Experience coordinating corporate-wide initiatives for obtaining security related assurances.

• Ability to use logic and reasoning to identify the strengths and weaknesses of alternative; solutions, conclusions or approaches to problems.

• Working knowledge of the inner workings of identity and access management principles such as OAuth, OIDC, SAML, and SCIM.

• Experience designing and implementing identity and access control methodologies and policies (i.e. RBAC and ABAC)

• Security Controls Assessment Experience.

•  Extensive experience with Information Security solutions including DLP, NAC, SASE, NGFW, EDR, XDR, SIEM, IAM, IDPs

• Understanding of DevSecOps principles and practices.

• Experience leading security projects, collaborating with cross-functional teams, and driving security initiatives.

• Proven experience in incident response activities, including identifying and mitigating security incidents and conducting post-incident analysis.

• Threat Hunting, Vulnerability mgt., SIEM, Cloud Security

• Proficient in NIST, ISO 2700(2), CIS, SOC, CCM

Preferred Qualifications

• CyberArk EPM, Privilege Cloud

• CrowdStrike Falcon

• Identity Providers such as Okta, Entra ID, AWS Identity Center

• AWS Security Hub, AWS Inspector, GuardDuty

Why Talen Energy?

Power the Future

Talen Energy is one of the largest competitive energy and power generation companies in North America. We operate power plants that use diverse fuel sources in the most attractive wholesale power markets and sell energy to wholesale and retail customers in selected competitive markets. Our passion for excellence grows value through safe and efficient operations. We have an inclusive, diverse, respectful, and collaborative workplace, and a strong commitment to innovation, teamwork, and integrity. We generate energy for a brighter tomorrow.

Collaboration

Our passion for excellence grows value through safe and efficient operations. We have an inclusive, diverse, respectful, and collaborative workplace.

Talen Energy offers an exceptional benefits program to its employees. Benefits include comprehensive health, dental, vision, prescription plans, life insurance, and disability insurance.  In addition, employees are eligible to participate in Talen Energy’s 401(k) plan.  Talen Energy also provides competitive vacation and sick time to its employees.

Talen Energy is an equal opportunity, affirmative action employer dedicated to diversity and the strength it brings to the workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, sex, religion, national origin, veteran status, sexual orientation, genetic information, gender identity, disability, perceived disability or any other protected characteristic as may be defined by applicable law.

If you need assistance with the application process, please email us at [email protected]

Please be aware that Talen Energy requires extensive Nuclear Power Plant background security clearance.

#LI-EF1

Note: You will have an opportunity to add attachments to your application. Please use this opportunity to upload your resume, cover letter, and any relevant documents .