• Maintenance and operations of Entergy’s OT Tripwire and IP360 platform for configuration baseline monitoring, including but not limited to:
• Security policy creation
• Asset tagging and maintenance
• Configuring scanning settings
• Backend database maintenance
• Agent maintenance and triage
• Platform and agent updates
• Ensure OT cyber assets meet or exceed regulatory requirements and industry best practices
• For OT environments, responsible for ensuring security and compliance with relevant regulatory compliance requirements (e.g. North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP), etc. Including but not limited to:
• Configuration Baselines and monitoring
• Electronic Security Perimeters (ESP)
• Asset inventory and classification
• Commissioning new assets including substations, control centers, data centers
• Security monitoring, logging, and alerting
• Malware prevention and vulnerability management
• NERC CIP Transient Cyber Asset protections
• Security Patch Management
• Daily reconciliation of configuration baseline changes against change authorizations to detect unauthorized deviations.
• Level I triage of detected cybersecurity logging failures. Collaborate with asset owners/stakeholders regarding cyber assets that have failed logging.
• Maintenance of cyber asset inventory information for accuracy.
• Facilitate change management reviews, task completion, and evidence corresponding work.
• Monitor systems for non-compliance with standards and escalate to appropriate members of leadership.
• Support change management initiatives, security assessments and Change Advisory Board reviews
• Participate in disaster recovery planning, preparation, and testing.
• Support other departmental initiatives such as vulnerability assessments, penetration testing, internal assessments/tiger teams, or as stakeholders in other team’s capital projects
• Be an active member in preparation for audits
• Participate in audit interviews as directed by leadership
• Identify and Implement improvement opportunities including automation, tool configuration, and process changes.
• Support department projects, such as new hardware deployments, software upgrades, capability enhancements, etc.
• Expand services provided as directed by leadership.
• Other duties as required

Required Qualifications

• Bachelor’s degree in computer science, Information Systems, MIS or a related discipline or equivalent work experience.
• Minimum Years of Experience: 10+
• 8+ years of technical experience in data collection and analysis.
• 8+ years of experience in Cyber Security; preferred domains include Configuration Monitoring, Backup & Recovery, Change Management Oversight, Asset Reuse and Disposal, NERC CIP, NIST CSF, Security Controls planning and/or auditing, security monitoring and analysis.
• Hands-on expert experience with, and deep understanding of, Tripwire is required. Experience/knowledge of other configuration monitoring tools (e.g. Industrial Defender) is a plus.
• Excellent communication skills
• Expert knowledge of PC, presentation, word processing and analytical software
• Strong data collection and analysis skills
• Strong ability to work in cross-functional teams
• Strong problem-solving skills
• Strong organizational and time management skills
• Strong understanding of regulatory and compliance requirements; NERC CIP and/or SOX preferred
• Expert understanding of cyber security principles
• Strong skills and experience in cyber security technical competencies (e.g. security tools, processes, etc.)
• Continuous Improvement mindset. Can develop or propose automation and/or process improvements to improve efficiencies.
• Understanding of NERC CIP Standards
• Understanding of security impacts of other regulations (NRC 10 CFR 73.54, SOX, HIPAA, etc.)
• Knowledge of security, risk, and control frameworks, standards, and best practices such as ISO 27001 and 27002, SANS-CAG, ITIL, NIST CSF, NIST 800-53, C2M2, etc.)
• Understanding of multiple cyber security domains, such as:
• Asset, Change, and Configuration Management
• Threat and Vulnerability Management
• Risk Management
• Identity and Access Management
• Situational Awareness
• Incident Response and Continuity of Operations
• Third-Party Risk Management
• Cybersecurity Architecture
• Cybersecurity Program Management
• Understanding of SIEM, password management, security monitoring, vulnerability detection/management, and malicious software prevention technologies such as Splunk, Tripwire, Symantec, BeyondTrust, Dragos, Nessus, Qualys, etc.
• Knowledge of multiple OS and platforms (e.g. Windows, Linux, UNIX, Cisco iOS, Checkpoint GAIA, etc.)
• Understanding of current cyber security trends and best practices in technology, as well as monitoring best practices and tools
• Hands-on technical engineering and process management skills and the ability to advocate positive transformation within the broader information technology organization
• Knowledge with scripting languages such as Powershell or Python
• Ability to work effectively with team members and with customers
• Strong organizational and time management skills
• Commitment to customer service with strong oral and written communication skills
• Self-motivated, with ability to manage and follow-up on multiple tasks simultaneously.
• Capable of meeting deadlines

Preferred Qualifications

• Certification/License: Cybersecurity certification preferred (e.g. CISSP, CISA, CRISC, etc.)
• Experience with OT environments preferred.
• Experience working in an on-call team rotation preferred
• Experience working with outsourced teams

NA