Cybersecurity Engineer I II III

We are seeking a Cybersecurity Engineer to expand our versatile and growing cybersecurity team in a local mid-size enterprise environment. This role is ideal for someone who enjoys hands-on technical work, close collaboration with coworkers, and opportunities to learn new technologies.

You will work across a wide range of security engineering areas, including cloud identity, endpoint detection, incident response, log collection and SIEM, security tooling administration, detection engineering, and system integrations. No two days are the same, and you’ll have the autonomy to make meaningful decisions that positively impact both the security program and the cooperative.

We are looking for someone who approaches cybersecurity as a position of trust and understands the responsibilities that come with protecting an electric utility's systems and data.

The ideal candidate demonstrates sound judgment, composure under pressure, accountability, curiosity, and enthusiasm for learning and trying new things. You should have experience in cybersecurity engineering, threat hunting, or security analysis with a strong technical skill set. Candidates with a systems administration background who have had direct cybersecurity or incident response responsibilities are also encouraged to apply.

Position Purpose and Objectives:

The Cybersecurity Engineer is responsible for engineering the resilience and security of United Power’s IT environment. This position proactively anticipates and addresses cybersecurity risks by designing and maintaining robust security architectures. By ensuring the continuous operation and trustworthiness of essential services, this role directly and tangibly impacts the cooperative’s mission and the communities it serves.

Reporting to the Director of Cybersecurity, this position delivers comprehensive defensive services and is structured as a multi-level position, designed to recognize professional growth and technical mastery, allowing incumbents to advance in title and responsibility as their proficiency evolves.

This is a hybrid position, eligible to work remotely, subject to the United Power hybrid work agreement. On-site work may require the incumbent to report to any United Power location with little notice, depending on business needs and projects.

Essential Functions and Responsibilities:

Identity & Security Control Engineering

· Engineer and administer Microsoft Entra ID configurations, specifically managing conditional access policies, authentication strengths, access reviews, and application integrations to support an always-verify, least-privilege identity architecture.

· Optimize the Endpoint Detection and Response (EDR) platform by tuning prevention policies, managing updates, and refining and enhancing telemetry to reduce the attack surface.

· Architect and maintain email defense gateways and authentication protocols (SPF, DKIM, DMARC) to neutralize phishing, business email compromise (BEC), and malware delivery vectors.

· Manage the complete lifecycle of digital user certificates by validating employee identities, issuing, renewing, and revoking credentials, and troubleshooting user certificate-related issues.

Security Operations & Incident Response

· Acts as a primary technical responder for security incidents; triages alerts, collects evidence, contains threats, and coordinates remediation efforts across IT and OT teams.

· Serve as the technical escalation resource for complex cases handed off by the service desk or cybersecurity analysts, analyzing and resolving issues that cannot be addressed through standard procedures.

· Provide backup coverage for daily monitoring and triage duties during cybersecurity analyst absences.

· Participate in a rotating on-call schedule to provide 24x7 technical support coverage for critical security incidents and system issues.

Detection Engineering & Automation

· Maintain and tune the Security Information and Event Management (SIEM) platform, ensuring centralized log collection, correlation logic, and alert fidelity are continuously improved.

· Develop and maintain automated integration pipelines between security tools, enabling rapid data sharing and automated response actions to reduce time to remediate.

· Develop and maintain the IT log collection strategy, ensuring that the right data is captured, well-documented, and optimized for forensic value, storage efficiency, and system performance.

· Maintain a situational awareness of cybersecurity risk by reviewing vulnerability and threat intelligence reports.

Continuous Improvement

· Assist in the execution and remediation of vulnerability assessments, control reviews, and penetration tests.

· Participate in exercises to identify gaps and own updates to incident response processes and playbooks based on lessons learned.

· Mentor IT/OT staff and junior security team members on safe computing practices and the effective use of security tools.

· Cybersecurity is a field with consistent change, so at least five percent (5%) of an incumbent’s time will be spent on self-study to increase and maintain knowledge in the field.

· Maintain and follow standards, data governance, change management procedures, and other procedures that deliver a secure and stable environment.

Additional Responsibilities for Cybersecurity Engineer III

· Design and execute hypothesis-based threat hunts to proactively identify adversaries that may have evaded automated detection controls.

· Partner in the strategic design of cybersecurity roadmaps, evaluating emerging technologies, and defining the long-term security architecture for the cooperative.

· Acts as the alternate incident investigation lead during severe security incidents, leads investigative efforts, and functions as an authorized liaison to external incident response teams.

· Design and conduct tabletop exercises to validate defenses.

· Support the technical evaluation of third-party vendors by defining security requirements for new partnerships and contributing to compliance reviews of existing vendors.

· Creates, expands, and maintains professional and productive working relationships with peers and stakeholders. Works collaboratively with colleagues and fosters a spirit of cooperation and inclusion in the workplace.

· Performs other such duties as may be requested or assigned to fulfill the needs of United Power in the interest of good management practice.

Progression and Proficiency:

The Cybersecurity Engineer class series consists of three positions: Cybersecurity Engineer I, II, & III. Positions in the Cybersecurity Engineer class series are flexibly staffed and based on demonstrating proficiency across the core skills and technology areas.

Expected Proficiency Mapping:

· Engineer I: Primarily operates at the Practitioner level (building mastery).

· Engineer II: Primarily operates at the Journey level (autonomous and mentoring).

· Engineer III: Primarily operates at the Expert level (strategic and innovative).

Proficiency levels are defined as:

Novice

· Possess a basic understanding of tasks in this sphere and can perform them with some or no support in a relatively low-pressure environment.

Practitioner

· Demonstrates an advanced understanding of issues and topics in this sphere.

· Able to operate effectively under time constraints and pressure, with minimal or no assistance.

· Implement strategies and tactics to achieve goals and can adapt and improvise when necessary.

Journey

· Capable of operating effectively in conditions of uncertainty and stress.

· Willing and able to improve the skills of Novices when requested.

· Able to evaluate and implement new ideas proposed by Practitioners.

· Contributes to the development of best practices and standards within the sphere.

Expert

· Able to perform complex tasks in conditions of high uncertainty, stress, and conflict, within tight timeframes and with minimal or no mentorship.

· Demonstrates strong collaborative leadership skills and can effectively lead small teams.

· Innovates and introduces new ways of working, organizing, and teaching, and actively shares knowledge with those who are willing to learn.

· Recognized as a thought leader and expert within the organization for topics in this sphere.

Core Skills and Required Knowledge:

Professional Competencies & Cultural Alignment

· Our Values: Demonstrate and champion our valued behaviors: Be generous, be accountable and reliable, have integrity, create connections, inspire confidence in people and solutions, be curious, and strive for excellence.

· Security Frameworks: In-depth working knowledge of CIS Controls, NISC CSF, and DOE C2M2. These are the foundational pillars of our cybersecurity program, and the Engineer must be able to map technical controls back to these standards.

· Systems Thinking: Demonstrated understanding of complex integrated systems, with the ability to visualize architectures and downstream impacts of security changes.

· Communications: Exceptional written and verbal communication skills, specifically the ability to translate technical risk into business language for non-technical stakeholders.

· Collaboration & Growth: A self-starter with a demonstrated aptitude for continuous learning. Must be able to work independently on complex engineering tasks while maintaining deep collaboration with the broader IT team.

Analytical & Investigative Skills

· Threat Analysis: Ability to deeply understand data telemetry (logs, flows, headers) to accurately distinguish between benign anomalies and malicious activity.

· Network Forensics: Demonstrated knowledge of TCP/IP networking and traffic analysis, with the ability to interpret packet captures during incident investigations.

· Impact Awareness: Ability to apply sound judgment to business priorities, risk, and operational impact to ensure security decisions support the organization’s ability to function effectively.

Technical Focus Areas

· Security Control Engineering & Administration

o Concept: Security capabilities rely on resilient, well-engineered, and maintained controls.

o Key Skills: System health monitoring, change and patch management, vendor management, system hardening, and end-user security awareness.

· Identity & Access Management:

o Concept: Establishing visibility and secure access through an identity-driven approach and authentication controls.

o Key Skills: Microsoft Entra ID, Conditional Access Policies, MFA/FIDO2, SSO (OAuth/SAML), PKI Lifecycle, and Kerberos.

· Security Operations & Incident Response

o Concept: Applying informed analysis and decisive action to contain and mitigate security threats.

o Key skills: Environment baseline analysis, incident response frameworks, incident triage, indicator identification, evidence collection and handling, containment execution, and operation of EDR and SIEM platforms.

· Detection Engineering & Automation

o Concept: Establishing visibility and maintaining high-fidelity detection logic and integrations.

o Key Skills: EDR/XDR platform management, KQL (Kusto Query Language), RegEx, YARA/SIGMA rule creation, protocol analysis, forensic tools (Wireshark, Snort, etc.), scripting, and automation.

· Email Security:

o Concept: Defending the organization’s most targeted attack vector.

o Key Skills: Secure Email Gateways (SEG), Protocol Enforcement (SPF, DKIM, DMARC), and deep-dive header analysis for phishing investigations.

· SIEM & Log Collection:

o Concept: Centralizing telemetry to drive high-fidelity alerts and correlation.

o Key Skills: SIEM architecture, log shipping/parsing, threat intelligence integration, and event correlation logic.

Supervision Received and Exercised:

Receives both general and specific guidance and direction from the Cybersecurity Director, the Chief Information Officer, or the IT project managers.

Education, Training, and Experience:

· Education: Bachelor’s degree in computer science, cybersecurity, information systems, or a closely related field.

· Equivalency: A combination of training and progressively responsible experience that results in the required specialized knowledge and abilities that may be substituted for the degree requirements.

· Foundational Background: Demonstrated history of investigating and analyzing alerts and threats for anomalous, suspicious, or malicious activity across endpoint, cloud, or identity domains.

Relevant advanced certifications consistent with the job classification are highly preferred. Examples include, but are not limited to:

· CompTIA SecurityX (formerly CASP+)

· GIAC Certified Detection Analyst (GCDA)

· GIAC Certified Forensic Analyst (GCFA)

· GIAC Certified Incident Handler (GCIH)

· GIAC Cloud Threat Detection (GCTD)

· GIAC Defensible Security Architect (GDSA)

· ISC2 Certified Information Systems Security Professional (CISSP)

· ISC2 Information Systems Security Architecture Professional (ISSAP)

· Microsoft Azure Security Engineer Associate (AZ-500)

· Microsoft Cybersecurity Architect Expert (SC-100)

· Microsoft Identity and Access Administrator Associate (SC-300)

Cybersecurity Engineer I

· Experience: Minimum of two (2) years of relevant work history in roles such as Cybersecurity Analyst, Threat Hunter, or IT Administrator/Engineer with significant security responsibilities.

Cybersecurity Engineer II

· Experience: Minimum of four (4) years of advanced, hands-on cybersecurity engineering experience.

· Forensic Proficiency: Demonstrated experience with digital forensics or a forensic-level understanding of:

o Endpoint: OS internals, registry analysis, file systems, and memory dump analysis.

o Network: Packet capture and deep-dive traffic analysis.

o Cloud: Investigating SaaS/IaaS environments and virtual machine telemetry.

Cybersecurity Engineer III

· Experience: Minimum of eight (8) years of advanced, hands-on cybersecurity engineering experience.

· Strategic Capability: Demonstrated experience in security architecture and design, including the ability to lead complex projects and define long-term technical roadmaps.

· Advanced Operations: Proven ability to lead hypothesis-based threat hunting campaigns and design/facilitate cybersecurity tabletop exercises.

· Forensic Mastery: Expert-level understanding of the forensic domains listed in level II, with the ability to lead major incident investigations.

Discretion/Latitude:

Works independently and collaboratively on the Cybersecurity team. Day-to-day work is largely self-initiated, driven by detection alerts, Service Desk escalations, and strategic priorities established by the Cybersecurity Director or CIO. This position requires judgement to balance security rigor with operational uptime.

Level I/II: Operational Autonomy

· Organizes and drives daily activities based on specific objectives and established procedures.

· Exercises discretion in resolving standard security incidents and configuring systems within defined guardrails.

· Escalates complex or high-risk decisions to senior leadership but is expected to propose solutions alongside the escalation.

Level III: Strategic Autonomy

· Operates with significant latitude, organizing work around broad strategic goals and effectively managing multiple priorities with minimal direct supervision.

· Empowered to make critical decisions during security incidents without immediate approval when necessary to contain threats.

· Influences the technical standards for the team and provides expert validation and mentorship on root cause analysis and complex configuration changes proposed by colleagues.

Impact:

Ensuring the confidentiality, integrity, and availability of the IT environment is essential to a positive, productive experience for end users and members. This position plays a vital role in safeguarding United Power’s technology assets, protecting sensitive information, and ensuring access to critical infrastructure. It is critical to the organization’s ability to securely deliver services to its members.

Liaison:

Collaborates extensively with all internal departments, with a specific focus on deep technical partnerships with IT Operations and OT/SCADA teams to embed security controls into the infrastructure. Externally, this position manages relationships with cybersecurity vendors and service providers, ensuring that third-party deliverables meet United Power’s security requirements. At higher proficiency levels (II/III), this role assumes ownership of vendor strategy and serves as a technical advisor to business leadership on risk decisions.

Essential Physical & Mental Requirements:

· The majority of time requires sitting, bending at the neck, waist, legs, and arms; twisting the body; and changing positions at will. Occasional driving, standing, walking, stooping, bending, kneeling, reaching, and stooping.

· Lift and carry between five and forty pounds (5-40lbs.) frequently and push/pull up to one-hundred pounds (100lbs.) occasionally.

· Requires repetitive motions with hands and fingers such as keyboarding, use of telephones, cell phones, etc.

· Requires close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to focus.

· Noise level in the work environment is moderate. Work requires close attention to detail and accuracy and is varied, with regular interruptions. Work is subject to irregular hours.

Working Conditions:

Work is performed in an office-setting ninety-five percent (95%) of the time. Five percent (5%) of the time, work may involve a support role outdoors, in a warehouse, or in a maintenance environment (dust, uneven surfaces, and all types of weather and temperature variations).

Department: Information Services FLSA Status: Exempt Grade: I/II/III: 19/20/21 Updated: January 2026

NOTE: This position description is not intended to be all-inclusive; an employee will also perform other job responsibilities as assigned by the immediate supervisor or management.

Management reserves the right to change position descriptions, specifications, or work schedules to accommodate individuals with disabilities or as needed.

This position description does not constitute a written or implied contract of employment.

In addition to a competitive salary, we offer a generous benefits package that includes an employee retirement plan, 401K with match, paid holidays, vacation & sick leave, medical, dental, vision, short-term disability, long-term disability, and life insurance. For a full list of benefits, please visit our careers page at https://www.unitedpower.com/careers.

We are interested in every qualified candidate who is eligible to work in the United States. However, this position is not eligible for visa sponsorship.

United Power is an Equal Employment Opportunity Employer. United Power prohibits discrimination against applicants or employees on the basis of age 40 and over, race, gender identity, sex, sexual orientation, color, religion, military or veteran status, national origin, disability, genetic information or any other applicable status protected by state or local law.

Job Type: Full-time

Pay: $97,700.00 - $143,185.00 per year

Benefits:

- 401(k) matching

- Dental insurance

- Health insurance

- Health savings account

- Paid time off

- Retirement plan

- Tuition reimbursement

- Vision insurance

Work Location: Hybrid remote in Brighton, CO 80603