Information Security Analyst & Engineer

Information Security Analyst and Engineer

Job Purpose

The Information Security Analyst and Engineer, a critical role at BETM, monitors and analyzes security information, assists with compliance, engineers and supports security solutions, and supports the maturation and improvement of information security program at BETM. The position enables secure & resilient operations to facilitate business growth across our energy management & power trading platforms. The candidate will interface with consultants, managed service providers (MSPs), and internal team members to realize a vision for a highly effective security strategy. This role reports directly to the Director of Information Security.

In addition to the core security responsibilities , the Information Security Analyst and Engineer will also support the Infrastructure team with basic system administration items and help desk duties.

Key Responsibilities

- Develop and implement processes and technologies to create a highly effective security program to protect our business platform

- Monitor the organization’s information security systems and analyze alerts, logs and reports

- Analyze vulnerability reports and track remediation of vulnerabilities across systems and teams

- Provide metrics to assess the effectiveness of the Information Security program

- Support security training and awareness initiatives, including phishing campaigns and in-person security training

- Research the latest/emerging IT security trends and technologies

- Stay abreast of current attack techniques and assist with the mitigation of these emerging threats through proactive protection and monitoring

- Participate in the design of security architectures across all application & infrastructure solutions

- Support risk assessments (internal, external, vendor, technology) and information security audits

- Analyze penetration test results and track remediation of findings

- Contribute to security roadmaps and maturity assessments to drive continuous improvement

- Safeguard company's information technology assets, intellectual property and computer systems by recommending best practices and technologies as appropriate

- Participate in incident response planning, investigation of security incidents and assist with security compliance matters

- Continually work to enhance the company’s data loss prevention technologies and processes.

- Respond rapidly to all security incidents, conduct root cause assessments, and recommend solutions to mitigate repeat offenses.

- Support business continuity & disaster planning, testing and recovery efforts

- Validate security solutions provided by MSPs to ensure they are functioning properly and align with internal standards

- Develop and use automation to increase efficiency and effectiveness where appropriate

- Understand and improve Information Security policies and assist with the compliance of such policies.

Required Qualification

- B.S. in Computer Science, Information Security or related technical discipline.

- 3 - 5 years of experience in the IT security sector, with hands-on experience implementing security initiatives and analyzing security information

- Be proficient with EDR or SIEM solutions in terms of configuration and investigations

- Competent in various security technologies including firewalls, email gateways, Internet filters, and VPNs

- Must have a strong background in network security and related areas/protocols

- Understand basic operating system, network, and application security concepts

- Familiarity with the NIST Cyber Security Framework

- Working knowledge of network & data center operations

- Experience with Hybrid cloud, public cloud (Azure preferred) and SaaS environments

- Strong analytical and problem-solving skills

- Excellent communications skills and attention to detail

- Strong debugging and troubleshooting skills

- Willingness to learn new skills/technologies and ability to work collaboratively

Preferred Qualifications

- Knowledge or experience working in energy or financial services sectors

- Familiarity with NERC CIP, SOX or other regulatory compliance frameworks

- CISSP or other CompTIA or GIAC certifications

- Experience working in Agile environments and DevSecOps practices

- Familiarity with PowerShell and/or Python