The California Independent System Operator (ISO) manages the flow of electricity across the high-voltage, long-distance power lines that make up 80 percent of California's power grid. We safeguard the economy and well-being of 30 million Californians by operating the grid reliably 24/7.

As the impartial grid operator, the California ISO opens access to the wholesale power market that is designed to diversify resources and lower prices. It also grants equal access to 25,865 circuit-miles of power lines and reduces barriers to diverse resources competing to bring power to customers.

The California ISO's function is often compared to that of air traffic controllers. It would be grossly unfair for air traffic controllers to represent one airline and profit from allowing that company's planes to go through before others. In the same way, the California ISO operates independently—managing the electron traffic on a power grid we do not own—making sure electricity is safely delivered to utilities and consumers on time and reliably.

The California ISO is committed to the health, safety, and work/life integration of it employees and is proud to offer flexible work arrangements. This position would be eligible to participate in a hybrid remote schedule (3 days in our beautiful Folsom campus, 2 days working from home). Relocation assistance is available.

Under the general direction of the Manager, responsible for the implementation and operation of Information Security Infrastructure, Perimeter and continuous security monitoring solutions. Designs, documents, and tests solutions in the Information Security Infrastructure space.

What You Will Be Doing:

• Leads the analysis, design and programming activity for implementation of Information Security Infrastructure solutions.
• Develops, maintains, supports and optimizes information security infrastructure for key functional areas including, but not limited to, network infrastructure, server infrastructure, data communications, and telecommunications systems.
• Prepares for and participates in threat hunting and security incident response activities.  This includes working with ISO support teams to develop response readiness.
• Collaborates with customers, subject matter experts, architects, development team, implementation support and production support staff to define technical specifications, solution scope and objectives.
• Identifies and evaluates complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
• Supports the architect team in the design of Information Security Infrastructure solutions through client requirements specification, solution design and product selection.
• Creates and maintains relevant security policies, processes, and procedures.
• Continuous monitoring/review and reporting of security posture and improvement recommendations.

Level of Education and Discipline:

• A Bachelor's degree (BA, BS) or equivalent education, training or experience in Computer Science, Engineering, or related technical field. 
• Master Degree preferred.

Amount of Experience:

Equivalent years of education and training, plus five (5) or more years related experience.

Certifications:

DoD8570 IAT Level3 baseline or equivalent professional certifications required (ie CISSP or CISA)

Network certifications (CCNP) and Giac GWAPT, GCIH, GCIA or equivalent certifications desired.

Type of Experience

• Experience in an Information Security corporate environment with Information Security Infrastructure. 
• Experience with network infrastructure, system administration, network and application security concepts. 
• Various types of testing (i.e., unit/functional testing, system integration testing, user acceptance testing, performance testing, vulnerability testing, etc.). 
• Proven expertise in least privilege access and defense in depth principles. 
• Experience administering and troubleshooting UNIX/Linux and Windows Operating Systems.
• Solid knowledge and experience in IT Architecture, Firewalls, Intrusion Detection/Prevention Systems (IDS/IPS), Web Application Firewalls (WAF), load balancers, web content filtering, next generation and network based anti-malware detection and threat prevention solutions, security incident and event management (SIEM) solutions, threat hunting, incident response, and data loss prevention (DLP) solutions. 
• Prior experience with regulatory oversight (ie NERC/CIP) desired.

Additional skills and abilities:

• Must be able to work effectively in a team environment as facilitator and team member. 
• Excellent analytical, verbal and written communication and documentation skills required, with a demonstrated attention to detail. 
• Excellent planning and organizational skills. 
• Ability to use deductive reasoning and analytical thinking with sound judgment and decision-making skills. 
• Strong interpersonal and conflict resolution skills are also essential. 
• Must be self-starting and willing and able to work independently in a dynamic corporate organization under pressure of tight deadlines and aggressive expectations. 
• Self-motivated, problem solving skills and the ability to influence others without direct authority. 

All your information will be kept confidential according to EEO guidelines.