PSEG

Manager, Vulnerability Management and Application Security

Bethpage, New YorkFull-time
About the Job
We’re one of the country’s largest energy companies, with a vision of powering a future where people use energy more efficiently and it’s safer and delivered more reliably than ever. We’re also deeply connected to the communities we serve, with more than 13,000 employees working together to support our customers and make a difference every day.
Here, you’ll have the stability and exciting opportunities that come with being a Fortune 500 company — along with a supportive, friendly work environment where your contributions are valued. We know life isn’t one-size-fits-all, and neither is work. That’s why we offer flexible work options depending on the role. 
In support of this model, roles have been categorized into one of three work location categories:
Onsite – roles where employees are expected to be onsite daily.
Hybrid fixed – roles that are a mix of remote work and onsite work fixed days each week.
Hybrid flexible – roles that are a mix of remote work and onsite work, but the onsite requirements have greater flexibility. (i.e. 5-8 days a month vs. set days each week).
As an employee, if you are regularly scheduled to work 20 or more hours per week, you will have access to a wide range of comprehensive benefits designed to support your total well-being: medical, dental, vision, paternal leave and family leave programs, behavioral health programs, 401(k) with company match, life insurance, tuition reimbursement, and generous paid time off.
More than 13,000 people already call PSEG their work home, taking pride in providing safe, reliable service to millions of customers. If you’re looking for a place where you can build a meaningful career and help power and support our communities, we’d love to welcome you to the team.
PSEG is not offering visa sponsorship for this posit

Job Summary:
This position leads Information Security staff in the evaluation of risks and threats, development, implementation, communication, operation, monitoring and maintenance of the IT security policies and procedures to promote secure and uninterrupted operation of all IT systems, applications and infrastructure. In this role, you will be responsible for proactively identifying, prioritizing, and tracking security vulnerabilities across the PSEG’s network and systems. You will also be responsible for conducting security assessments, running penetration tests, review Cyber threat intelligence and providing relevant data to parties to action upon. This role will perform red team exercises mimicking adversary practices while leveraging similar tools and techniques. To be successful in this role you must have a broad understanding of information security and experience in application security, DevSecOps (Development, Security, and Operations) vulnerability management, and cyber exploitation techniques in an evolving artificial intelligence driven world. You must also possess excellent problem-solving and communication skills and proven people management experience.

Job Responsibilities:
  • Cyber Assessment & Vulnerability Management lead is responsible for the overall lifecycle of the Cyber Assessment & Vulnerability Management program.
  • Inform, advise, and partner with IT, Security, and other business units to help better secure their operations. Identify gaps in current processes, workflows, and design and recommend changes or enhancements as needed.
  • Participate in Change Management Process, from early Assessment of proposed changes/enhancements, through Vulnerability scanning and recommended remediation before go-live.
  • Participate in incident response activities as needed. Ensure cross-company processes around threat & vulnerability management are adhered to. This includes tracking SLAs, discovery, and handling of any finding. Maintain situational awareness, identification, tracking, and ensuring action on industry news related to software vulnerabilities, including zero-day vulnerabilities and emergency patching.
  • Implement and operationalize advanced Vulnerability Management reporting tools. Design, develop and operationalize Vulnerability Management metrics. Design and Implement advanced Vulnerability dashboards. Evaluate performance, perform career development, coaching and counseling and manage compensation for Cyber assessment staff.
  • Responsible for conducting security assessments & penetration tests. Review Cyber threat intelligence and ensures and provide relevant data to parties within the Cyber Assessment & Vulnerability management teams to action upon. Oversee regular red team exercises to proactively emulate attackers TTP and report back findings so security engineering and operations can improve their defenses.
  • Create, perform tabletop exercises exercising mimicking adversary practices testing PSEG LI’s ability to respond to cyber incidents.

Job Specific Qualifications:
  • Bachelor's degree and 8 years of relevant cyber security experience
    • Candidates without a degree, will need 12 years of cyber experience.
  • Experience within vulnerability/compliance management, penetration testing, and/or threat hunting.
  • Ability to present to all levels of management and executive leadership.
  • Excellent teamwork, facilitation, relationship building, and negotiation skills.
  • Able to maintain positive working relationships both leading and as part of a team.
  • Effective time management skills and able to multi-task effectively.
  • Able to communicate effectively with both technical and non-technical individuals.
  • Compliance with the Department of Energy's regulation 10 CFR 810 is required.

Desired:
  • Certified Information Systems Security Professional (CISSP), or equivalent.