Application Security Engineering, Cybersecurity Specialist

tools.

• Provide technical cybersecurity domain expertise with respect to secure coding practices and application design.

• Perform security assessments of software applications to identify vulnerabilities and weaknesses.

• Develop and maintain threat models to identify and mitigate potential security risks.

• Conduct code reviews to identify security flaws and recommend remediation strategies.

• Work closely with development teams to integrate security best practices early into the software development lifecycle to ensure applications are secure by design.

• Collaborate with multi-functional teams to define security requirements and ensure compliance with industry standards and regulations.

• Provide security guidance and training to development teams on secure coding practices and techniques.

• Stay informed about the latest cybersecurity threats, trends, and technologies to continuously improve security measures.

• Participate in security architecture reviews and provide recommendations for enhancing the security of applications and infrastructure.

• Participate in security incident response activities, helping to identify, contain, and remediate security incidents.

As an Application Security Engineering, Cybersecurity Specialist, your work will help power our planet, reduce carbon emissions and create cleaner air for everyone. Are you ready to take on the challenge to help us build the future?

Responsibilities

• Investigates and responds to security alerts including on-call rotation

• Supports the development, design, logistics, and facilitation of internal and external cybersecurity exercises

• Steers the analysis of network traffic and system data to identify anomalous activity and potential threats to resources

• Delivers cyber incident triage including identifying the specific vulnerability and making recommendations which enable expeditious remediation

• Conducts vulnerability research activities, gathers information on new and emerging threats and vulnerabilities

• Reports on and suggests solutions for damage to the data and infrastructure as a result of cyber incidents

• Supports the strategic development of Cyber Security Programs ensuring alignment with the cyber security strategy and develops and improves cyber security procedures owned by the team

• Manages cyber incident trend analysis and reporting

• Creates and maintains high quality documentation related to IT processes including flow charts and data flow diagrams

• Maintains the cybersecurity post-incident after action tracking process

• A material job duty of all positions within the Company is ensuring the protection of all its physical, financial and cybersecurity assets, and properly accessing and managing private customer data, proprietary information, confidential medical records, and other types of highly sensitive information and data with the highest standards of conduct and integrity.

Minimum Qualifications

• Three or more years of experience in information technology, information security and/or cybersecurity.

• US Citizenship Required.

Preferred Qualifications

• Bachelor's degree or higher in Computer Science, Information Technology, or related field.

• One or more years of experience in Cybersecurity.

• One or more years of experience programming and/or scripting.

• Experience in application security, including conducting security assessments, code reviews, and implementing security controls.

• Experience and understanding of secure software development practices, including knowledge of common vulnerabilities such as OWASP Top 10, Verification frameworks such as OWASP ASVS, and Software maturity models such as OWASP SAMM.

• Experience with web application firewalls, penetration testing tools, vulnerability scanning tools, application analysis tools (SCA, SAST, DAST, etc.), and threat assessment tools.

• Experience and proficiency in programming/scripting languages such as JavaScript, Java, Python, PowerShell, Bash and C#, with the ability to analyze and debug code for security issues.

• Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), Certified Secure Software Lifecycle Professional (CSSLP), Certified Application Security Engineer (CASE), Certified Application Security Professional (CASP+), Offensive Security Certified Professional (OSCP), Certified Web Application Defender (GWEB) and/or any other relevant certifications.

• Experience with secure coding standards such as CWE/SANS Top 25.

• Experience and working knowledge of cloud security principles and cloud platforms such as AWS, Azure, and GCP.

• Experience with Development tooling: IDEs, CI/CD pipelines, Version Control, Ticketing systems.

• Understanding of basic communications protocols and networking.

• Experience and working knowledge of containers and container platforms.

• Superb communication and collaboration skills, with the ability to work effectively with multi-functional teams.

• Strong analytical and problem-solving abilities, with a keen attention to detail.

Additional Information

• This position's work mode is hybrid. The employee will report to an SCE facility for a set number of days with the option to work remotely on the remaining days.u202f Unless otherwise noted, employees are required to work and reside in the state of California.u202f Further details of this work mode will be discussed at the interview stage. The work mode can be changed based on business needs.

• The primary work location for this position is Rosemead, CA. However, the successful candidate may also be asked to work for an extended amount of time in the field throughout the SCE service territory.

• Position will require up to 5-10% traveling between alternate SCE location sites.

• This position has been identified as a NERC/CIP impacted position - Prior to being hired, the successful candidate must pass a Personnel Risk Assessment (PRA) or Background Investigation. Once hired, the candidate must complete specified training prior to gaining un-escorted access to assigned work location and performing necessary job duties.

• US Citizenship required as part of Critical Infrastructure security protocols.

• Relocation does not apply to this position.

About Southern California Edison

The people at SCE don't just keep the lights on. Our mission is so much bigger. We're fueling the kind of innovation that's changing an entire industry, and quite possibly the planet. Join us and create a future with cleaner energy, while providing our customers with the safety and reliability they demand. At SCE, you'll have a chance to grow personally and professionally, making a real impact in Southern California and around the world.

Southern California Edison is a proud Equal Opportunity Employer, including disability and protected veteran status.

We are committed to ensuring that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodations at (833) 343-0727.