SDG&E is an innovative San Diego-based energy company that provides clean, safe and reliable energy to better the lives of the people it serves in San Diego and southern Orange counties. The company is committed to creating a sustainable future by providing its electricity from renewable sources; modernizing natural gas pipelines; accelerating the adoption of electric vehicles; supporting numerous non-profit partners; and, investing in innovative technologies to ensure the reliable operation of the region’s infrastructure for generations to come. SDG&E is a subsidiary of Sempra Energy (NYSE: SRE).

Our highly trained and responsive employees with their diverse skills, talents and ideas are the reason we can deliver on our commitment and are building America’s best energy company. They are also the reason why we have been recognized with the industry’s most coveted awards. Our employees undertake challenging work and receive highly competitive compensation and benefits. As one of the region’s largest employers, we’re always searching for talented and bright people to join our team. After all, it takes the best to build the best. Learn more about benefits HERE.

Diversity and inclusion are core values of SDG&E. Empowering our employees to be their whole selves at work is our competitive advantage. This is where new ideas come from and meaningful collaboration gets an authentic start. By bringing together people with different perspectives, diverse backgrounds and real commitment to their own individuality, we have built a stronger business. Learn more about our commitment to diversity and inclusion HERE.

For more information, visit SDGEnews.com or connect with SDG&E on Twitter (@SDGE), Instagram (@SDGE) and Facebook.

Primary Purpose

The Domain Engineer III – Cybersecurity supports cybersecurity capabilities with emphasis on detecting and reducing risk within organization. Identifies and mitigates risks in technology systems. As a specialist in security techniques, provides visibility across enterprise technology landscape to identify, assess and recommend risk mitigation tasks.

Duties and Responsibilities

• Identifies enterprise-level cybersecurity threats and risks with teams monitoring operational tools in order to reduce risks and vulnerabilities to enterprise. Supports design and evaluating cybersecurity technology and technology tools according to delivery framework for business-critical functional areas, providing expertise and insight to mitigate cybersecurity risk and propose controls. Supports product teams with operational oversight and cybersecurity engineering consulting. Contributes to development of relevant applications and systems. Mitigates risk by integrating cybersecurity earlier in development lifecycle, embracing a continuous monitoring approach in parallel with product teams. Writes documentation for implementations of cybersecurity systems or technology, documenting process and contributing to reports on potential enhancements and proposed controls.
• Evaluates needed technical capabilities and assists in selection of cybersecurity technology (systems, platforms, or networks) with an emphasis on automation to enable strategic capabilities, including risk assessments and process reviews. A capability is a function or service primarily focused on setting enterprise standards or directions and/or running reliable business as usual operations (e.g. a cross-product team such as Quality Assurance or Compliance). Contributes to recommendations to mitigate identified risks. Consults with other teams to provide cybersecurity input regarding system, platform or network enhancements for greater risk mitigation. Partners with other engineers and architects to document cybersecurity impacts are meet performance needs. Provides insights for delivery teams to support adherence to operating company standards and policies.
• Performs analysis and assessment of cybersecurity related capabilities, ensuring adequate performance, risk assessment, and capacity management. Supports maintenance of cybersecurity systems and related technology tools.
• Delivers work in accordance with an agile mindset (a mentality supporting new ways of working emphasizing incremental delivery, value prioritization, often using scrum process). Assists in incremental value creation and business agility, adopting scrum or kanban methodologies as appropriate to their team. Kanban and scrum are frameworks used for organizing work in an agile way, focused on managing the flow of knowledge and operational work and driving continuous improvement for a team.
• Performs other duties as assigned (no more than 5% of duties).

Required Qualifications

• Bachelor’s Degree Information Systems, Software Engineering, Computer Science, related field or equivalent training and/or experience.
• 4 years – Progressive experience working within IT and/or enterprise cybersecurity with experience in cybersecurity process, risk assessments, and troubleshooting of systems.
• 2 years – Experience working with cybersecurity and technology, with experience in endpoint security, network security, risk management, and/or application security. Significant experience performing vulnerability assessments and/or remediating security vulnerabilities, and developing security capabilities.
• Cybersecurity Acumen – Knowledge of cybersecurity design and architecture (application, data, and technical) with understanding of how systems and processes work together as aligned to business and IT imperatives.
• Cybersecurity Engineering – Ability to deliver holistic support to secure systems, identifying threats and vulnerabilities in systems and applications, creating security applications and solutions, designing for resiliency and security to enhance security capabilities protecting data from theft, compromise or attack.
• Cybersecurity Risk Assessment – Ability to evaluate existing systems and solutions for security risk and vulnerabilities, designing solutions and systems that provide quality and traceability of risk data and analytics to inform security recommendations.
• Application Security – Ability to define and operate secure application programs, as well as perform security reviews and tests of applications to meet security and compliance requirements while minimizing the risks of losses through exploitable security defects in applications.
• Vulnerability Management – Ability to perform security reviews and tests to meet security and compliance requirements while effectively minimizing the risks of losses through exploitable security vulnerability.
• DevSecOps Practices – Strong understanding of automation and security concepts and processes (e.g., test automation, code coverage, DevSecOps, Continuous Integration / Continuous Delivery (CI/CD) pipelines, etc.), and ability to drive the integration of development, operations, and security into enterprise software development.
• Identity and Access Management – Knowledge related to design and delivery of solutions for establishing user, applications and device credentials and processes for applying those credentials to access enterprise systems and applications.
• Network Security Skills – Ability to deliver network security services through preventing unauthorized access to network resources (data and voice systems), managing network security related incidents and providing on-going services to maintain network security operations functions (firewall, DNZ, corporate LANs, etc.).
• Development Languages – Knowledge and understanding of one or more IT programming languages and database architectures, and ability to write code and develop applications using those languages.
• Must reside in Southern California or be willing to relocate upon hire.
• We offer a hybrid work environment. Although the schedule may vary, typically this will allow you to work from the office two to three days per week and work remotely on the remaining workdays.

Preferred Qualifications

• 4 years – Experience with National Institute of Standards and Technology (NIIST) Cybersecurity Framework (CSF) or Risk Management Framework (RMF) such NIST 800-53.
• 2 years – Experience with hands-on development and programming of software and systems.
• CompTIA Security+, Global Information Assurance Certification (GIAC) or GIAC Security Essentials (GSEC).
• Software Delivery Frameworks – Strong knowledge of delivery frameworks such as Agile Scrum, Kanban, and/or Software Development Lifecycle (SDLC); proven ability executing projects in a collaborative, fast paced environment.
• IT Service Management – Ability to manage IT services lifecycle (service strategy, design, transition, operation, continuous service improvement) and use DevOps methodology and tools to analyze results.

May require work outside of normal business hours and/or 24/7 response availability for system and application maintenance, enhancements, production releases and/or operational emergencies.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability or protected veteran status.

Note: SDG&E strives to ensure that employees are paid equitably and competitively. Starting salaries may vary based on factors such as relevant experience, qualifications, and education.

 SDG&E offers a competitive total rewards package that goes beyond base salary. This position is eligible for an annual performance-based incentive (bonus) as well as other merit-based recognition. Company benefits include health and welfare (medical, dental, vision), employer contributions to retirement benefits, life insurance, paid time off, as well as other company offerings such as tuition reimbursement, paid parental leave, and employee assistance programs.