Expert Penetration Tester
Concord, CA

Job Description

Requisition ID # 17571

Job Category : Information Technology

Job Level : Individual Contributor

Business Unit: Gas Operations

Job Location : Concord

Company

Based in San Francisco, Pacific Gas and Electric Company, a subsidiary of PG&E Corporation (NYSE:PCG), is one of the largest combined natural gas and electric utilities in the United States.And we deliver some of the nation's cleanest energy to our customers in Northern and Central California. For PG&E, Together, Building a Better California is not just a slogan.It's the very core of our mission and the scale by which we measure our success. We know that the nearly 16 million people who do business with our company count on our more than 24,000 employees for far more than the delivery of utility services.They, along with every citizen of the state we call home, also expect PG&E to help improve their quality of life, the economic vitality of their communities, and the prospect for a better future fueled by clean, safe, reliable and affordable energy.

Pacific Gas and Electric Company is an Affirmative Action and Equal Employment Opportunity employer that actively pursues and hires a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color,national origin, ancestry, sex, age, religion, physical or mental disability status, medical condition, protected veteran status, marital status, pregnancy, sexual orientation, gender, gender identity, gender expression, genetic informationor any other factor that is not related to the job.

Department Overview

The Cybersecurity function is led by PG&E's Vice President - Chief Security Officer and is responsible for cybersecurity and risk management across the organization.

The Security Intelligence and Operations Center (SIOC) is responsible for ensuring that PG&E proactively identifies and assesses threats to its user and operational network and data, monitors its network for malicious activity, investigates intrusions and other relevant events, and has a sophisticated and detailed understanding of the evolving threat landscape.

Position Summary

The Penetration Tester, Expert will be responsible for the assessment, verification, review, and audit of security/privacy controls and overall security/privacy stance across the Pacific Gas and Electric Company enterprise. The successful candidate will execute and support assessments, audits, tests, and verification activities for the service areas under Pacific Gas and Electric Company's Security Intelligence and Operations Center (SIOC). This position will create and maintain SIOC testing infrastructure, correlation tools, documentation, and training.

The work schedule is Monday - Friday, regular day shift hours (7am - 9am start, 8 hour day with 30 minutes for lunch).

The work location is in Concord, CA.

Qualifications

Minimum:

* 6 years Penetration Testing experience
* Bachelors degree in Computer Science, Network & Security, or related discipline or equivalent work experience OR Associate degree in related discipline plus two years additonal work experience in addition to the above required 6 years.

Desired:

* SANS Cybersecurity certificate, WCNA, or similar
* Knowledge of exploits and how to use Metasploit/meterpreter
* Knowledge and experience in setting up VMs for malware analysis Knowledge of the NVD, CVE, CVSS and its applicability to Penetration and Red Testing
* Knowledge of APT TTPs and how to replicate their attack methodology
* Experience with Web Application Testing and Secure Code review

Responsibilities

* Ensure and validate that security controls are operating effectively.
* Review test results or interpret evidence for vulnerabilities, gaps, and control deficiencies and work with business stakeholders to establish plans for sustainable resolution.
* Develop red test parameters, vulnerability-testing code writing capability, and other analytical tools to support security testing services.
* Document in detail, the results of assessments, audits, tests, and verification activities.
* Develop situational awareness, stay informed of current technology and vulnerabilities, and contribute to PG&E and industry in the area(s) of their specialty.
* Provide support cross functional support to incident response analysts and other teams within SIOC.