We Are Sempra: Advancing a Better Future for All
As a premier energy infrastructure company serving 36 million consumers in North America, Sempra embraces its role as a leader in advancing a net-zero future. At Sempra, you can help shape a better future for our communities and our planet, alongside a workforce of 19,000 talented teammates. As an equal opportunity employer, Sempra is proud to bring together people with diverse perspectives and experiences. The company is consistently recognized for its sustainable business practices and long-standing commitment to building a high-performing culture focused on safety, workforce development and training, and diversity and inclusion. Sempra is the only North American utility sector company included on the Dow Jones Sustainability World Index and was also named one of the "World's Most Admired Companies" for 2021 by Fortune Magazine. Join us as we collaborate in providing cleaner, safer and more reliable energy to our customers and communities.
The Domain Engineer I - Cybersecurity supports cybersecurity capabilities with emphasis on detecting and reducing risk within the organization. Assists team in identifying and mitigating risks in technology systems. As an early career engineer, embodies a learning mentality to build specialization in security techniques. Assists team in providing visibility across the enterprise technology landscape to identify, assess and recommend risk mitigation tasks.
Duties and Responsibilities:
* Assists team in identification of enterprise level cybersecurity threats and risks. Under guidance of more senior engineers, monitors operational tools in order to reduce risks and vulnerabilities to the enterprise. Supports design and evaluation of cybersecurity technology and technology tools according to delivery framework for business critical functional areas.
* Actively collaborates with team on recommendations for selection of cybersecurity technology (systems, platforms, or networks) to mitigate identified risks, with an emphasis on automation to enable strategic activities such as risk assessments and process reviews.
* Responsible to actively gain knowledge in cybersecurity expertise, through both formal and informal training opportunities (such as on-the-job training, mentorship, training courses, knowledge assessments). Contributes to development of relevant applications and systems.
* Under guidance, assists in end-to-end assessment of cybersecurity related capabilities (where a capability is a technical service, process, function, or application, e.g. cybersecurity compliance, risk management), focused on supporting performance, risk assessment, and capacity management.
* Delivers work in accordance with an agile mindset. Assists in incremental value creation and business agility, adopting scrum or kanban methodologies as appropriate to their team. Kanban and scrum are frameworks used for organizing work in an agile way, focused on managing flow of knowledge and operational work and driving continuous improvement for a team.
* Participates in reviews and demos of technical specifications and program code as part of technical team, utilizing the opportunity to receive feedback and learn from the work of other engineers. Maintains a growth mindset towards learning, specializing in security techniques.
* Performs other duties as assigned (no more than 5% of duties).
* Bachelor's Degree in Information Systems, Software Engineering, Computer Science, related field or equivalent training and/or experience required.
* 2 years of experience working within IT and/or enterprise cybersecurity with experience in cybersecurity process, risk assessments, and troubleshooting of systems or completion of the IT Rotation Program.
* 1 year of experience working with cybersecurity and technology, with experience in endpoint security, network security, risk management, and/or application security. Significant experience performing vulnerability assessments and/or remediating security vulnerabilities, and developing security capabilities preferred.
* Experience with National Institute of Standards and Technology (NIIST) Cybersecurity Framework (CSF) or Risk Management Framework (RMF) such NIST 800-53 preferred.
* Experience with hands-on development and programming of software and systems preferred.
* Must reside in Southern California or be willing to relocate upon hire.
* We offer a hybrid work environment. Although the schedule may vary, typically this will allow you to work from the office two to three days per week and work remotely on the remaining workdays.
Skills and Abilities:
* Development Languages - Knowledge and understanding of one or more IT programming languages and database architectures, and ability to write code and develop applications using those languages required.
* Cybersecurity Acumen - Knowledge of cybersecurity design and architecture (application, data, and technical) with understanding of how systems and processes work together as aligned to business and IT imperatives preferred.
* Cybersecurity Engineering - Ability to deliver holistic support to secure systems, identifying threats and vulnerabilities in systems and applications, creating security applications and solutions, designing for resiliency and security to enhance security capabilities protecting data from theft, compromise or attack preferred.
* Cybersecurity Risk Assessment - Ability to evaluate existing systems and solutions for security risk and vulnerabilities, designing solutions and systems that provide quality and traceability of risk data and analytics to inform security recommendations preferred.
* DevSecOps Practices - Strong understanding of automation and security concepts and processes (e.g., test automation, code coverage, DevSecOps, Continuous Integration / Continuous Delivery (CI/CD) pipelines, etc.), and ability to drive the integration of development, operations, and security into enterprise software development preferred.
* Identity and Access Management - Knowledge related to design and delivery of solutions for establishing user, applications and device credentials and processes for applying those credentials to access enterprise systems and applications preferred.
* Network Security Skills - Ability to deliver network security services through preventing unauthorized access to network resources (data and voice systems), managing network security related incidents and providing on-going services to maintain network security operations functions (firewall, DNZ, corporate LANs, etc.) preferred.
* Software Delivery Frameworks – Strong knowledge of delivery frameworks such as Agile Scrum, Kanban, and/or Software Development Lifecycle (SDLC); proven ability executing projects in a collaborative, fast paced environment preferred.
* IT Service Management - Ability to manage IT services lifecycle (service strategy, design, transition, operation, continuous service improvement) and use DevOps methodology and tools to analyze results preferred.
Licenses and Certifications:
* CompTIA Security+, Global Information Assurance Certification (GIAC) or GIAC Security Essentials (GSEC) preferred.
* May require work outside of normal business hours and/or 24/7 response availability for system and application maintenance, enhancements, production releases and/or operational emergencies.
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
- Agile Methodology
- Application Security