Job Details

Information Security Specialist 2 or 3 (Application Security)

NW Natural

Job - Corporate/Business

Close Date: 01/19/2020

Non-Union Position
IS Security & Analytics; Portland, Oregon (US-OR)
Regular FT
Posting # 149

General Purpose:
As an Information Security Specialist 2 or 3 (Application Security), you would be a member of the Security Operations Team and collaborate with our application development teams as we build an application security program. Your responsibilities would include people, process, and technology. You would conduct threat modeling and application security testing as well as translate between developers and security team members. This is a key role in a technology organization, maturing its processes and modernizing its technology.

Roles and Responsibilities:
Application Vulnerability Management
You (with support from the security team) would develop and lead our secure software development lifecycle collaboratively with development teams:
Cooperate and communicate effectively with development teams incorporate security throughout development processes
Guide development teams to secure coding standards to address common coding vulnerabilities
Conduct threat modeling
Create a software source code review process that is a part of the development lifecycle
Conduct application security testing for applications to assess the vulnerabilities
Define testing criteria for systems and applications
Analyze the results of assessments and recommend risk mitigation strategies
Deploy, tune, and run application vulnerability-scanning tools

Security Consulting
Collaborate on projects to ensure that security issues are addressed throughout the project lifecycle
Provide ad hoc consulting on tactical security topics
Research, evaluate, design, test, recommend, and plan new or updated information security technologies

Security Awareness and Training
Partner with developers to improve the security of our code and increases their understand of how to secure applications

Security Monitoring
Review alerts from security monitoring tools
Research and assess new threats and vulnerabilities

Incident Response
Respond to security incidents including leading the response for smaller incidents
Liaise between incident response leads and subject matter experts
While the security monitoring and incident response responsibilities mean that there is an after-hours component to this role, typically it is less than one hour per week.

Qualifications and Experience:
Educational Qualifications
Minimum of six years' software development and/or information security experience, additional years’ experience required for level 3.
Bachelor's degree or equivalent additional work experience
ITIL Foundations certified or successful completion within 90 days of starting

Technical Competency
Strong understanding of business applications, including ERP and financial systems
Understanding of different Software Development Lifecycles (for example scrum, waterfall, agile) and how to incorporate security into those processes
Strong knowledge of secure coding and application security testing practices and tools
Ability to develop security requirements of an application in development
Ability to perform code analysis, interpret results, and help direct mitigation
Understanding of how X.509 certificates (also called PKI certificates or SSL certificates) provide confidentiality and authentication in TLS
Understanding of different forms of authentication, for example OAuth2 and SAML
Understanding best practices concerning authentication/authorization/roles/policies for system to system communication and integration, including strategies for securing applications with third party organizations and providers

Occupational Personality
You’ll interact with NW Natural's personnel at various levels and across business units to understand business imperatives.
Strong communication and facilitation skills will be key to your success, as well as leadership abilities with the capability to direct other technical staff on security initiatives and guide team members
You are comfortable working with minimal supervision and have strong analytical skills to analyze security requirements and relate them to appropriate security controls.
Your ability to manage expectations appropriately will help build long-term relationships.
You’ll remain current with industry trends and evolving threats.

What we offer:
Arguably the most competitive healthcare and wellness benefits in the Pacific Northwest
Meaningful Annual Incentive Bonus Opportunity in addition to base salary
401(k) with generous match and additional 5% employer contribution
Company provided Trimet or C-Tran passes/Bike storage for cyclists
Green Team / Diversity, Equity & Inclusion Council / Safety Team / Women’s Network
Numerous volunteer and community engagement opportunities
Employee Stock Purchase Plan with a 15% discount
20% Employee discount on Natural Gas
7 Paid Holidays and up to 3 floating holidays to add an extra paid day off to Holidays Observed by NW Natural
Flexible work schedule opportunities

Base salary range:
Level 2 - $81,300.00 - $112,550.00
Level 3 - $103,200.00 to $142,850.00

Application Process: To be considered for this position, submit a complete electronic application including cover letter and resume via our website.

Deadline: January 19, 2020

All applications must be submitted through NW Natural’s Electronic Application System. Resumes submitted via email, fax or mail will not be accepted in lieu of an electronic application.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, sexual orientation, gender identity, veteran status, disability or any federal, state or locally protected class.

We are a drug free workplace and we comply with Federal Drug Free Workplace Act and Department of Transportation regulations. Pre-employment drug tests are part of the hiring process and apply to all positions.

NW Natural does not accept unsolicited submissions or assistance from search firms for posted positions. Resumes submitted by search firms working under a valid and current written contract with NW Natural valid written Statement of Work in place for this position from NW Natural HR/Employment will be deemed the sole property of NW Natural. No fee will be paid in the event the candidate is hired by NW Natural as a result of the referral or through other means.