Address
Form of workJob Description
SDG E is not just an energy company, we are the architects of a brighter, cleaner future. Our employees power everyday life for 3.7 million people - bringing the energy to support their passions, ambitions, and the heartbeat of our community.
We call Southern California our home. It's where we chase our dreams and raise our families. That's why the people who live here deserve an energy company unlike any other, and that's why every day, SDG E employees strive to be at the forefront of innovations to reduce emissions, modernize the electric grid, and enable our customers to make the transition to clean technologies. We're redefining sustainability, advancing zero-emissions solutions, and driving the electric vehicle revolution.
It takes the best to build the best - join us!
Primary Purpose:
The Domain Architect - Cybersecurity defines overall direction of architecture for cybersecurity, aligned to business strategy and enterprise architecture. Translates strategy into blueprints and designs for the overall architecture of the company's cybersecurity capabilities to ensure that the balance between business outcomes and security risk is maintained. As a specialist in cybersecurity, facilitates and defines IT architecture solutions to define strategy. Owns and maintains standards, patterns, and guardrails. Acts as an advisor and expert to engage with engineering and product teams to drive security framework and best practices.
Specifically, this position is focusing on cybersecurity with extensive backgrounds in application security, embedded security, network penetration testing, reverse engineering, exploit development, risk management and related Information Security disciplines.
Duties and Responsibilities:
Qualifications
Location:
Required Qualifications:
Preferred Qualifications:
May require work outside of normal business hours and/or 24/7 response availability for system and application maintenance, enhancements, production releases and/or operational emergencies.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability or protected veteran status.
Total Rewards Philosophy
Note: SDG E strives to ensure that employees are paid equitably and competitively. Starting salaries may vary based on factors such as relevant experience, qualifications, and education.
SDG E offers a competitive total rewards package that goes beyond base salary. This position is eligible for an annual performance-based incentive (bonus) as well as other merit-based recognition. Company benefitsinclude health and welfare (medical, dental, vision), employer contributions to retirement benefits, life insurance, paid time off, as well as other company offerings such as tuition reimbursement, paid parental leave, and employee assistance programs.
SDG E is not just an energy company, we are the architects of a brighter, cleaner future. Our employees power everyday life for 3.7 million people - bringing the energy to support their passions, ambitions, and the heartbeat of our community.
We call Southern California our home. It's where we chase our dreams and raise our families. That's why the people who live here deserve an energy company unlike any other, and that's why every day, SDG E employees strive to be at the forefront of innovations to reduce emissions, modernize the electric grid, and enable our customers to make the transition to clean technologies. We're redefining sustainability, advancing zero-emissions solutions, and driving the electric vehicle revolution.
It takes the best to build the best - join us!
Primary Purpose:
The Domain Architect - Cybersecurity defines overall direction of architecture for cybersecurity, aligned to business strategy and enterprise architecture. Translates strategy into blueprints and designs for the overall architecture of the company's cybersecurity capabilities to ensure that the balance between business outcomes and security risk is maintained. As a specialist in cybersecurity, facilitates and defines IT architecture solutions to define strategy. Owns and maintains standards, patterns, and guardrails. Acts as an advisor and expert to engage with engineering and product teams to drive security framework and best practices.
Specifically, this position is focusing on cybersecurity with extensive backgrounds in application security, embedded security, network penetration testing, reverse engineering, exploit development, risk management and related Information Security disciplines.
Duties and Responsibilities:
- Drives definition of cybersecurity standards, roadmaps, and selection of technology tools for enhanced delivery, continuous monitoring, and risk mitigation. Ensures that patterns and standards developed are consistent with desired enterprise risk posture. Works with Principal Architects to align architecture across domains and leverage opportunities for common approaches and standards. Sets architectural standards, and ensures implementation across product teams and groups, emphasizing DevSecOps practices and Continuous Integration / Continuous Delivery (CI/CD). Actively learns about new trends in industry and assesses new technology for suitability for use in respective cybersecurity architecture. Develops technology roadmaps and life-cycle strategies. Leads discovery or visioning phase to create a high-level design approach for cybersecurity solutions.
- Consults with business stakeholders, IT delivery teams, and outside vendors to integrate security architecture into roadmaps, application and system design, and information technology operations. Provides education on cybersecurity architecture, directions and goals, roadmaps, and architectural standards. Works holistically across enterprise, defines and aligns governance, controls, and guardrails for architecture standards to support teams' understanding of enterprise expectations. Provides guardrails to delivery teams, to adopt new patterns, technology tools, and standards related to cybersecurity and risk management. Consults with agile teams to address design decisions. Closely partners with and mentors other technology professionals.
- Defines a cybersecurity architecture that optimizes for enterprise risk reduction, resilience, scalability, performance and availability, focused on continuous monitoring and DevSecOps practices. Solves unique and complex cybersecurity problems that have a broad impact, assisting the business and other architects ensuring that risks and vulnerabilities in solution designs are identified and addressed.
- Drives incremental value creation and business agility to provide cybersecurity domain-specific input and guidance to product teams and participates in agile, scrum, or Kanban ways of working as appropriate. Mentors less experienced technology staff on best practices, procedures, and processes. Kanban is a framework used for organizing work in an agile way, focused on managing the flow of knowledge and operational work and driving continuous improvement for a team.
- Performs other duties as assigned (no more than 5% of duties).
Qualifications
Location:
- Must reside in Arizona or Nevada.
- Must be able to report to the Data Center located at 7375 S Lindell Road, Las Vegas, NV 89193 within twenty-four (24) hours of company request, unless previously scheduled for time off.
- This position may also be required to travel to San Diego and other locations for various meetings, training, etc.
Required Qualifications:
- Bachelor's Degree Computer Science, Information Systems, Software Engineering, related field or equivalent training and/or experience.
- 10 years - progressive experience in cybersecurity and technology, with experience in cybersecurity architecture, working with IT, endpoint security, network security, application security, and cybersecurity process, risk assessments, and troubleshooting of systems.
- Cybersecurity Acumen - Knowledge of cybersecurity design and architecture (application, data, network, and cloud) with understanding of how systems and processes work together as aligned to business and IT imperatives
- Cybersecurity Architecture - Ability to design and create cybersecurity architecture (application, data, network, and cloud) that is aligned to business and IT imperatives across systems, applications, or software, focused on safeguarding the company's technology environment by proactively securing the enterprise and its assets.
- Information Security - Strong understanding of the fundamentals of information security, digital privacy measures, and cybersecurity practices, and the ability to incorporate strong security practices into technology systems and applications.
- Data Security and Privacy - Ability to analyze the risks related to sensitive data loss and implementing the appropriate data protection controls, while considering compliance and business risk in concert.
- May require work outside of normal business hours and/or 24/7 response availability for system and application maintenance, enhancements, production releases and/or operational emergencies.
- Must reside in Southern California or be willing to relocate upon hire.
- We offer a hybrid work environment. Although the schedule may vary, typically this will allow you to work from the office two to three days per week and work remotely on the remaining workdays.
Preferred Qualifications:
- 10 years- experience with National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) or Risk Management Framework (RMF) such NIST 800-53.
- 3 years progressive experience working with DevSecOps practices, including Continuous Integration / Continuous Delivery (CI/CD). Experience working across multiple security platforms, ability to influence organizational direction for industry leading security practices.
- Architecture Strategy - Knowledge of the fundamentals of architecture strategy, with a strong ability to create an enterprise architecture (application, data, and technical) that is aligned to business and IT imperatives.
- Communication for Technical Leadership - Ability to communicate technical ideas and strategies effectively to non-technical audiences, including executive leadership, via multiple mediums (e.g., written communications, verbal communications, presentations, etc.).
- DevSecOps Practices - Strong understanding of automation and security concepts and processes (e.g., test automation, code coverage, DevSecOps, Continuous Integration / Continuous Delivery (CI/CD) pipelines, etc.), and ability to drive the integration of development, operations, and security into enterprise software development.
- Packaged Platform / Systems - Knowledge of technologies and Packaged Platform/Systems including SAP S/4 HANA, IBM, Oracle, Public Cloud services, GIS, etc.
- CompTIA Security+, Global Information Assurance Certification (GIAC), Certified Information Systems Security Professionals (CISSP), or GIAC Security Essentials (GSEC).
May require work outside of normal business hours and/or 24/7 response availability for system and application maintenance, enhancements, production releases and/or operational emergencies.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability or protected veteran status.
Total Rewards Philosophy
Note: SDG E strives to ensure that employees are paid equitably and competitively. Starting salaries may vary based on factors such as relevant experience, qualifications, and education.
SDG E offers a competitive total rewards package that goes beyond base salary. This position is eligible for an annual performance-based incentive (bonus) as well as other merit-based recognition. Company benefitsinclude health and welfare (medical, dental, vision), employer contributions to retirement benefits, life insurance, paid time off, as well as other company offerings such as tuition reimbursement, paid parental leave, and employee assistance programs.
