One of CEI's largest Utilities / Energy clients is seeking a Security Analyst II to join their growing organization!
Client/Industry: Power, Energy, & Electric Utilities
Job Title: Security Analyst II
Location: Hybrid - (Tuesday–Thursday onsite, Monday/Friday remote) | Allentown, PA or Louisville, KY
Work Schedule/Shift: Mon-Fri | Minimum 40 work hours per week.
Duration/Length of Assignment: 6 Month Contract to Hire
*Must be able to convert to a full-time employee without sponsorship, restrictions, or an additional employer*
- W2 Employment Only – No Corp to Corp / C2C arrangements.
- Expected potential for contract extension(s) and/or conversion to Full-Time/Permanent Employment.
- Optional benefits available during contract (Medical, Dental, Vision, and 401k)
Position Overview:
This role sits within the IT Security team responsible for protecting the integrity, confidentiality, and availability of systems and data across both corporate and utility environments. The position was created as part of ongoing security and compliance initiatives designed to strengthen organizational defenses against evolving cyber threats. The IT Security group is a highly collaborative team that works across business and technical units, providing security leadership, compliance support, and operational oversight. The selected candidate will join a hybrid team environment, contributing to audit and compliance functions while also supporting technical security processes. Day to day, the Security Analyst II will engage with business and IT leaders to ensure that compliance requirements are understood and followed, while also contributing to the secure design and monitoring of both IT and Operational Technology (OT) systems. This position requires balancing technical knowledge with a strong focus on compliance and audit response. The analyst will support incident response, compliance reviews, and regulatory standards, while participating in projects that design, evaluate, and improve cybersecurity processes across the organization.
Required Skills/Experience/Qualifications:
- Bachelor’s degree in information security, computer science, math, business, or related field, or equivalent combination of education and experience
- Minimum of 5 years of information technology experience, including information systems and security controls, networking, telecom, or application development with cybersecurity exposure (7 years for lead-level consideration)
- Familiarity with NERC CIP compliance standards and auditing processes
- Understanding of networking concepts and systems security across desktops, mobile, servers, and web-based platforms
- Experience with compliance, auditing, or governance functions in IT or cybersecurity settings
- Strong analytical and problem-solving skills with the ability to adapt to changing technology and merge multiple tools for solutions
- Experience with incident response, misuse detection, and escalation processes
- Knowledge of industrial control system (ICS) vulnerabilities and mitigation strategies
- Ability to multitask and lead or engage in multiple projects in a cross-functional environment
- Effective communication skills for reporting, documentation, and interaction with internal teams, external vendors, and auditors
Preferred Skills (Not Required):
- Advanced degree in cybersecurity, information security, or related discipline
- Professional certifications such as CISSP, CISM, or other security/audit-related credentials (including cloud security certifications)
- Experience with regulatory frameworks such as SOX in addition to NERC CIP
- Prior experience supporting both IT and OT (Operational Technology) environments
- Active Secret Clearance
Day to Day/Responsibilities:
- Proactively understand business needs and apply sound cybersecurity architecture design and operations, including cloud security, to mitigate security risks. Ensure business targets are achieved through secure and reliable use of appropriate technology and process.
- Proactively protect the integrity, confidentiality, and availability of information that is in the custody of or processed by the corporation.
- Escalate to management unresolved cybersecurity exposures, misuse, or noncompliance situations as warranted.
- Provide thought leadership on the cybersecurity team and as part of IT and the business, to explore innovative ideas and concepts, prioritize and mitigate security risk. Act as a cybersecurity advocate for internal business partners and manage vendor relationships as required.
- Provide consultation and coordination to Business Unit and IT Management to ensure resource owner responsibilities are understood and accepted, realistic enforcement mechanisms are selected and used appropriately, and clear understanding and response development for cybersecurity audit findings by internal/external auditors or third-party assessors.
- Stay abreast of emerging technology and architecture trends while focusing on advanced IT security techniques, tools, and processes. This includes pursuing relevant certifications, advanced education, and/or security clearances.
- Provide high-level research on internal projects and recommend strategic cybersecurity directions and plans that address company-wide issues.
- Solve IT security problems of varying complexity across multiple technology specialization areas through development of well-thought-out plans for highly complex or ambiguous issues.
- Design and enhance processes and procedures for periodic review and correlational analysis of system logs to enable an active defense approach to system security.
- Design, develop, and implement system tests to monitor the effectiveness of cybersecurity defenses.
- Respond in a timely manner to loss or misuse of corporate assets. Serve as part of the cybersecurity team’s 24x7 on-call security response rotation (typically one week at a time) in alignment with departmental incident response processes.
- Provide skilled leadership consultation to other technical staff on cybersecurity-related updates to applications and technical environments. Mentor and coach junior technical staff members across areas of IT Security.
- Provide technical, analytical, and security leadership for project development and implementation.
- Commit to continuous learning and professional development by increasing personal skills and knowledge required for the position. Evaluate personal strengths and weaknesses and seek feedback for improvement.
- Contribute to a cooperative environment that encourages information exchange. Communicate complex ideas in a clear, concise, and persuasive manner and identify underlying business issues, impacts, and benefits while promoting cybersecurity advancements.
- Coordinate, document, and report on internal investigations of possible security violations, information misuse, or compliance reviews as requested and approved by HR, Internal Audit, Legal, or regulatory/law enforcement bodies.
- Support evolving mandatory regulatory compliance requirements applicable to workgroup responsibilities, including NERC CIP and SOX.
- Participate in special projects involving external personnel or companies for security-related assignments.
- Provide needed perspective across organizational boundaries to ensure consistent application of security solutions aligned with departmental and corporate objectives.
