Doble Engineering Company seeks Cyber Security Manager in Marlborough, MA - Lead the cyber security solutions team who are helping utilities secure the electric power grid. Manage the following activities with the Cyber Security Team: Identify, analyze, and report relevant security patches and software updates with minimum supervision; Identify, analyze, and report relevant cyber threats; Analyze system security monitoring data; Develop and maintain quality metrics for patch identification and maintain a high level of patch identification accuracy; Maintain and develop the PatchAssure security portal. Lead and manage project teams in delivering security patches to customers. Lead and manage security product development by developing requirements and providing security insights. Act as product lead and manage the product life cycle for assigned products. Provide subject matter expertise and lead system security improvement projects. Manage, train and support directly reporting engineers and interns in the Cyber Security department. Develop and manage department budgets. Provide SME support to customers on security analysis products. Advise customers in developing and applying workarounds for vulnerabilities. Advise customers in applying and testing security patches. Advise customers in applying and testing the Transient Cyber Asset Programs. Gain trust of customers by demonstrating them team's competency in patch management. Make recommendations to IT on security tools to monitor threat environments. Develop and maintain incident response playbooks. Review and coordinate incident response procedures. Act as primary incident response coordinator during security events. Lead the design and development of security solutions, including the Patch Management and Transient Cyber Asset programs. Design controls to reduce attack surface. Design controls to limit damage from intrusions and maintain continuity of operations. Design test set ups in the cyber security lab as needed. Lead the security scanning of new and existing products in conjunction with Engineering. Provide SME advise in completion of customer security questionnaires. Develop a security by design process in conjunction with Solutions and Engineering. Develop and maintain criteria for this process. Manage the Cyber Security Team to a high level of performance and skill set. Lead the development and release of security analysis reports to customers. Identify security incidents and lead a coordinated response. Develop cyber security policy and guidelines in line with industry best practice. Lead Security assessments of all products and make recommendations to Engineering on improvements to product security posture. Manage cyber security product life cycles including the development of new products.

Required: Master's degree in Computer Science, Information Technology, Cybersecurity, Electrical Engineering or related field plus 4 years of experience as Security Analyst, Penetration Tester or related position.

Must have experience with:

• Tools Wireshark, nmap VEricode, NESUS and Nexpose.
• Log management platform Graylog and security management platform SecureWorks or similar.
• Common software flaws and misconfigurations in Windows, Linux, and embedded devices.
• TCP/IP-based services, including DNS, DHCP, HTTP, FTP, SSH, SMTP.
• Industry standards NERC CIP, NIST or similar.
• Assessing the market and developing new solutions.
• Using relevant security tools and administering relevant security platforms.
• Security for embedded devices.
• Python or similar scripting language.
• Security analytic and reporting experience.
• Code reviews.
• Secure SDLC, SAST - Static Application Security Testing, DAST - Dynamic Application Security Testing.
• Web application, network penetration testing.
• Threat modeling, design review or other threat analysis techniques.
• Microsoft Azure, Programming languages Java, C++, Python.
• Development of security tools and automation, secure design, architecture, and implementation.
• Application, system, and network security.
• Authentication and security protocols.
• Cryptography.
• Incident Response.
• Security Compliance NIST CSF, NERC CIP, IEC 62443, IEC 270001.
• Security and Policy of AI/ML applications.

Overtime and/or weekend work required. National and international travel required 20% of the time for customer visits, conference participation, and trade shows. Salary range $208,520 - $226,647.86 per year.

Submit application online at requisition number DOBLE002282. Doble Engineering is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.