Job Specifications
One of CEI's largest Utilities / Energy clients is seeking a Security Analyst II to join their growing organization!
Client/Industry: Power, Energy, & Electric Utilities
Job Title: Security Analyst II
Location: Hybrid - (Tuesday-Thursday onsite, Monday/Friday remote) | Allentown, PA or Louisville, KY
Work Schedule/Shift: Mon-Fri | Minimum 40 work hours per week.
Duration/Length of Assignment: 6 Month Contract to Hire
*Must be able to convert to a full-time employee without sponsorship, restrictions, or an additional employer*
W2 Employment Only - No Corp to Corp / C2C arrangements.
Expected potential for contract extension(s) and/or conversion to Full-Time/Permanent Employment.
Optional benefits available during contract (Medical, Dental, Vision, and 401k)
Position Overview:
This role sits within the IT Security team responsible for protecting the integrity, confidentiality, and availability of systems and data across both corporate and utility environments. The position was created as part of ongoing security and compliance initiatives designed to strengthen organizational defenses against evolving cyber threats. The IT Security group is a highly collaborative team that works across business and technical units, providing security leadership, compliance support, and operational oversight. The selected candidate will join a hybrid team environment, contributing to audit and compliance functions while also supporting technical security processes. Day to day, the Security Analyst II will engage with business and IT leaders to ensure that compliance requirements are understood and followed, while also contributing to the secure design and monitoring of both IT and Operational Technology (OT) systems. This position requires balancing technical knowledge with a strong focus on compliance and audit response. The analyst will support incident response, compliance reviews, and regulatory standards, while participating in projects that design, evaluate, and improve cybersecurity processes across the organization.
Required Skills/Experience/Qualifications:
Bachelor's degree in information security, computer science, math, business, or related field, or equivalent combination of education and experience
Minimum of 5 years of information technology experience, including information systems and security controls, networking, telecom, or application development with cybersecurity exposure (7 years for lead-level consideration)
Familiarity with NERC CIP compliance standards and auditing processes
Understanding of networking concepts and systems security across desktops, mobile, servers, and web-based platforms
Experience with compliance, auditing, or governance functions in IT or cybersecurity settings
Strong analytical and problem-solving skills with the ability to adapt to changing technology and merge multiple tools for solutions
Experience with incident response, misuse detection, and escalation processes
Knowledge of industrial control system (ICS) vulnerabilities and mitigation strategies
Ability to multitask and lead or engage in multiple projects in a cross-functional environment
Effective communication skills for reporting, documentation, and interaction with internal teams, external vendors, and auditors
Preferred Skills (Not Required):
Advanced degree in cybersecurity, information security, or related discipline
Professional certifications such as CISSP, CISM, or other security/audit-related credentials (including cloud security certifications)
Experience with regulatory frameworks such as SOX in addition to NERC CIP
Prior experience supporting both IT and OT (Operational Technology) environments
Active Secret Clearance
Day to Day/Responsibilities:
Proactively understand business needs and apply sound cybersecurity architecture design and operations, including cloud security, to mitigate security risks. Ensure business targets are achieved through secure and reliable use of appropriate technology and process.
Proactively protect the integrity, confidentiality, and availability of information that is in the custody of or processed by the corporation.
Escalate to management unresolved cybersecurity exposures, misuse, or noncompliance situations as warranted.
Provide thought leadership on the cybersecurity team and as part of IT and the business, to explore innovative ideas and concepts, prioritize and mitigate security risk. Act as a cybersecurity advocate for internal business partners and manage vendor relationships as required.
Provide consultation and coordination to Business Unit and IT Management to ensure resource owner responsibilities are understood and accepted, realistic enforcement mechanisms are selected and used appropriately, and clear understanding and response development for cybersecurity audit findings by internal/external auditors or third-party assessors.
Stay abreast of emerging technology and architecture trends while focusing on advanced IT security techniques, tools, and pr
About the Company
In today’s technology-driven world, the mandate of transformation represents both challenges and opportunities. CEI enables clients to harness innovation to gain competitive advantage and achieve meaningful results. We offer end-to-end services that can be tailored to the unique needs of each client. We are grounded in core values, dedicated to quality and eager to apply our experience and talent to help our clients succeed. With expertise in both legacy and emerging technology areas, we are ready to consult, build, manage a...
Know more