IT Security Administrator, Hays

Career Opportunities with Midwest Energy, Inc.

Current job opportunities are posted here as they become available.

Subscribe to our RSS feeds to receive instant updates as new positions become available.

The purpose of the IT Security Administrator is to design, implement, maintain, and monitor the IT security program to protect Midwest Energy’s data, devices and computer networks from cyber-attacks and help set and maintain security standards. The position ensures that computer systems, data systems, software solutions, servers and networks are monitored for security issues and that protective security software is installed and operating as designed.

The position will work to act against cyber-attacks and document events, incidents, or breaches. The IT Security Administrator will collaborate with all members of the IT department in implementing security solutions, policies, and procedures.

• Research current industry cybersecurity best practices. Develop a strategy and lead the implementation of the best cybersecurity practice standards accordingly.
• Prepare and report security metrics (KPIs) at defined intervals based on the adopted cybersecurity framework (CSC 18, NIST, SANS, etc.) and identified baselines.
• Implement and facilitate a cyber security awareness user training program for all employees. Define, develop and present performance metrics associated to the training to report the progress and performance of the company.
• Monitor computer networks and devices for security issues and compliance with defined security standards including but not limited to missing and installed patches, hardened baselines, hardened software configurations, and known vulnerability mitigations.
• Defend systems against unauthorized access.
• Either directly or by working in conjunction with IT Department members, install cybersecurity measures by configuring, supporting, and operating software and solutions to protect systems, corporate software and information infrastructure, including firewalls and antivirus/antimalware and IDS/IPS software.
• Alert Midwest Energy employees when a new dangerous threat is identified by the cybersecurity community that cannot be mitigated through technology.
• Perform active Threat hunting, looking for indicators of threats and indicators of compromise.
• Perform network vulnerability assessments through periodic visits (as prescribed by the V.P. Information Technology) to the Kansas Intelligence Fusion Center and communicate assessment results with the V.P. Information Technology.
• Perform internal vulnerability assessments and plan a strategy for remediation.
• Review and update the Corporate Cybersecurity Incident Response (IR) Plan and associated IR Playbooks defining the process used to investigate security breaches and other cyber security incidents.
• Document security breaches and assess the damage caused as laid out in the Corporate Cybersecurity Incident Response Plan.
• Organize and execute an annual penetration test with an outside firm. Work with the other members of the IT Dept. to remediate any weakness.
• Assist in the purchase of cybersecurity related IT hardware and software.
• As Midwest Energy is required by the North American Electric Reliability Corp. (NERC) and the relevant Reliability Entity to adhere to internal standards, procedures, and maintenance practices related to Critical Infrastructure Protection (CIP), the Corporate Network and Corporate Data Center infrastructure might, on occasion, be impacted by these compliance standards. This position will assist in the compliance measures as they relate to the Corporate Network and Corporate Data Center infrastructure.

• Lead and champion the implementation of the corporate defined security program set forth by the Center for Internet Security (CIS) and defined as the 18 Critical Security Controls (CSC 18) or any other adopted security framework such as NIST, SANS, etc.
• Act as the Incident Response (IR) Coordinator as defined by the Corporate Cybersecurity Incident Response Plan. Coordinate the mitigation and remediation of detected…