Cybersecurity Specialist 3
This is a remote position.
Job Description
Our utility industry client is seeking an Allowlisting Security Specialist to support security initiatives and ongoing cybersecurity programs. This role will focus on securing Windows and Linux environments, automating security processes while supporting broader cybersecurity initiatives and secure system design. Scope The scope includes working with members of the IT&S (Information Technology and Services) Department to: Design, implement, and maintain enterprise application allowlisting policies in IT and OT environments Implement and manage AppLocker policies for Windows environments Deploy and tune Microsoft Defender Application Control (WDAC / App Control for Business) Deploy and manage Red Hat fapolicyd for Linux systems Define trusted sources using publisher, hash, and path rules Integrate logs into SIEM tools such as Splunk for monitoring and alerting Develop automation using Group Policy, Intune, and Ansible Reduce attack surface by enforcing default-deny execution controls Collaborate with multiply teams to onboard systems and software into allowlisting Support governance boards (ARB, TRB, CAB) and documentation requirements Deliverables Allowlisting policy framework and standards AppLocker, WDAC, and fapolicyd configurations Automation scripts and deployment guides Documentation for audits and compliance Metrics and reporting on allowlisting effectiveness Consult with project team and other stakeholders, e.g., IT practitioners, the Cybersecurity and Compliance teams, Enterprise Architecture, Applications, Infrastructure, Network, Database, OCM, etc. during testing and implementation. All changes will follow the Change management policies and procedures.
Requirements
Key Skills and Qualifications 4+ years of practical cybersecurity or endpoint security experience. Hands-on experience with: Microsoft Applocker Application Control for Business/Windows Defender Application control (ACFB/WDAC) Red Hat fapolicyd and satellite Experience with SIEM tools (e.g., Splunk) for log analysis and alerting Experience with Intune and MDE integration Industry cybersecurity and technology certifications are a plus. Experience working in a regulated utility environment is a plus. Experience working in a remote, cross functional team, with the ability to drive the scope of work. Ability to lead work effort with little day to day supervision. Ability to work through ambiguity and escalate issues to maintain project momentum. Excellent interpersonal skills, including collaboration, facilitation, and negotiation.