About DCP Midstream
DCP Midstream is the largest processor of natural gas and natural gas liquids producer ensuring the country has clean energy to warm homes, manufacture goods, and produce consumer products. We are a “must-run” company and we are committed to greater in everything we do—from operating efficiently, reliably and safely to being a responsible community partner. Headquartered in Denver, Colorado, DCP Midstream operates assets in 17 states. Day To Day
The IT Security Analyst IV is responsible for ensuring overall IT security risk is appropriately managed and reviewed. The incumbent will design, implement and manage IT security controls in addition to evaluating, and identifying the risk associated with new projects and Company initiatives. What You Will Be Responsible For
- Determining cloud security requirements by evaluating business strategies and requirements.
- Contribute to the evaluation, recommendation and implementation of cloud security controls.
- Working with stakeholders on their cloud deployments to diagnose, document, and remediate any deviations from security standards and policies.
- Providing High-level expertise in sophisticated identity, authentication, security, privacy, and compliance requirements, and experience integrating them into cloud and hybrid solutions
- Participating on a team to provide expert analysis of cloud cybersecurity architecture, compliance with Company policies, and commercial best practices relating to cloud security.
- Conducting incident response analyses.
- Identifying and remediated any cloud security gaps.
- Prepares security reports by collecting, analyzing, and summarizing data and trends.
- Updating job knowledge by tracking and understanding emerging security practices and standards
- Review, analyze, discuss, and evaluate the implementation of security controls in multiple information system environments, including dynamic cloud services (IaaS, PaaS, and SaaS).
- Provide leadership for the cloud architecture strategy and resolution of architectural issues.
- Establish strong relationships with key business and technology stakeholders on business and technical issues
- Experience and passion for learning (technical and soft skills); implementing practices from others; trying, failing and learning from that; sharing practices and knowledge for others’ benefit
- Working with IT and OT security teams as required
- Bachelor’s degree in Information Security, Information Technology, or equivalent technical experience
- 6+ years IT Security experience including security architecture
- Hands on experience with cloud security and networking in Microsoft Azure and associated best security practices. Including the following:
- Azure AD Services
- Azure PIM/PAM Services
- Azure Network Security Groups
- Azure Intune Device Security/Policies
- Azure Advance Threat Protection
- Azure Security Policy
- Azure Regulatory Compliance & Policy
- Azure Storage and Database Security
- Azure Express Route
- Windows Server 2008 to 2106 Administration
- Cloud security related professional certifications preferred CCSP, CCSK, CCSP, MCSE
- Experience with IT or technology related compliance and risk management related frameworks such as ISO 27001/27002/27017/27018, NIST 800-53
- Certified Information Systems Security Professional (CISSP) certification preferred
- Excellent communication and collaboration skills; Can create and presents IT Security materials
- Strong foundational knowledge in multiple information security domains such as access control, network security, operations security, application security, cryptography, computer forensics, security architecture and design, mobile device security.
- After hours work may be necessary to support outages or off-hours maintenance windows.
- Moderate Splunk knowledge is an advantage
- Experience working with DevOps/Agile teams is a plus
- Experience with hybrid solutions mixing use of private data center and public cloud.
Strong communication and technical writing skills necessary to prepare and conduct instruction, provide technical briefings and prepare technical reports and collaborate other with other team members
It has been and will continue to be the policy of DCP Midstream not to discriminate against any employee or applicant for employment because of their race, color, religion, national origin, age, sex, sexual orientation, gender identity, gender expression, veteran status, disability, or other legally protected status.