Security Operation Analyst Jobs (NOW HIRING)

At PGE, our work involves dreaming about, planning for, and realizing a smarter, cleaner, more enduring Oregon neighborhood. Its core to our DNA and we haven't stopped since we started in 1888. We energize lives, strengthen communities and drive advancements in energy that promote social, economic and environmental progress. We're always on the lookout for people passionate about leading and being a part of teams that are advancing innovative clean energy solutions that are also affordable and accessible to all.

Staff Network Security Operations Analyst

Work Schedule: Hybrid - 3 days in office / 2 days WFH

On-Call Requirement: Approximately every 7-8 weeks (roughly 6-7 times per year)

Position Overview

PGE's Network Security Operations team is seeking a Staff Network Security Operations Analyst to support and administer two critical security platforms: Splunk (SIEM) and Palo Alto Firewalls. This role is based out of our Tualatin / Sherwood location and reports within the Network Security Operations function.

While this role is not a SOC analyst role. We are looking for someone who builds, configures, owns, and manages the platforms that security operations teams rely on - not someone who monitors dashboards. You will be the person who makes the magic happen behind the scenes, setting up indexes, configuring logging, tuning alerts, and ensuring the platform runs optimally for our internal cybersecurity customers.

Additionally, this role has a strong automation focus. You will identify repetitive administrative tasks and proactively develop automated solutions to improve efficiency across the team.

What We Are Looking For - Beyond the Resume

We want to hear your story. Can you tell us about:

• A time you identified a repetitive task and automated it?
• How have you proactively improved a platform or process without being asked?
• A technical challenge you solved independently?

We value evidence of initiative over years of experience. If you are a go-getter who learns fast, thinks in code, and wants to build something meaningful - we want to talk to you.

Key Responsibilities

• Splunk Administration: Own and manage PGE's Splunk SIEM platform, including index configuration, log ingestion, alert tuning, and system maintenance.
• Palo Alto Firewall Administration: Configure, manage, and maintain Palo Alto firewall infrastructure.
• Automation Development: Identify opportunities to automate repetitive administrative tasks using Python, PowerShell, or other scripting tools.
• Platform Support: Serve as a technical resource for cybersecurity teams who rely on the platforms you manage.
• Compliance Support: Contribute to initiatives supporting NERC CIP regulatory compliance requirements.
• Independent Troubleshooting: Proactively diagnose and resolve platform issues with minimal direction.
• Collaboration: Work closely with internal cybersecurity and IT teams as a key platform partner.

Required Qualifications

• Requires a bachelor's degree in an IT discipline or other related field or equivalent experience.
• Two or more years of progressive IT operations experience focusing on systems or networking support in an enterprise and/or data center environment.
• Splunk Administration experience: Hands-on platform administration (not end-user/SOC usage)
• Palo Alto Firewall Administration experience: Current, working knowledge
• Coding proficiency: Python and/or PowerShell required
• Automation mindset - Demonstrated ability to identify and automate manual or repetitive processes
• Self-starter: Ability to work independently, troubleshoot without step-by-step guidance, and take initiative
• Adaptability: Comfortable with change and evolving priorities in a fast-paced IT environment
• Requires a valid Driver's License and a history of safe driving practices.

Preferred Qualifications

• 2-4 years of relevant experience in network security operations or IT infrastructure
• Familiarity with NERC CIP compliance frameworks
• Experience in a role where you administered or built SIEM platforms (not just consumed alerts)
• Exposure to security operations environments where you owned platform configuration end-to-end
• Demonstrated examples of automation projects (scripts, tools, or workflows you built independently)
• Certifications within technical disciplines preferred.

Job Function

Conducts active monitoring, triage, remediation, or escalation of events within the IT environment, including network security, security policy, policy enforcement and auditing, policy creation, network routing and switching, internet / intranet security posture, server, and workflow automation of tasks to support proactive network security operational awareness. Performs development and implementation of PGE's network security practices and programs. Supports and performs administrative functions on network security infrastructure and applications.

Key Job Information:

Staff Network Security Operations Analyst

Intermediate Professional

• Requires expanded professional-level knowledge and experience in own area; incumbents continue to acquire higher-level knowledge and skills.
• Responsible for researching and documenting various network security mitigation strategies and must maintain current and thorough knowledge of security technologies and their significance to the organization
• Solves a range of more complex problems.
• Analyzes possible solutions using advanced knowledge and applying protocols.
• Operate independently and receive only a moderate level of guidance and direction.

Key Responsibilities

• Applications Support (ASUP) Identifies and resolves issues with network security, following agreed procedures. Uses network security management software and tools to collect agreed performance statistics. Carries out agreed network security maintenance tasks.
• Perform network security tasks such as network/system troubleshooting, assist with root cause analysis, patching infrastructure components, support network security and infrastructure deployments, identify automation opportunities and author automation scripts.
• IT Infrastructure (ITOP) Carries out agreed operational procedures, including network security configuration, installation, and maintenance. Uses network security management tools to collect and report on network security, risk, and performance statistics. Contributes and performs implementation, maintenance, and installation work. Uses standard procedures and tools to carry out defined system backups, restoring data where necessary. Identify operational problems and contributes to their resolution.
• Incident Management (USUP) Following agreed procedures, identifies, registers, and categorizes security incidents. Gathers information to enable security incident resolution and promptly allocate incidents as appropriate. Maintains records and advises relevant persons of actions taken.
• Systems Installation/ Decommissioning (HSIN) Installs or removes hardware and/or software, using supplied installation instructions and tools, including, where appropriate, handover to the client. Conducts tests, corrects malfunctions, and documents results in accordance with agreed procedures. Reports details of all hardware/software items that have been installed and removed so that configuration management records can be updated. Aids users in a professional manner following agreed procedures for further help or escalation. Maintains accurate records of user requests, contact details and outcomes. Contributes to the development of installation procedures and standards.
• Customer Service Support (CSMG) Acts as the routine contact point, receiving and handling requests for support. Responds to a broad range of service requests for support by providing information to fulfill requests or enable resolution. Provides first-line investigation and diagnosis and promptly allocates unresolved issues as appropriate. Assists with the development standards and applies these to track, monitor, report, resolve or escalate issues. Contributes to creation of support documentation.
• System Software (SYSP) Uses network security management software and tools to collect agreed security performance statistics. Carries out agreed system software maintenance tasks.
• Collect and review performance reports for various systems, report trends in security, risk, exposure, and overall performance to assist senior technical personnel to predict future issues or outages.
• IT Estate Management (DCMA) Monitors compliance against agreed processes and investigates, assesses, and resolves incidents of noncompliance, escalating where necessary.

Competencies (Knowledge, Skills, Abilities)

Functional Competencies

• Working knowledge of Palo Alto NGFW, f5 Networks, Network Security systems, Cisco routing and switching technologies.
• Working knowledge and support of network security functions.
• Working knowledge of scripting and automation.
• Working knowledge of Firewall rule management and policy optimization.
• Working understanding of ITIL or other service operations framework.
• Working knowledge of Cloud networking and security practices in Azure, AWS, and Google.
• Working knowledge of Zero Trust architectures for infrastructure and applications environments.
• Working knowledge Routing Protocols and how to troubleshoot: EIGRP, BGP, RIP-2, PBR, Route Filtering, Redistribution, Summarization.

General Competencies

• Intermediate customer focus skills.
• Intermediate accuracy skills.
• Intermediate risk management skills.
• Intermediate oral and written communication skills.
• Intermediate interpersonal skills.
• Intermediate decision-making skills.
• Basic business acumen skills.

Physical and Cognitive Demands

Cognitive Level Intermediate: Consistent use of relevant principles to solve practical problems and to deal with a variety of concrete variables in situations where only limited standardization exists.

• Ability to adhere to set response times, deadlines and time-sensitive tasks.
• Ability to follow accuracy standards.
• Ability to follow through on decision-making tasks.
• Ability to interact effectively and collaboratively within a team environment.
• Ability to communicate and problem solve when under stress.
• Ability to respond and adapt to frequent change.
• Ability to accept and demonstrate self-awareness when provided constructive feedback.
• Ability to discern feedback and acknowledge ownership of areas of improvement.
• Ability to avoid future mistakes by applying reasonable skills to new but similar work situations or tasks.
• Ability to successfully collaborate with peers, managers and others within the organization.
• Demonstrates sound memory.
• Ability to process new information to be applied consistently to work tasks.

Schedule/Attendance

• Ability to occasionally work long hours.
• Ability to occasionally work a variable schedule.
• Ability to report to work and perform work during periods of severe inclement weather.
• Ability to consistently meet attendance standards for regular, reliable, predictable, full-time attendance.
• Ability to work shift schedule.
• Ability to maintain ability to adjust schedule, fill in shifts and work occasional extended hours, evenings or weekends when necessary to support operational needs.
• Ability to support after-hour on-call with the parameter of 15-minute response times and drive into office within two-hour drive time if needed.
• Must be fit for duty during standard work hours and during on-call rotations.
• Ability to participate in companywide Incident Command System and its processes to maintain core company functions during crisis events/

Physical Capabilities

• Driving/travel/commute: Daily within service territory - Frequently (at least once a week or more)
• Driving/travel/commute: Overnight inside/outside the service territory - Occasionally (one to two times a month or less)
• Computer use (use computer regularly for entire work shift)
• Lifting/pushing/pulling: Up to 50lbs.
• Unstable surfaces requiring balance:
  • Access to;
    • Datacenter
    • Communications closets
    • Electrical / HVAC rooms
    • Raised Floor / Under Floor

Environment- Indoor/Outdoor (check all that apply):

• Office

#LI-CU1

Actual total compensation, including a performance based incentive bonus, is commensurate with experience, skills, qualifications, education, training, and internal equity.

PGE believes in rewarding dedicated performance. We provide a total rewards package that is designed to reward your contributions to the company, and, at the same time, support your well-being and professional development, both now and into the future. To find out more, click here.

Join us today and power your potential!

Assisting with storms or other Company emergencies is a part of all positions at Portland General Electric.

PGE is an equal opportunity employer and is committed to fostering a workplace where employees feel connected, valued, and empowered to thrive. PGE will not discriminate against any employee or applicant for employment based on race, color, national origin, gender, gender identity, sexual orientation, age, religion, disability, protected veteran status, or other characteristics protected by law.

PGE does not discriminate on the basis of disability. We recognize individuals have a variety of abilities to offer and we believe there is much to value and celebrate by incorporating different abilities into the work we do. One very important way we live this out is in our application and interview process. We work hard to support individuals who may need an accommodation to fully participate in these processes. If you feel you may need an accommodation, or would like to request one, please notify the Recruiter associated with the jo...