Job Description

This role is responsible for identifying, assessing, and mitigating security threats and vulnerabilities across the organization’s digital and physical assets. This role involves monitoring security tools, conducting vulnerability assessments, and working closely with IT and development teams to implement remediation strategies that reduce risk and strengthen the company’s security posture.

• Monitor security alerts and threat intelligence feeds to identify emerging risks and vulnerabilities.
• Conduct regular vulnerability assessments and penetration testing across networks, systems, and applications.
• Analyze threat and vulnerability data to prioritize remediation efforts based on risk and business impact.
• Collaborate with IT teams to develop and implement remediation plans for identified vulnerabilities.
• Document findings, remediation actions, and track progress to ensure timely closure of vulnerabilities.
• Stay current with the latest security trends, vulnerabilities, and regulatory requirements.
• Support incident response efforts by providing expertise on threat vectors and mitigation strategies.
• Provide timely, accurate, cross-platform collaborative support and communication regarding security threats posing risk to systems across the enterprise (team, group, company, and affiliates).
• Interpret information security and compliance requirements for specific circumstances and provide recommendations; assist with implementation of recommendations where appropriate.
• Develop policies, procedures, training/outreach materials, presentations, and other content that supports the team’s goals and objectives.
• Support continuous process improvement by evaluating team processes, recommending, and implementing enhanced processes.
• Ensure compliance aspects of the position are known and followed; understand and comply with all applicable policies, codes, and regulations.
• Perform related duties as assigned.

• Bachelor’s degree in Information Technology, Computer Science, or a related field from an accredited school, plus 4 years of IT security, audit, or compliance experience (Typically four years of related, progressive work experience would be needed for candidates applying for this position who do not possess a bachelor's degree, e.g., ISO 27001, FERC/NERC CIP, NIST 800-53).
• Relevant certifications preferred (e.g., CompTIA Security+, CISSP, GIAC, CISM).
• Experience with vulnerability management activities and tools such as automated/manual penetration testing, DAST, SAST, bug bounty programs, external attack surface management, phishing testing, password audits, unified vulnerability management, and threat intelligence.
• Experience with scripting or automation for security tasks.
• Strong understanding of network protocols, operating systems, and application security best practices.
• Ability to interpret technical data and convey actionable recommendations to non-technical stakeholders.
• Strong analytical, interpersonal, presentation, customer relations, problem-solving, decision-making, and communication skills
• Project management skills, including prioritization and managing multiple tasks/projects concurrently.

General office environment with potential travel; may require moderate walking/standing in field locations such as generation plants, substations, and warehouses. Must be able to lift up to 50 pounds.

Employees must be able to perform the essential functions of the position, with or without an accommodation.

All qualified applicants will receive consideration for employment without regard to race, color, religion or religious creed, age, national origin, ancestry, citizenship status (except as required by law), gender (including gender identity and expression), sex (including pregnancy), sexual orientation, genetic information, physical or mental disability, veteran or military status, familial or parental status, marital status or any other category protected by applicable local, state or U.S. federal law.

MidAmerican Energy Company, a Midwest utility, provides regulated electric and natural gas service to more than 1.6 million customers in Illinois, Iowa, Nebraska and South Dakota. The company owns and operates a portfolio of power-generating assets, approximately 61% of which is wind generation.