Global IT Security Engineer (Hybrid)


Reading, PA, US

Company:  UGI Utilities, Inc
Remote Options: 

UGI Utilities, Inc. is a natural gas and electric utility company committed to delivering reliable, safe and affordable energy to our 700,000 customers in 45 counties in Pennsylvania and 1 county in Maryland. We pride ourselves on being a responsive, engaging energy company.  The foundation of our success lies in the strength of our 1,700 plus employees who strive to exceed the expectations of our customers and the communities we serve every day.

We offer comprehensive benefits, some of which are:

  • medical, prescription, dental, vision, life insurance
  • disability plans
  • 401(k) matched savings plan
  • paid vacation
  • company stock purchase program
  • wellness programs
  • tuition reimbursement
  • paid parental leave
  • paid volunteer time
  • adoption assistance

Job Summary

The Global Cyber Security Engineer will support and administer cyber security initiatives for all software and hardware-based systems.  This individual will work under the direction of the Global Manager - Cyber Security Threat Intelligence & Protection to perform assessments, monitoring, threat analysis, security engineering and to contribute to the development of the overall cyber security program.  In addition, the individual will assist in the ongoing risk assessment program, security governance and security awareness training activities.


Key Characteristics:

  • Strong understanding of security and infrastructure architectures and technologies.
  • Experience in developing, implementing, advancing, and supporting security tools and procedures.
  • Demonstrated ability to troubleshoot with limited information.

Duties and Responsibilities

  • Analyze results from scheduled vulnerability and penetration testing, follow up with IT staff on issues found and maintain issue tracking on all open security issues. 
  • Partner with system security architect and support security designs.
  • Configure and troubleshoot security infrastructure devices. 
  • Interprets various federal, state, and industry frameworks for security, including but not limited to PCI DSS, SOX, ISO/IEC 27001, OWASP Top Ten, CIS Critical Security Controls, NIST, and advises management of any changes. 
  • Develop technical solutions using security tools to help mitigate security vulnerabilities and automate repeatable tasks. 
  • Performs assessments of newly deployed technologies to ensure risks are mitigated. 
  • Performs PoC (Proof of Concept) assessment evaluations on new products. 
  • Responsible for creating and communicating virus and patch protection alerts, monitoring and auditing patching and anti-virus compliance for critical vulnerability and virus risks. 
  • Utilize experience, resources, and tools to safeguard information system assets by identifying and solving potential and actual security problems. 
  • Understand the architecture of all infrastructure security systems and deployments and work with management to address potential issues.
  • Maintain understanding of all computer operating system hardware, software, and communications platforms and protocols in use in the enterprise and develop standards for their secure deployment. 
  • Assist in maintaining and/or creating computer incident response documentation and methodology for responding to security events. 
  • Assist in creating and maintaining IT security policies and procedures. 
  • Research new InfoSec trends and analyze Threat Intelligence reports.
  • Assist with the annual compliance efforts and collect all relevant data for the examination under the direction of management. 
  • Identify opportunities to improve risk posture, developing solutions for remediating or mitigating risk and assessing residual risk. 

Knowledge, Skills and Abilities

  • Advanced analytical and problem-solving skills.
  • Strong interpersonal skills.
  • Strong working knowledge of networking, routing, protocols, ports, and services.
  • Working knowledge of System Information Event Monitoring (SIEM), Intrusion Detection and Prevention System (IDS/IPS), vulnerability scanning tools, encryption capabilities, Network Access Controls (NAC), Data Loss Prevention (DLP), NMAP, Vulnerability scanners, Wireshark, and other security related tools.
  • Working knowledge of Linux and Microsoft Windows Active Directory, Windows operating systems and server / endpoint skills and experience. 
  • Demonstrated experience in conducting security assessments. 
  • Demonstrated experience in investigating security issues related to Internet, server, desktop, laptop, tablet and other mobile device security issues; OS patching, hardening and anti-virus. 
  • Understanding of data network configuration and infrastructure concepts, including TCP/IP, DNS, routers, firewalls, web servers and security hierarchy including the application of encryption key infrastructures and authentication processes. 
  • Knowledge of cloud security concepts (Azure / AWS).
  • Programming logic concepts, scripting experience (Powershell, Python, Bash) a plus. 
  • Excellent oral and written communication skills.
  • Ability to follow established processes and guidelines for Change Management, Release Management, Problem and Incident management.
  • Team player with strong organizational skills, a positive attitude and customer service orientation.
  • Innovative thinker who is able to see the big picture while remaining attentive to the details.
  • Experience with MS productivity tools (Word, Excel, PowerPoint, Visio).

Education and Experience

  • A minimum of four years of experience in Information Security.  Previous general IT systems and networking background strongly preferred. 
  • SANS/GIAC, CompTIA, ISC2, Cisco, Microsoft, Offensive Security, or similar certifications preferred.


Working Conditions:

  • Normal office environment.
  • May require travel. 
  • May require on-call responsibilities.
  • Must be in driving distance to the Pennsylvania offices (Valley Forge, Denver, and Wyomissing).
  • Must have a conducive work from home environment in order to be productive. 

UGI Utilities, Inc. is an Equal Opportunity and Affirmative Action Employer.  As such, the Company abides by the requirements of the Executive Order 11246, 41 CFR 60-741.5(a), and 41 CFR 60-300.5(a).  The Company does not discriminate on the basis of race, color, sex, national origin, disability, age, gender identity, veteran status, or any other legally protected class in its practices.

Successful applicants shall be required to pass a pre-employment drug screen as a condition of employment, and if hired, shall be subject to substance abuse testing in accordance with UGI policies. As a federal contractor that engages in safety-sensitive work, UGI cannot permit employees in certain positions to use medical marijuana, even if prescribed by an authorized physician. Similarly, applicants for such positions who are actively using medical marijuana may be denied hire on that basis.

Nearest Major Market: Reading PA

Job Segment: Cyber Security, Cloud, Developer, Behavioral Health, Substance Abuse, Security, Technology, Healthcare