The CIP Cybersecurity Engineer position has a career ladder in place. We will consider an Associate, Engineer or Senior Engineer Levels. Below is the information for the Engineer Level. The Salary range reflects all three levels from Minimum of the Associate Level to Midpoint of the Senior Level.
Why you should join our team
As VELCO’s CIP Cybersecurity Engineer, you will be part of a team responsible for enterprise Cybersecurity and NERC CIP compliance functions across the domain. This role will be responsible for supporting administrative and engineering functions of the SCADA platform and will work collaboratively with the compliance department on applicable NERC CIP standards. In conjunction with other members of the team, you will be responsible for threat detection and incident response.
How you will make an impact
- Support the enterprise security framework via deployment, operation and maintenance of cyber security solutions across applications and support platforms.
- Maintain situational awareness of the organization’s networks for unexpected security events and participate in any investigations.
- Collaborate in evaluations of security threats and vulnerabilities, security investigations/audits, standards interpretations and analysis, and ongoing program risk assessment activities.
- Develop detailed remediation reports and recommendations for compliance and security improvements based on existing and emerging threats.
- Maintain the server and network infrastructure supporting SCADA (Supervisory Control and Data Acquisition) and EMS (Energy Management System) services, including security and operational update activities.
- With Senior Engineer guidance, prepare and install solutions by determining and designing system specifications, standards, and programming.
- Participate in incident response and emergency preparation activities.
- Develop working knowledge to serve as a subject matter expert for the NERC requirements; support all compliance-related activities. Demonstrate broader knowledge of NERC and CIP compliance controls, regulatory matters, and business applications along with providing general and technical feedback and assistance on the interpretations of requirements.
- With leadership guidance, participate in projects activities and contribute to budget and project planning.
- May supervise others, such as an intern.
- Engage with staff across the company regarding cyber security and related compliance responsibilities and contribute to development of security standards, internal controls and best practices for the organization.
- Represent VELCO on various regional, ISO and transmission owner committees, attend conferences, and develop regional relationships related to the CIP regulatory environment. Attend workshops, reviews, seminars, and training on a regular basis.
- Partner closely with the Compliance Team on the development, support, and contribution to the on-going strategy of the NERC and CIP compliance program to meet regulatory and company requirements.
- Participate on key initiatives within the company.
- Perform other duties as assigned.
Who you are
To thrive in this role, you have A Bachelor’s degree in Information Technology, Security, or related technical discipline. Equivalent work experience considered. Having relevant security certifications or the ability to obtain (CISA, CCSP, MCSE, CISSP, GSEC, GCED, GPEN, GSIP or GCIH) is expected. A Master’s degree may be substituted for some experience.
The fine print
- Knowledge of Windows, Linux, Workstation platforms (Windows); AD; Patching tools (big fix, SCCM); Familiar with the basic SEIM and security methodologies.
- Familiarity and working knowledge of audits, compliance investigations, and internal controls evaluations.
- Knowledge of VMWare, storage technologies, AD, DHCP, DNS, VPN, SANS security guidance, NERC/FERC guidelines.
- Excellent organizational skills and attention to detail.
- Ability to create test plans and cases from specifications or verbal communications.
- Excellent interpersonal skills with the ability to serve as a liaison with developers, project managers, and customer support.
- Strong analytical, problem-solving skills, and project management skills.
- Superior verbal and written communication skills.
- Ability to interact effectively and professionally with a diverse group of employees throughout the organization.
- Ability to plan and complete multiple, diverse tasks and meet challenging deadlines.
- Able to clearly present complex technical information to committees, management, external regulators and industry associations.
- Starting pay will be determined at the time of offer based on the experience, education, and training of the successful candidate.
- Eligible applicants must be authorized to work in the United States.
- Any offer of employment will be contingent upon successful reference check, background check, physical examination, drug screening, and documentation of Covid-19 vaccination
- Hybrid work scenario with the headquarters located in Rutland, Vermont. Employees are expected to be at headquarters an average of two days per week.
- VELCO is an Equal Employment Opportunity & Affirmative Action employer.
It is expected that you will have the experience, education, and knowledge in system engineering and administration to manage, and continue to develop, this environment. Successful experience with system administration and the associated tools is also expected. Experience with compliance and cybersecurity functions within a regulated industry is a plus.
Prolonged periods sitting at a desk and working on a computer. Must be able to maintain fast pace while completing complex, analytical work, in potentially stressful situations, with competing priorities, within tight timelines and with frequent interruptions.
At VELCO, we believe diversity, equity, and inclusion deepen expertise, perspective, and innovation. All insights, experiences, and backgrounds are needed for a brighter energy future and to create a sustainable Vermont. We welcome all to come learn, work, and grow with us.