Responsible for technical advisement for Cyber Security requirements for the protection of all information processed, stored or transmitted by organization computer systems. Directs the development and delivery of a comprehensive cyber security program and compliance functions. Oversees development of standards, policies, procedures, and guidelines which provide guidance and control of cyber security.
- 5 Years + experience in cyber security administration and risk management.
- 8 Years + experience as a System Administrator and knowledge in IDS/IPS, firewalls, internet protocols, enterprise-wide Operating Systems, risk assessments and network security.
- 5 Years + Experience in creating conceptual, logical and physical security diagrams, identifying technology-based security tools, and inserting information security controls and checkpoints into the application design process.
- 5 Years + Experience with cyber security vulnerability assessments, penetration tests, forensics and the tools/techniques involved in both.
- 5 Years + Experience in the capabilities and/or configuration of cyber security controls, specifically those relating to firewalls, access control, authentication, anti-virus/anti-malware, patching, application whitelisting, and event correlation.
- 2 Years + Experience with Supervisory Control and Data Acquisition systems, Industrial Control Systems, Programmable Logic Controllers, incident response and forensics preferred.
- Certified Information Systems Security Professional (Preferred)
- Microsoft Certified Solutions Expert (Preferred)
- Cisco Certified Network Professional (Preferred)
- Certified Ethical Hacker (Preferred)
CYBER SECURITY TECHNICAL ASSISTANCE:
- Provides technical assistance and support to customers.
- Provides cyber security technical and operational guidance for the station to assure new business functionalities have the proper security controls and objectives identified, implemented, verified, and tested.
- Maintains a superior knowledge of the cyber security capabilities of operating systems, networking devices, control systems, and vendor offerings.
- Communicates clearly, both orally and in writing, to technical and non-technical audiences.
CYBER SECURITY PROCESS DEVELOPMENT - STAFF:
- Directs standards, policies, procedures, and guidelines which provide guidance and control of cyber security.
- Identifies, evaluates, conducts, schedules and leads cyber security functions to ensure all applicable cyber security requirements are met. Reviews, recommends, implements, and maintains all security technology products within the security domain.
- Monitors and evaluates vulnerability information from various sources, security trends, best practices and effectively articulates mitigation guidance.
- Develops and implements Disaster Recovery (DR) strategies for Critical Digital Assets. Conducts cyber security investigations.
- Reviews hardware and software audits for compliance with established regulation, standards, policies, and procedures.
- Understands the cyber security aspects of the architecture of plant networks, operating systems, hardware platforms, software platforms, operating systems, and applications, plant-specific applications.
- Designs and deploys enterprise cyber security monitoring, detection and incident response systems.
- Responsible for the cyber security implications surrounding the overall architecture of plant networks, operating systems, hardware platforms, plant-specific applications, and the services and protocols upon which those applications rely.
CYBER SECURITY - STAFF:
- Designs, evaluates, and integrates information security infrastructure solutions. Plans, coordinates and conducts detailed inquiries, assesses potential damage and develops and implements corrective action plans.
- Provides analysis and/or reverse engineering of suspect source code including Trojans, Virus, back doors, and other known and previously unknown Malware.
- Monitors Cyber Security systems as assigned. Develops, leads, and administers security risk assessments and threat modeling.
- Installs, configures, operates and maintains cyber security equipment and log sources and logging technologies.
- Oversees and approves cyber security training, security technologies and techniques. Approves proposed cyber security configuration modifications.
- Develops and delivers communications to senior management regarding strategic cyber security risks and threats.
- Oversees and responsible for mitigation response to cyber security audits, network scans, and penetration tests against Critical Digital Assets. Oversees and responsible for cyber security investigations involving compromise of Critical Digital Assets an
- Maintains responsibility for business plan activities associated with Cyber Security.
SPECIAL SKILLS, KNOWLEDGE AND QUALIFICATIONS
- Working knowledge and understanding of NRC cyber security regulations. General knowledge of digital systems in the Energy sector, including digital instrumentation, programmable logic controllers, controls systems, and distributed control systems.
- Expertise and knowledge of NIST 800-53 (Recommended Security Controls for Federal Information Systems and Organizations) and 800-82 (Guide to Industrial Control Systems (ICS) Security).
- Knowledge and understanding of security principles such as; hardened/bastioned system builds, network separation, secure coding standards, and wireless security.