OT Cyber Security

The CIP OT Cyber Security Systems Administrator plays a crucial role in ensuring the security reliability and compliance of the organizations critical infrastructure. This position is responsible for implementing and maintaining security measures to protect computer systems networks and data. This role involves identifying vulnerabilities and threats ensuring compliance with security policies and responding to security incidents.

Specifically this position is responsible for supporting the design implementation and maintenance of organizations NERC (North American Electric Reliability Corporation) CIP (Critical Infrastructure Protection) programs related to the Bulk Electric System (BES) and associated cyber systems.

As a NERC regulated position a background check will be conducted on the incumbent every seven years.

Primary Responsibilities

• System Security: Design implement and maintain robust security measures to protect NERC CIP critical infrastructure systems from cyber threats.

• System Administration: Implement and administer various cyber security products tools solutions and their corresponding applications and clients.

• Upgrade and Patch Systems: Plan and execute system upgrades and security patches to ensure that all systems are up to date with the latest security patches and updates to enhance functionality and security.

• Manage and Maintain: Manage numerous domains networks and physical and virtual environments that support numerous cyber assets across the AES US NERC CIP footprint.

• Troubleshooting: Diagnose and resolve technical problems related to OT systems providing timely support to minimize operational disruptions.

• Monitoring: Continuously monitor cyber security OT systems to ensure optimal performance and promptly address any issues or anomalies.

• Change Management: Maintain and follow NERC CIP change management processes for all required changes.

• Backup and Recovery: Manage backup and recovery processes to ensure data integrity and availability in the event of a system failure.

• Documentation: Develop revise maintain and implement detailed documented processes and operating procedures.

• Training: Provide training and support for staff on the proper use and management of OT systems.

• Innovation: Stay updated with the latest standards requirements trends and advancements in the NERC CIP OT technology space to recommend and implement improvements.

• Risk Assessment: Perform risk and vulnerability assessments to identify quantify and mitigate potential security risks.

• Access Control: Manage user access rights and privileges ensuring appropriate levels of security and compliance.

• Continuous Monitoring: Implement and maintain continuous monitoring solutions to detect and respond to security events in realtime.

• Incident Response: Develop and execute incident response plans conduct investigations and implement corrective actions.

• Vendor Management: Collaborate with external vendors and service providers to procure implement and maintain cyber security products and solutions.

• Compliance Management: Ensure adherence to NERC CIP standards and regulatory requirements including regular audits documentation and reporting.

• Collaboration: Work effectively with both internal and external groups to procure implement configure troubleshoot and resolve issues with assets applications domains networks environments etc.

Other duties as assigned.

Qualifications

• Education: Bachelors degree in cyber security Information Technology Computer Science Engineering or a related field.

• Experience: Minimum of 3 years of proven experience in cyber security OT systems administration or related role.

• Certifications: Relevant certifications such as CISSP CISM CompTIA Cisco Microsoft Linux Unix or similar are highly desirable and may be used in lieu of a degree.

• Technical Skills: Proficiency in numerous technologies and OT systems such as security applications/systems VMware SCADA and DCS systems system backup solutions PowerShell SQL switches firewalls intrusion detection systems SIEM endpoint protection security patching vulnerability management etc.

• Analytical Skills: Strong analytical and problemsolving skills to troubleshoot conduct risk assessments and manage security incidents.

• Communication Skills: Excellent written and verbal communication skills to effectively convey security policies procedures incident reports and technical issues to nontechnical staff and auditors.

• Team Collaboration: Ability to work collaboratively with IT operations and compliance teams to ensure comprehensive security measures.

• Industry Experience: An ideal candidate would have experience in the Energy or Utility industry experience supporting a 24 x 7 real time operations environment experience supporting systems subject to regulatory compliance requirements or experience with FERC NERC and/or a NERC Regional Entity.