CIP Cybersecurity Engineer
VELCO is pleased to announce an opening for a CIP Cybersecurity Engineer. The position may be filed by an Associate to Senior Level Engineer. All applicants are encouraged to apply.
Who VELCO is
VELCO sits at an inflection point of dynamic innovation in an industry undergoing transformation. Our core responsibility to operate a safe and reliable electric transmission system for Vermonters has not changed. How we fulfil that responsibility, however, changes regularly with the evolution of the system we operate and the dynamic demands of the customers we serve. These conditions require that VELCO remain unshakably focused on operational excellence today while anticipating the capabilities we will need to thrive tomorrow. Likewise, the successful CIP Cybersecurity Engineer will have the capabilities to meet today’s responsibilities while having the foresight and learning orientation to anticipate VELCO’s needs well into the future.
The CIP Cybersecurity Engineer at VELCO is a trusted partner excited to help us realize our Vision to create a sustainable Vermont through our people, assets, relationships and operating model. The CIP Cybersecurity Engineer is someone innately committed to fulfilling our Mission to serve as a Trusted Partner by passionately living our TRUST values (Treating each other with respect; Responding with urgency; Unconditionally supporting one another; Sharing information; and Thinking outside the box).
Why you should join our team
As VELCO’s CIP Cybersecurity Engineer, you will be part of a team responsible for enterprise Cybersecurity and NERC CIP compliance functions across the domain. This role will be responsible for supporting administrative and engineering functions of the SCADA platform and will work collaboratively with the compliance department on applicable NERC CIP standards. In conjunction with other members of the team, you will be responsible for threat detection and incident response.
How you will make an impact
- Assist with maintenance of the server and network infrastructure supporting SCADA (Supervisory Control and Data Acquisition) and EMS (Energy Management System) services, including security and operational update activities.
- Responsible for supporting the critical SCADA platform, familiarity with the Window/Linux/Workstation platforms, patching tools (Big Fix, SCCM), VMWare, and storage technologies. In supporting, you will also look for opportunities to continuously develop this platform.
- Support the enterprise security framework via deployment, operation and maintenance of cyber security solutions across applications and support platforms.
- Collaborate in evaluations of security threats and vulnerabilities, security investigations/audits, standards interpretations and analysis, and ongoing program risk assessment activities.
- Participate in incident response and emergency preparation activities.
- Work to develop knowledge as a subject matter expert for the NERC Cyber Security requirements; support all compliance-related activities. Demonstrate broader knowledge of NERC and CIP compliance controls, regulatory matters, and business applications along with providing general and technical feedback and assistance on the interpretations of cyber security requirements.
- Engage with staff across the company regarding cyber security and related compliance responsibilities and contribute to development of security standards, internal controls and best practices for the organization.
- Partner closely with the Compliance Team on the development, support, and contribution to the on-going strategy of the NERC and CIP compliance program to meet regulatory and company requirements.
- Participates on key initiatives within the company.
- Performs other duties as assigned.
Who you are
To thrive in this role, you have experience managing server infrastructure, executing updates and maintaining a secure platform while addressing all operational dependencies and documentation in a strong team environment. You should have 2 to 5 years of applicable IT experience. Security certifications, including SANS, exposure to security/compliance framework (NIST), and other networking certifications, such as CCNP is a plus.
VELCO’s commitment to our employees
- Paid Time Off – Everyone needs time off to recharge. New employees are frontloaded with prorated time off dependent upon date of hire
- Sick Leave – We advocate for staying home when you are sick
- Paid Holidays – We observe 11 paid company holidays
- Medical – Select from two comprehensive health plans. Employees have access to a Health Savings Account and Flexible Spending Account. We allow documented Domestic Partners on our plans
- Dental & Vision – Offers a wide range of covered services
- Wellness Program – Allows you to receive up to $100 per year for reimbursement of approved wellness expenses
- Employee Assistance Program (EAP) – Aids with mental health, stress management, work-life balance, financial and legal matters, and much more
- 401K – We offer a very generous employer match and profit share contribution
- Short Term Incentive Bonus – VELCO proudly offers a yearly incentive bonus based on individual contributions and key performance indicators
- Life Insurance – VELCO paid life insurance and supplemental coverages are available
- Starting pay will be determined at the time of offer based on the experience, education, and training of the successful candidate.
- Eligible applicants must be authorized to work in the United States.
- Any offer of employment will be contingent upon successful reference check, background check, physical examination, drug screening, and documentation of Covid-19 vaccination
- VELCO utilizes a hybrid work schedule. Travel to the Rutland campus is expected at least twice per week
- VELCO is an Equal Employment Opportunity & Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran
The Fine Print
- Knowledge of Windows, Linux, Workstation platforms (Windows); AD; Patching tools (big fix, SCCM); Familiar with the basic SEIM and security methodologies.
- Familiarity with audits, compliance investigations, and internal controls evaluations.
- Knowledge of VMWare, storage technologies, AD, DHCP, DNS, VPN, SANS security guidance, NERC/FERC guidelines.
- Excellent organizational skills and attention to detail.
- Ability to create test plans and cases from specifications or verbal communications.
- Excellent interpersonal skills with the ability to serve as a liaison with developers, project managers, and customer support.
- Strong analytical and problem-solving skills.
- Superior verbal and written communication skills.
- Ability to interact effectively and professionally with a diverse group of employees throughout the organization.
- Ability to plan and complete multiple, diverse tasks and meet challenging deadlines.
Able to clearly present complex technical information to committees, management, external regulators and industry associations.
It is expected that you will have the experience, education, and knowledge in system engineering and administration to manage, and continue to develop, this environment. Successful experience with system administration and the associated tools is also expected. Experience with compliance and cybersecurity functions within a regulated industry is a plus.
Prolonged periods sitting at a desk and working on a computer. Must be able to maintain fast pace while completing complex, analytical work, in potentially stressful situations, with competing priorities, within tight timelines and with frequent interruptions.