Security Architect, Industrial Control Systems (ICS)

Title: Security Architect, Industrial Control Systems (ICS) 
Company: Tampa Electric Company
Location: Ybor Data Center 
State and City: Florida  -  Ybor City
Shift: Flex Hybrid Work Location

Recruiter: Mark E Koener 

TITLE:  Security Architect, Industrial Control Systems (ICS)
PERFORMANCE COACH:     Manager Information Security
COMPANY:    Tampa Electric
DEPARTMENT:    Information Security and Support

POSITION CONCEPT
This role will provide an innovative and comprehensive approach for complex business and technology initiatives pertaining to cyber security and smart grid environments utilizing cyber defense, enterprise risk management, information assurance and information security.  This role will also assist with the identification and evaluation of holistic security gaps with a focus on infrastructure and the business applications layer. Additionally, this role will identify and integrate sound security controls for applications, systems, and processes for the organization. 

PRIMARY DUTIES AND RESPONSIBILITIES 
1.    Support the Industrial Control System (inclusive of Distributed Control Systems (DCS), Electric and GAS SCADA and Smart-Grid) Security Architecture based on industry-specific security standards 20%
2.    Participate in cyber security risk assessments of industrial control systems (ICS), to include all cyber assets, such as: Energy Management Systems (EMS), DCS, Human machine interfaces (HMIs), Programmable logic controllers (PLCs), Remote terminal units (RTUs), and Supervisory control and data acquisition (SCADA) 15%
3.    Deploy internal ICS and Smart Grid security standards based on NERC CIP, NIST 800-82, ISA99, NISTIR 7628, and other industry-specific security standards 10%
4.    Perform risk and vulnerability research, aiding in the development of the ICS security posture, in response to the evolving ICS threat landscape 10%
5.    Support Smart Grid and SCADA/ICS Projects, Security Monitoring, Vulnerability Assessment, Penetration Testing, Cybersecurity Analysis, and NERC CIP audit readiness evaluations. 15%
6.    Incorporation of ICS penetration and/or vulnerability testing reports into ICS risk register 10%
7.    Mitigate and/or remediate deficiencies ensuring risks will be reduced to accepted levels prior to technology implementation 10%
8.    Research and contribute to industry best practices 10%

SUPERVISION
Direct Supervision:    N/A 
Indirect Supervision:        N/A

RELATIONSHIPS
Key Internal:    This position will engage multiple I.T. groups and business units, including Energy Supply, Energy Distribution, Energy Delivery, and GAS.  Interactive engagement will require communication with include individual contributors, middle management and executive management.
Key External:     This position will engage external contacts including vendors, contractors, regulatory agencies (ex: FRCC, NERC), industry associations, and other utility partners.
        
QUALIFICATIONS
Education
Required:     Bachelor’s Degree in Computer Science, Information Systems or other I.T. related field, or an EAC/ABET Bachelor’s Degree in Electrical Engineering AND 6 years of related I.T. experience
OR
High School Diploma AND 8 years of related I.T. experience

Preferred:    Master’s Degree in Computer Science or other I.T. related field of study AND 10 years of related Information Security and ICS experience
OR
Master’s Degree in I.T. related field or Business Administration with Bachelor’s degree in Computer Science or other I.T. related field of study AND 10 years of related Information Security and ICS or Smart Grid experience

Licenses/Certifications
Required:    One active industry recognized security certification(s) over multiple domains 
(ex: CISSP, GIAC/GICSP)

Preferred:    CISSP, ITILv3, and one or more related I.T. Security professional or vendor certifications from SANS GIAC, ISACA, IACRB, ISC2, Microsoft, Checkpoint, etc.

EXPERIENCE
 
Related Experience  
Required:    6 years of practical technical experience within a IT Security role
    3 years of related or direct electric utility industry experience 

Preferred:    10 years of practical technical experience within a IT Security role
    5 years of direct electric utility industry experience

Knowledge/Skills/Abilities (KSA) 
Required:     
1.    Familiarity with Energy Management Systems, distribution management systems, generation management systems, demand response systems. 
2.    Knowledge of Electric and/or Gas industrial control networks and operations technology. 
3.    Knowledge of Field Area Network Architectures for Transmission and Distribution control and automation. 
4.    Experience with Advanced Metering Infrastructure (AMI), Distribution Automation (DA) and Smart Grid deployments. 
5.    Experience in a Network or Security Operations Center monitoring information systems or SCADA systems. 
6.    Experience in industrial cyber security standards and guidelines such as ISA 99, API-1164, and NIST 800/SP-800 series, DOE Electricity Sector Cyber Security Capability Maturity Model (ES-C2M2), IEEE standards
7.    Knowledge of ICS and SCADA protocols, including DNP3, ICCP, 61850, GOOSE, C37.118, ModBus+, ZigBee, 802.11x, RF
8.    Participate in compliance efforts for NERC Critical Infrastructure Protection. 

Preferred:    
1.    Knowledge of Utility/Energy or Smart Grid Communications Systems Architecture
2.    Knowledge of ICS and SCADA protocols, including DNP3, ICCP, 61850, GOOSE, C37.118, ModBus+, ZigBee, 802.11x, RF

TITLE:    Sr. Industrial Control Systems (ICS) Security Architect
PERFORMANCE COACH:     Manager Information Security
COMPANY:    Tampa Electric
DEPARTMENT:    Information Security and Support

PRIMARY DUTIES AND RESPONSIBILITIES 
1.    Develop and implement ICS (inclusive of EMS, DCS, Electric and GAS SCADA and Smart-Grid) Security Architecture based on industry-specific security standards 30%
2.    Create, lead, conduct and track cyber security risk assessments of ICS, to include all cyber assets, such as EMS, DCS, HMIs, PLCs, RTUs, and (SCADA) 20%
3.    Develop, deploy and train personnel on internal ICS and Smart Grid security standards based on NERC CIP, NIST 800-82, ISA99, NISTIR 7628 and other industry-specific security standards 10%
4.    Perform continuous risk and vulnerability research, aiding in the development of the ICS and/or Smart Grid security posture, in response to the evolving ICS threat landscape 10%
5.    Lead strategy and execution for projects involving SCADA/ICS Security Monitoring, Vulnerability Assessment, Penetration Testing, Cybersecurity Analysis, and NERC CIP audit readiness evaluations 10%
6.    Understand and incorporate ICS penetration and/or vulnerability testing reports into the ICS risk register 10%
7.    Coordinates with SMEs to gauge the viability and sufficiency for proposed mitigation and remediation, ensuring risks will be reduced to accepted levels prior to implementation 5%
8.    Research and contribute to industry best practices 5%

SUPERVISION
Direct Supervision:    N/A  
Indirect Supervision:        N/A

RELATIONSHIPS
Key Internal:    This position will engage multiple I.T. groups and business units, including Energy Supply, Energy Distribution, Energy Delivery, and GAS.  Interactive engagement will require communication with include individual contributors, middle management and executive management.
Key External:     This position will engage external contacts including vendors, contractors, regulatory agencies (ex: FRCC, NERC), industry associations, and other utility partners.
        
QUALIFICATIONS
Education
Required:     Bachelor’s Degree in Computer Science, Information Systems or other I.T. related field AND 8 years of related I.T. experience
OR
High School Diploma AND 10 years of related I.T. experience.
Preferred:    Master’s Degree in Computer Science or other I.T. related field of study AND 10 years of related Information Security and ICS or Smart Grid experience
OR
Master’s Degree in I.T. related field or Business Administration with Bachelor’s degree in Computer Science or other I.T. related field of study AND 10 years of related Information Security and ICS or Smart Grid experience

Licenses/Certifications
Required:    One active industry recognized security certification(s) over multiple domains 
(ex: CISSP, GIAC/GICSP)

Preferred:    CISSP, ITILv3, and one or more related I.T. Security professional or vendor certifications from SANS GIAC, ISACA, IACRB, ISC2, Microsoft, Checkpoint, etc.

EXPERIENCE
Related Experience 
Required:    8 years of practical technical experience within a IT Security role 
    5 years of related or direct electric utility industry or Smart Grid experience 
Preferred:    10 years of practical technical experience within a IT Security role
    7 years of direct electric utility industry or Smart Grid experience

Knowledge/Skills/Abilities (KSA) 
Required:     
1.    Knowledge with Energy Management Systems, distribution management systems, generation management systems, demand response systems. 
2.    Experience with Electric and/or Gas industrial control networks and operations technology. 
3.    Advanced professional experience in Industrial Control Systems security and risk management
4.    Experience with Field Area Network Architectures for Transmission and Distribution control and automation. 
5.    Experience with Advanced Metering Infrastructure (AMI), Distribution Automation (DA) and Smart Grid deployments. 
6.    Experience in a Network or Security Operations Center monitoring information systems or SCADA systems. 
7.    Extensive experience in information security risk management frameworks, and standards such as NERC CIP, and NIST 800 series
8.    Experience in industrial cyber security standards and guidelines such as ISA 99, API-1164, and NIST 800/SP-800 series, DOE Electricity Sector Cyber Security Capability Maturity Model (ES-C2M2), IEEE standards
9.    Experience with ICS and SCADA protocols, including DNP3, ICCP, 61850, GOOSE, C37.118, ModBus+, ZigBee, 802.11x, RF
10.    Conducted audits or participated in compliance efforts for NERC Critical Infrastructure Protection. 

Preferred:    
1.    Advanced experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS)
2.    Advanced knowledge of Utility/Energy Communications Systems Architecture
3.    Expert knowledge of ICS and SCADA protocols, including DNP3, ICCP, 61850, GOOSE, C37.118, ModBus+, ZigBee, 802.11x, RF

TECO offers a competitive Benefits package!!

Competitive Salary *401k Savings plan w/ company matching * Pension plan * Paid time off* Paid Holiday time * Medical, Prescription Drug, & Dental Coverage  *Tuition Assistance Program * Employee Assistance Program * Wellness Programs * On-site Fitness Centers * Bonus Plan and more!

STORM DUTY REQUIREMENTS....Please make sure to read below!!!  Responding to storms will be considered a condition of employment.

TECO Energy and its companies serve a role in providing critical services to our community during an emergency. Team members are required to participate in the response/recovery activities related to emergencies/disasters to maintain service to our TECO Energy customers. Team members are required to work in their normal job duties or other assigned activities. Proper compensation will be made in accordance with the company's rules and procedures.

TECO Energy is proud to be an Equal Opportunity Employer.

TECO Energy is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by law, except where physical or mental abilities are a bona fide occupational requirement and the individual is unable to perform the essential functions of the position with reasonable accommodations.

In order to provide equal employment and advancement opportunities for all individuals, employment decisions at TECO Energy will be based on skills, knowledge, qualifications and abilities.

Pay Transparency Non-Discrimination Statement
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)

ADA policy
It is the policy of TECO Energy to provide reasonable accommodation for all qualified disabled individuals who are employees and applicants for employment, unless it would cause undue hardship. The corporation will adhere to applicable federal and state laws, regulations and guidelines, including, but not limited to the Americans with Disabilities Act (ADA) of 1990 and section 503 and 504 of the Rehabilitation Act of 1970s.

Application accommodations
Applicants may request reasonable accommodation in the application process five business days prior to the time accommodation is needed.

Pre-employment physical exams may be required for positions with bona fide job-related physical requirements regardless of disability.