POWER UP A CAREER WITH US

Our people power everything we do.

At Tampa Electric, dependable electricity starts with dedicated individuals whose talent, skill and passion drive our success. We’ve been lighting the way for West Central Florida for more than 125 years—and we’re just getting started.  

Join us and build a rewarding career with competitive pay, comprehensive benefits and a culture that supports your growth. Your potential finds its purpose at Tampa Electric.

We proudly deliver 99.98% electric service reliability to nearly 860,000 customers across 2,000 square miles of Hillsborough County and parts of Polk, Pasco and Pinellas counties. Through innovation and strategic investments, we’re creating a cleaner, brighter energy future—while delivering exceptional service every step of the way.

We reflect the communities we serve and foster a workplace where every employee feels welcomed, valued and engaged. Join our team of energy experts and help shape the future of power.

Storm Duty Requirements

Tampa Electric and its sister companies serve a role in providing critical services to our community during an emergency. Team members are required to participate in the response/recovery activities related to emergencies/disasters to maintain service to our Tampa Electric customers. Team members are required to work in their normal job duties or other assigned activities. Proper compensation will be made in accordance with the company's rules and procedures.

Responding to storms will be considered a condition of employment.

Tampa Electric is proud to be an Equal Opportunity Employer. To learn more, please click on link below: 

Disclosure Statements

Title: Cyber Security Analyst, Security Operations, Progression 
Company: Tampa Electric Company
Location: Bearss Operations Center 
State and City: Florida  -  LUTZ
Shift: 8 Hr. X 5 Days

Hiring Manager:  Marc Imhof

Recruiter: Mark Koener 

 

 

 TITLE:                Cyber Security Specialist Progression
PERFORMANCE COACH:     Lead Cyber Security Architect
COMPANY:                Tampa Electric
DEPARTMENT:            Information Security
 

POSITION CONCEPT
The Cyber Security Specialist Associate is responsible for assisting with monitoring the company’s information security systems, ensuring that all procedures are followed on a daily, weekly, monthly, and annual basis.  Provide support, within a team environment, for systems used to monitor and protect the enterprise assets.  Detect, analyze, and respond to any suspicious cyber security activity across TECO/Emera business and operational networks, including all network infrastructure, operating systems, and server platforms throughout TECO Energy and its subsidiaries.  Develop an in-depth understanding of exploits (e.g., malware) and vulnerabilities, resolving issues by taking the appropriate corrective action, or following the appropriate escalation procedures.  Assist with identifying and assessing threats to TECO’s network and data, monitoring TECO’s network for malicious activity, investigating intrusions and other relevant events, and has a maintaining a sophisticated and detailed understanding of the evolving threat landscape, includes assessing enterprise assets to include critical assets for secure configurations and maintaining and enforcing regulations regarding NERC Critical Infrastructure Protection (CIP), Sarbanes-Oxley (SOX), PCI, and corporate information security standards.

Advancement to a higher level is based on value added to the company through increased duties, responsibilities, and accomplishments.  Advancement is not automatic, i.e. based solely on time in the job, but will be based on direct observation of the employee’s performance, accomplishments, qualifications, and the business and/or technical needs of the department.

 

PRIMARY DUTIES AND RESPONSIBILITIES
1.    Translate all applicable standards and requirements (NERC CIP, NIST 800-171, NIST 800-53, PCI-DSS, SOX, etc.) into appropriate systemic and procedural solutions to enable compliance adherence.  Coordinate and communicate necessary actions to maintain compliance with applicable internal and regulatory standards.  Assist in the development and enforcement of company policies, procedures, desk level procedures, disaster recovery plans, processes, plans and standards that support and facilitate governmental and regulatory compliance.  Assist in developing management responses to internal/external government and regulatory audits and data requests with respective management and staff. 20%
2.    Evaluate the effectiveness of in-place security controls to constantly strengthen the overall security posture.  Recommend implementation of countermeasures or mitigating controls and contribute to design, implement, and maintain security tools, systems, and technologies leveraged by the CFC (Cyber Fusion Center), TSA, or NERC CIP program. 20%

3.    Monitor and respond to security threats and/or events generated by various security monitoring tools/technologies for the enterprise network.  Determine if anomalies are actual system compromises.  Escalate significant threats/events to 2nd or 3rd tier support for deeper analysis.  Ensure all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment. 15%
4.    Conduct digital forensics by collecting computer/network-related evidence in support of policy violations, criminal activity, fraud, and in response to threat intelligence, law enforcement investigations, or information technology (IT) audit efforts (NERC CIP, SOX, PCI, etc.).  Conducts malware analysis to gather relevant indicators of compromise (IOCs) for active hunting and continuous monitoring for installed toolsets. 15%
5.    Monitor external event sources for security intelligence and actionable incidents. 15%
6.    Develop and maintain threat/risk metrics, security processes, and desk level procedures. 15%

 

SUPERVISION
Direct Supervision:         None
Indirect Supervision:         None

 

RELATIONSHIPS
Key Internal:     Engaging multiple IT groups and business units, including Energy Supply, Energy Delivery, and Regulatory Affairs.  Interactive engagement will require communication with individual contributors, middle management, and executive management.

Key External:         Engaging external contacts including vendors, contractors, regulatory agencies, 
law enforcement, industry associations, and other utility partners.

 

QUALIFICATIONS
Education
Required:     High School Diploma or equivalent.
Preferred:    Bachelor’s Degree in Computer Science, Information Systems, or other IT related discipline.
Licenses/Certifications
Required:    From the list of certification vendors, one related Information Security professional certification or ability to obtain via self-study within one year of hire date
(ex: (ISC)2, GIAC, ISACA, CompTIA, e-Council, etc.).
Preferred:    ITIL v3 and one or more of the following or similar Information Security professional certifications (ex: ACE, CCE, CEH, CISA, CISM, CISSP, CRISC, EnCE, GCCC, GCDA, GCED, GCFA, GCFE, GCIA, GCIH, GCWN, GICSP, GMON, GNFA, GPEN, GPPA, GREM, GWAPT, GXPN, OSCP, SSCP).
Related Experience
Required:    5 years of related Cyber Security, IT experience or Technical (hands-on networking, telecommunications such as radios, satellites, communications, hardware, software or experience.  .  
May consider a degree in lieu of experience.  An Associates degree in Computer Science, Information Systems or other IT related discipline and 3 years of experience or a Bachelors in Computer Science, Information Systems or other IT related discipline and 1 years of experience.
Experience may include up to one year of demonstrated IT experience, within a formal college/university internship or co-op program.

Knowledge/Skills/Abilities (KSA) 
Required:     
•    Good working knowledge of major operating system security (Windows, Mac OS, Linux/Unix), endpoint, server, and network security. 
•    Good working knowledge of major security systems and functions for incident response, monitoring and forensic activities: Firewalls, IDS/IPS, Antivirus/Antimalware, SIEM, Incident Response, Threat Prevention, Web/Application Control Filtering, Email Filtering, NetFlow Analysis, Endpoint Security, Configuration and Change Management, File Integrity Monitoring, and DLP.
•    Good working knowledge of log, network, and system forensic investigation techniques. 
•    Basic working knowledge of networking protocols and systems administration.
•    Basic working knowledge of identifying and capturing indicators of compromise and methods for detecting them within incidents.
•    Basic working knowledge with packet analysis and malware analysis.
•    Basic working knowledge of the processes that ensure compliance with regulatory or industry requirements such as NERC CIP, SOX and PCI.
•    Good analytical and risk assessment skills and strong listening, written and computer communication skills for reporting and auditing purposes.
Preferred:    
•    Good working knowledge of major security systems and functions for incident response, monitoring, and forensic activities: Firewalls, IDS/IPS, Antivirus/Antimalware, SIEM, Incident Response, Threat Prevention, Web/Application Control Filtering, Email Filtering, NetFlow Analysis, Endpoint Security, Configuration and Change Management, File Integrity Monitoring, and DLP.
•    Good working knowledge of networking protocols and systems administration. 
•    Good working knowledge of identifying and capturing indicators of compromise and methods for detecting them within incidents.
•    Good working knowledge with packet analysis and malware analysis.
•    Good working knowledge of the processes that ensure compliance with regulatory or industry requirements such as NERC CIP, SOX and PCI.Basic knowledge of penetration testing technologies and procedures. Basic knowledge with reverse engineering malware. Strong analytical and risk assessment skills and strong listening, written and computer communication skills for reporting and auditing purposes.
Cyber Security Specialist:

 

POSITION CONCEPT
The Cyber Security Specialist is responsible for monitoring the company’s information security systems, ensuring that all procedures are followed on a daily, weekly, monthly, and annual basis.  Provides expert-level support, within a team environment, for systems used to monitor and protect the enterprise assets.  Detects, analyzes, and responds to any suspicious cyber security activity across TECO/Emera business and operational networks, including all network infrastructure, operating systems, and server platforms throughout TECO Energy and its subsidiaries.  Develop and possess an in-depth understanding of exploits (e.g., malware) and vulnerabilities, resolving issues by taking the appropriate corrective action, or following the appropriate escalation procedures.  Proactively identifying and assessing threats to TECO’s network and data, monitoring TECO’s network for malicious activity, investigating intrusions and other relevant events, and has a maintaining a sophisticated and detailed understanding of the evolving threat landscape, includes assessing enterprise assets to include critical assets for secure configurations and maintaining and enforcing regulations regarding NERC Critical Infrastructure Protection (CIP), Sarbanes-Oxley (SOX), PCI, and corporate information security standards.

 

PRIMARY DUTIES AND RESPONSIBILTIES
1.    Proactively assess the enterprise and segmented infrastructure for current and potential vulnerabilities or security threats by leveraging automated security monitoring tools, conducting manual security assessments, and using penetration testing techniques.  Determine if anomalies are actual system compromises.  Ensure all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment. 20%
2.    Collect and organize required evidence for compliance with applicable regulatory requirements and standards, such as network diagrams, access controls, ports and services, physical port security, malicious code prevention, security event monitoring, account management, and baseline configuration.  Document and present internal/external audits and data requests with respective management and team . 15%
3.    Identify, evaluate, and recommend corrective action plans (changes to architecture, hardware, and software) that assist in the mitigation/remediation efforts of identified cyber security risks and vulnerabilities.  Conduct vulnerability scans, reviewing security controls (access control, patch management, firewall policy, etc.), and reviewing internal controls (DR/BC, configuration management, software development lifecycle, etc.).  Perform quality assurance checks on tools and data to ensure accuracy and proper functionality of systems and the accurate accountability of data that is being monitored.  Strengthen the overall security posture by assisting in efforts to design, implement, and maintain essential security tools, systems, and technologies necessary to protect Company assets. 15%
4.    Stay informed about information security and compliance trends, directions, and technologies in relevant industries.  Monitor external event sources for security intelligence and actionable incidents.  Contribute in information and threat intelligence sharing sessions with other utility companies, industry partners, and government agencies. 15%
5.    Assist in conducting digital forensics by collecting computer/network-related evidence in support of policy violations, criminal activity, fraud, and in response to threat intelligence, law enforcement investigations, or IT audit efforts (NERC CIP, SOX, PCI, etc.).  Assist in conducting malware analysis to gather relevant indicators of compromise (IOCs) for active hunting and continuous monitoring for installed toolsets. 15%
6.    Translate all applicable standards and requirements (NERC CIP, NIST 800-171, NIST 800-53, PCI-DSS, SOX, etc.) into appropriate systemic and procedural solutions to enable compliance adherence.  Coordinate and communicate necessary actions to maintain compliance with applicable internal and regulatory standards.  Develop and enforce company policies, procedures, desk level procedures, disaster recovery plans, processes, plans and standards that support and facilitate governmental and regulatory compliance. 10%
7.    Leverage experience, critical thinking, and analytical skills to find inventive and effective solutions to information security problems.  Articulate complex information security concepts to non-technical employees clearly while accurately portraying risks and threats to the company. 10%
8.    Develop threat/risk metrics, security processes, and desk level procedures. 10%

 

SUPERVISION
Direct Supervision:     None
Indirect Supervision:     None

 

RELATIONSHIPS
Key Internal:     Engaging multiple IT groups and business units, including Energy Supply, Energy Delivery, and Regulatory Affairs.  Interactive engagement will require communication with individual contributors, middle management, and executive management.

 

Key External:         Engaging external contacts including vendors, contractors, regulatory agencies, 
law enforcement, industry associations, and other utility partners.

 

QUALIFICATIONS
Education
Required:     High School Diploma or equivalent.
Preferred:    Bachelor’s Degree in Computer Science, Information Systems, or other IT related discipline.

Licenses/Certifications
Required:    From the list of certification vendors, one related Information Security professional certification or ability to obtain via self-study within one year of hire date (ex: (ISC)2, GIAC, ISACA, CompTIA, e-Council, etc.).
Preferred:    ITIL v3 and two or more of the following or similar Information Security professional certifications (ex: ACE, CCE, CEH, CISA, CISM, CISSP, CRISC, EnCE, GCCC, GCDA, GCED, GCFA, GCFE, GCIA, GCIH, GCWN, GICSP, GMON, GNFA, GPEN, GPPA, GREM, GWAPT, GXPN, OSCP, SSCP).

Related Experience
Required:    6 years of related Cyber Security, IT experience or Technical (hands-on networking, telecommunications such as radios, satellites, communications, hardware, software or experience. 
May consider a degree in lieu of experience.  An Associates degree in Computer Science, Information Systems or other IT related discipline and 4 years of experience or a Bachelors in Computer Science, Information Systems or other IT related discipline and 2 years of experience.

 

Knowledge/Skills/Abilities (KSA) 
Required:     
•    Advanced working knowledge of major operating system security (Windows, Mac OS, Linux/Unix), web server security, and network security.
•    Advanced working knowledge of major security systems and functions for incident response, monitoring and forensic activities: Firewalls, IDS/IPS, Antivirus/Antimalware, SIEM, Incident Response, Threat Prevention, Web/Application Control Filtering, Email Filtering, NetFlow Analysis, Endpoint Security, Configuration and Change Management, File Integrity Monitoring, and DLP.
•    Advanced working knowledge of log, network, and system forensic investigation techniques.
•    Advanced working knowledge of networking protocols and systems administration.
•    Advanced working knowledge of identifying and capturing indicators of compromise and methods for detecting them within incidents.
•    Advanced working knowledge with packet analysis and malware analysis.
•    Advanced working knowledge (hands-on experience) of scripting in languages such as Python, Bash or PowerShell.
•    Advanced working knowledge of penetration testing technologies and procedures.
•    Advanced working knowledge of the processes that ensure compliance with regulatory or industry requirements such as NERC CIP, SOX and PCI.
Strong analytical and risk assessment skills as well as strong listening, written and computer communication skills for reporting and auditing purposes.

Preferred:
·    Proficient in performing hands-on packet and malware analysis to support threat identification, incident response, and continuous monitoring efforts.
·    Working experience with scripting or automation in Python, PowerShell, or Bash to streamline investigative workflows or security monitoring processes.
·    Demonstrated ability to translate technical security findings into clear, business-relevant communications for both technical and non-technical stakeholders.
·    Familiarity with regulatory frameworks such as NERC CIP, SOX, PCI-DSS, and NIST 800-53, with experience supporting audit readiness and evidence collection.
·    Active participation in threat intelligence sharing or industry collaboration forums, with a strong awareness of current trends, vulnerabilities, and attack techniques relevant to critical infrastructure environments.

 


Cyber Security Specialist Sr

 

POSITION CONCEPT
The Cyber Security Specialist Sr is responsible for monitoring the company’s information security systems, ensuring that all procedures are followed on a daily, weekly, monthly, and annual basis.  Provide expert-level support, within a team environment, for systems used to monitor and protect the enterprise assets.  Detect, analyze, and respond to any suspicious cyber security activity across TECO/Emera business and operational networks, including all network infrastructure, operating systems, and server platforms throughout TECO Energy and its subsidiaries.  Develop and possess an in-depth understanding of exploits (e.g., malware) and vulnerabilities, resolving issues by taking the appropriate corrective action, or following the appropriate escalation procedures.  Proactively identifying and assessing threats to TECO’s network and data, monitoring TECO’s network for malicious activity, investigating intrusions and other relevant events, and has a maintaining a sophisticated and detailed understanding of the evolving threat landscape, includes assessing enterprise assets to include critical assets for secure configurations and maintaining and enforcing regulations regarding NERC Critical Infrastructure Protection (CIP), Sarbanes-Oxley (SOX), PCI, and corporate information security standards.  Serve as Subject Matter Expert (SME) in incident response and investigations, activate incident response plans/procedures for escalated security events that lead to an incident.  Lead efforts in incident response, disaster recovery, and business continuity events and exercises.

 

PRIMARY DUTIES AND RESPONSIBILTIES
1.    Proactively assess/monitor the enterprise and segmented infrastructure for current and potential vulnerabilities or security threats by leveraging automated security monitoring tools, conducting manual security assessments, and using penetration testing techniques.  Evaluate and respond to security threats and/or events by continually assessing real-time logs and performing payload analysis of packets for the enterprise network to determine if anomalies are actual system compromises.  Develop and implement correlation rules, alerts, and feeds that CFC personnel evaluate and respond.  Ensure all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment. 20%
2.    Identify and solve cyber security and compliance problems of varying complexity across multiple technology areas.  Develop and implement appropriate technologies and systems used to analyze, assess, remediate/mitigate, alert, and respond to activities that occur before, during, and after events that may or may not lead to an incident (e.g., compromise, disruption, etc.).  Serve as Subject Matter Expert (SME) in incident response and investigations, activate incident response plans/procedures for escalated security events that lead to an incident.  Lead efforts in incident response, disaster recovery, and business continuity events and exercises. 20%
3.    Identify, evaluate, develop/engineer, and implement corrective action plans (changes to architecture, hardware, and software) that assist in the mitigation/remediation efforts of cyber security risks and vulnerabilities.  Conduct vulnerability scans, reviewing security controls (access control, patch management, firewall policy, etc.), and reviewing internal controls (DR/BC, configuration management, software development lifecycle, etc.).  Perform quality assurance checks on tools and data to ensure accuracy and proper functionality of systems and the accurate accountability of data that is being monitored.  Strengthen the overall security posture by leading efforts to design, implement, and maintain essential security tools, systems, and technologies necessary to protect Company assets.  Identify and track instances of non-compliance via monitoring. 20%
4.    Utilize threat analysis data from internal and external sources to identify lines of investigation outside of normal day-to-day security monitoring and perform independent advanced monitoring, or “hunt missions”, throughout the environment for patterns, anomalies, and potential unforeseen security incidents. 10%
5.    Lead efforts in conducting digital forensics by collecting and presenting computer/network-related evidence in support of policy violations, criminal activity, fraud, and in response to threat intelligence, law enforcement investigations, or IT audit efforts (NERC CIP, SOX, PCI, etc.).  Lead efforts in conducting malware analysis to gather relevant indicators of compromise (IOCs) for active hunting and continuous monitoring for installed toolsets. 10%
6.    Translate all applicable standards and requirements (NERC CIP, NIST 800-171, NIST 800-53, PCI-DSS, SOX, etc.) into appropriate systemic and procedural solutions to enable compliance adherence.  Coordinate and communicate necessary actions to maintain compliance with applicable internal and regulatory standards.  Develop and enforce company policies, procedures, desk level procedures, disaster recovery plans, processes, plans and standards that support and facilitate governmental and regulatory compliance.  Serve as SME in the development of management responses to internal/external government and regulatory audits and data requests in conjunction with respective management and team . 10%
7.    Identify and collaborate with external event sources to be used for security intelligence and actionable incidents.  Facilitate, coordinate, and present threat intelligence and information sharing sessions with other utility companies, industry partners, and government agencies. Develop threat/risk metrics, security processes, and desk level procedures.  10%

 

SUPERVISION
Direct Supervision:     None
Indirect Supervision:     None

 

RELATIONSHIPS
Key Internal:     Engaging multiple IT groups and business units, including Energy Supply, Energy Delivery, and Regulatory Affairs.  Interactive engagement will require communication with individual contributors, middle management, and executive management.

Key External:         Engaging external contacts including vendors, contractors, regulatory agencies, 
law enforcement, industry associations, and other utility partners.

 

QUALIFICATIONS
Education
Required:     High School Diploma or equivalent.
Preferred:    Master’s Degree in Computer Science, Information Systems, Cyber Security, or other IT related discipline. 

Licenses/Certifications
Required:    From the list of certification vendors, two related Information Security professional certification or ability to obtain via self-study within one year of hire date (ex: (ISC)2, GIAC, ISACA, CompTIA, e-Council, etc.).

Preferred:    ITIL v3 and three or more of the following or similar Information Security professional certifications (ex: ACE, CCE, CEH, CISA, CISM, CISSP, CRISC, EnCE, GCCC, GCDA, GCED, GCFA, GCFE, GCIA, GCIH, GCWN, GICSP, GMON, GNFA, GPEN, GPPA, GREM, GWAPT, GXPN, OSCP, SSCP).

Related Experience
Required:    8 years of related Cyber Security, IT experience or Technical (hands-on networking, telecommunications such as radios, satellites, communications, hardware, software or experience.  .  
May consider a degree in lieu of experience.  An Associates degree in Computer Science, Information Systems or other IT related discipline and 4 years of experience or a Bachelors in Computer Science, Information Systems or other IT related discipline and 2 years of experience.

Knowledge/Skills/Abilities (KSA) 
Required:     
•    Thorough working knowledge of major operating system security (Windows, Mac OS, Linux/Unix), , web server security, and network security.
•    Thorough working knowledge of major security systems and functions: Firewalls, IDS/IPS, Antivirus/Antimalware, SIEM, Incident Response, Threat Prevention, Web/Application Control Filtering, Email Filtering, NetFlow Analysis, Endpoint Security, Configuration and Change Management, File Integrity Monitoring, and DLP.
•    Expert working knowledge of log, network, and system forensic investigation techniques.
•    Expert working knowledge of networking protocols and systems administration.
•    Thorough working knowledge of identifying and capturing indicators of compromise and methods for detecting them within incidents.
•    Expert working knowledge with packet analysis and malware analysis.
•    Expert working knowledge (hands-on experience) of scripting in languages such as Python, Bash or PowerShell.
•    Expert working knowledge of the processes that ensure compliance with regulatory or industry requirements such as NERC CIP, SOX and PCI.
•    Strong analytical and risk assessment skills as well as strong listening, written and computer communication skills for reporting and auditing purposes.
Preferred:    
•    Thorough working knowledge of the processes that ensure compliance with regulatory or industry requirements such as NERC CIP, SOX and PCI.
•    Expert working knowledge of reverse engineering malware.
•    Expert working knowledge in incident response and digital forensics.
•    Ability to mentor junior and associate level specialist. 

 

WORKING CONDITIONS

Normal working conditions with occasional extended hours during the week and weekends.

 


PHYSICAL DEMANDS/REQUIREMENTS

Normal physical demands related to an office and operational (Power Plant, Solar, Control Center) workplace environment. 

 

TECO offers a competitive Benefits package!!

Competitive Salary *401k Savings plan w/ company matching * Pension plan * Paid time off* Paid Holiday time * Medical, Prescription Drug, & Dental Coverage  *Tuition Assistance Program * Employee Assistance Program * Wellness Programs * On-site Fitness Centers * Bonus Plan and more!

 

#LI-SC1


Nearest Major Market: Tampa

Job Segment: Computer Science, Power Plant Operator, Testing, Operations Manager, Power Plant, Technology, Energy, Operations