*** This position will be filled as an OT Engineer Sr Staff or OT Engineer Sr depending on the candidates experience and qualifications ***
This role develops and applies IT standards and procedures, as well as provide support for real-time and control systems. The engineer performs a wide variety of routine and non-routine design and maintenance engineering activities, including but not limited to performance operations, planning, maintenance, computer applications, safety and root cause analysis.
Primary Duties & Areas of Responsibility:
- Provides planning, guidance, and direction for the analysis, implementation, testing, debugging and documentation of cyber security controls for critical components and systems at the nuclear plants. This includes systems such as plant digital control systems, emergency planning systems, security systems and plant monitoring systems and components such as digital recorders, transmitters, feedback controllers, inverters/power supplies, relays, breakers, and process network infrastructure.
- Provides planning guidance, and operational support for the site cyber security infrastructure which includes such items as SIEMS, vulnerability and compliance scanners, networking components, servers and workstations.
- Plans and directs 24-hour system support of the cyber security program via establishment of call-outs.
- Acts as a technical lead on the cyber security operations of the nuclear plant and the plant components identified as critical digital assets. Reviews the analysis of cyber security controls and recommends solutions to reduce the risk of cyber security sabotage to the nuclear plant and Entergy infrastructure.
- Oversees and directs the implementation of plans required to ensure nuclear sites adhere to the 10CFR73.54 cyber security regulations and ensure the sites meet the regulatory requirements.
- Plans and reviews periodic assessments, benchmarks and tabletops of the Cyber Security Program. Supports external parties in the audit and inspection of the Cyber Security Program.
- Provides input and commentary to the development and revision of procedures and policies relevant to the Cyber Security Program.
- Leads and reviews the analysis of incident response policies, takes an active role in cyber incident response and recovery, the identification of vulnerabilities in the network, and the performance of risk assessments on new and existing computer systems and equipment.
- Provides a technical resource on computer network and system security issues and technologies. Responsible for assuring that networking systems are monitored against cyber-attacks and risk mitigation counter measures are implemented to ensure the security of the organization.
- Develops and maintains a thorough knowledge of 10 CFR 73.54, NEI -08-09, site Cyber Security Plan, cyber security implementing procedures, and the cyber security defense‑in‑depth protective strategy.
- Resolves questions and issues on cyber security, CDA identification, and application of cyber security controls.
- Plans and monitors activities such as Critical Digital Asset (CDA) identification, design modifications involving CDA’s, control of portable digital media for connecting to CDAs, maintenance of CDA-relate documentation.
- Maintains compliance to Cyber Security Program implementing procedures.
- Participates in Emergency Response activities at the nuclear site (in addition to cyber emergency response).
Minimum Educational Background and Physical Requirements Required to perform Job:
- Bachelor’s Degree Engineering or Discipline or experience equivalent
- PD Desired
- Advanced Engineering Degree helpful
Minimum Experience Required:
- For OT Engineer Sr Staff: 8+ years’ experience (or 7 years with advanced degree) with applying security to critical digital assets.
- For OT Engineer Sr: 6+ years’ experience (or 5 years with advanced degree) with applying security to critical digital assets.
- Desired: 3+ years' of solution design experience
- Supervisory level experience preferred.
- Experience with the operation or engineering of a nuclear generating unit.
- Experience with control systems security, security architecture, network security engineering or secure network development experience with electric power utilities.
- Will review other non-nuclear industrial plant experience .
Critical Knowledge, Skills, Abilities:
- Experience in implementing security control policy and procedures.
- Knowledge of the operation of electric power and/or generation systems .
- Knowledge of system hardening, patch management, and configuration management.
- Knowledge of security controls testing, security audits, and security assessments.
- Knowledge of fraud and computer forensics.
- Knowledge and understanding of NIST controls.
- Highly motivated and ability to work with little direct supervision.
- Effective Teamwork and Inclusion (e.g. works collaboratively, builds collaborative relationships).
- Communicates openly, clearly and concisely, both verbally and in writing.
- Ability to act in a Leadership role and establish priorities, support and clear direction to subordinates.