Security Engineer

Orlando Utilities Commission   •  

Orlando, FL

Industry: Energy & Utilities

  •  

5 - 7 years

Posted 26 days ago

We are seeking an individual for a Regular position as a Security Engineer in the IT Security Department of the Information Technology Division.

Job Purpose:

Perform security scan, analysis and remediation of information security assets to identify potential security vulnerabilities and threats that place OUC technology at risk of misuse, unauthorized access or disclosure.

Primary Functions:

  • Support the deployment of security tools such as Security Information and event Management (SIEM), Intrusion Prevention System (IPS), physical security monitoring, etc;
  • Leading and developing Supervisory Control and Data Acquisition (SCADA), Energy Management System (EMS), and Data Center Security (DCS) cyber security architecture and developing baselines, as well as monitoring, analyzing and producing reports and presentations based on data from multiple sources;
  • Advanced support and leadership of complex applications and projects that require the integration of multiple security technologies (network, operating system, encryption, application, etc. for SCADA, EMS, and DCS environments;
  • Advanced knowledge of security compliance policy, programs, processes, and metrics pertaining to North American Electric Reliability Corporation (NERC), Federal Energy Regulatory Commission (FERC) and National Institute of Standards and Technology (NIST);
  • Responsible for planning and designing processes for cyber security monitoring, incident detection, and incident response;
  • Development, implementation, and ongoing maintenance of security policies and procedures;
  • Integrate security and data protection into business processes;
  • Develop, publish, and utilize security and data protection standards and policies; enforce and audit adherence to published standards and policies;
  • Identify new trends in systems security and data protection, and build business cases for adoption of best practices;
  • Create, document, maintain, and publish / advocate vision and the business case for systems security and data protection;
  • Recognize, adopt, utilize, and teach best practices in security engineering;
  • Participate in efforts to promote security throughout the enterprise and build good working relationships within the team and with others in the organization;
  • Participate in efforts that tailor the company's security policies and standards for use in the environments;
  • Develop reference architectures and proof of concept implementations of cloud security environments;
  • Perform other duties as assigned.

Requirements:

· Bachelor's degree in Computer Science, Information Systems, or other IT related field of study from an accredited college or university

· Minimum of five (5) years of security related I.T. experience with a focus in networking (CCNA minimum) and or network operating systems (MCSE min) to include:

Minimum three (3) years of practical technical experience within a Cyber Security role

Industrial control system experience (preferred)

​· Significant working knowledge of information security principles and practices and at least two years technical experience with relevant LAN/WAN security hardware and software including IDS/IPS, Firewalls, Web Proxies, Vulnerability Scanning, Email Gateway etc..

· Understanding of enterprise switching/routing and protocols including OSPF, BGP, EIRGP, HSRP and MPLS/VPLS. Experience configuring and supporting switches and routers is preferred but not required.

· Experience in network security features including ACLs, VPN, IPSEC/GRE

· Experience with network and web related protocols (e.g. TCP/IP, UDP, IPSEC, HTTP, HTTPS)

· Understanding and some experience with 802.11x, Encryption and Network Access Control.

· Experience with incident management and threat remediation including threat analysis, isolation, identification, eradication.

· Experience with Microsoft Windows Server administration & maintenance in an enterprise environment; Working knowledge of DNS, DHCP, GPO, Permissions, Powershell.

· Working knowledge in all, but not limited to, the following:

o Control system communication protocols;

o Industrial control systems and real-time monitoring applications including SCADA, AMI, DCS, PLCs, and RTUs;

o Utility security and regulatory standards including but not limited to NIST and NERC Critical Infrastructure Protection (CIP);

o Wired and wireless networking technologies;

o Utility/Energy Communications System Architecture;

· Able to test technology security, analyze and document test results, recommend and assist with mitigation, and assess the mitigation effectiveness;

· Ability to translate very technical information to an average person;

· Project security planning including estimates, architecture, tasks and risk assessments

· Security tool subject matter expert; ability to efficiently use penetration testing tools, advanced protection devices, and other security forensic tools;

· Ability to translate highly technical information to non-IT staff;

· Ability to comprehend data samples, security forensic data, and network data flows;

· Ability to generate flow charts, architectural diagrams and project plans;

· Ability and desire to maintain knowledge of new technology (i.e. appliances, devices, etc.)

· Ability to make arithmetic computations using whole numbers, fractions and decimals, rates, ratios and percentages;

· Ability to use Microsoft Office Suite (Word, Excel, Outlook, etc.) and use standard office equipment (telephone, copier, computer, etc.)