Category: Information Technology
This role develops and applies IT standards and procedures, as well as provide support for real-time and control
systems. The engineer performs a wide variety of routine and non-routine design and maintenance engineering
activities, including but not limited to performance operations, planning, maintenance, computer applications, safety and
root cause analysis.
Primary Duties & Areas of Responsibility:
- Provides support for the planning, guidance, and direction for the analysis, implementation, testing, debugging and documentation of cyber security controls for critical components and systems at the nuclear plants. This includes systems such as plant digital control systems, emergency planning systems, security systems and plant monitoring systems and such components as digital recorders, transmitters, feedback controllers, inverters/power supplies, relays, breakers, and process network infrastructure.
- Provides support for the planning guidance, and operational support of the site cyber security infrastructure which includes such items as SIEMS, vulnerability and compliance scanners, networking components, servers and workstations.
- Participates in 24 Hr. on call support for the cyber security program.
- Provides technical support on the cyber security operations of the nuclear plant and the plant components identified as critical digital assets. Reviews the analysis of cyber security controls and recommends solutions to reduce the risk of cyber security sabotage to the nuclear plant and company infrastructure.
- Assists in the oversight and implementation of plans required to ensure nuclear sites adhere to the 10CFR73.54 cyber security regulations and ensure the sites meet the regulatory requirements.
- Plans and reviews periodic assessments, benchmarks and tabletops of the Cyber Security Program. Supports external parties in the audit and inspection of the Cyber Security Program.
- Provides input and commentary to the development and revision of procedures and policies relevant to the Cyber Security Program.
- Reviews the analysis of incident response policies, takes an active role in cyber incident response and recovery, the identification of vulnerabilities in the network, and the performance of risk assessments on new and existing computer systems and equipment.
- Provides a technical resource on computer network and system security issues and technologies.
- Monitors networking systems against cyber-attacks and implements risk mitigation counter measures to ensure security.
- Plans and monitors activities such as Critical Digital Asset (CDA) identification, design modifications involving CDA’s, control of portable digital media for connecting to CDAs, maintenance of CDA-relate documentation.
- Maintains compliance to Cyber Security Program implementing procedures.
- Participates in Emergency Response activities at the nuclear site (in addition to cyber emergency response).
Minimum Educational Background and Physical Requirements Required to perform Job:
- Bachelor’s Degree Engineering or Discipline or experience equivalent thereof, PD Desired, Advanced
- Engineering Degree helpful – desired as relevant, IT or Engineering experience (will review IT Degrees).
- Six years’ experience (or 5 years with advanced degree) with applying security to critical digital assets.
- Experience with the operation or engineering of a nuclear generating unit.
- Experience with control systems security, security architecture, network security engineering or secure network development experience with electric power utilities.
- Will review other non-nuclear industrial plant experience.
Critical Knowledge, Skills, Abilities:
- Experience in implementing security control policy and procedures.
- Knowledge of the operation of electric power and/or generation systems .
- Knowledge of system hardening, patch management, and configuration management.Knowledge of security controls testing, security audits, and security assessments.
- Knowledge of fraud and computer forensics.
- Knowledge and understanding of NIST controls.
- Highly motivated and ability to work with little direct supervision.
- Effective Teamwork and Inclusion (e.g. works collaboratively, builds collaborative relationships).
- Communicates openly, clearly and concisely, both verbally and in writing.
- Ability to act as a lead or technical expert.