Information Systems Security Engineer 3 - Infrastructure Security Architect Control Center, Sys-Cyber and Box

APR Staffing

Vancouver, WA

JOB DETAILS
SKILLS
Access Authorization, Analysis Skills, Applications Security, Background Investigation, Business Operations, Business Solutions, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, CPR Certification, Computer Hardware, Computer Networks, Computer Science, Computer Security, Computer Servers, Data Processing, Data Quality, Defibrillator, Documentation, Driver's License, Electrical Engineering, Electrical Utility, FISMA - Federal Information Security Management Act, First Aid, Hardware Architecture, High Availability, High Availability Software, Identify Issues, Information Systems Security Engineering (ISSE), Information Technology & Information Systems, Information/Data Security (InfoSec), Internet Security, Leadership, Maintain Compliance, Multiplatform/Cross-Platform, Network Design, Network Security, Network Software, Network Systems, Operational Control, Operational Support, Operations Control, Operations Management, Operations Planning, Operations Security (OPSEC), People Management, Policy Development, Procedure Development, Process Analysis, Project Planning, Project/Program Management, Publications, Regulations, Regulatory Compliance, Risk Analysis, Risk Management, Risk Management Framework (RMF), Security Analysis, Security Architecture, Security Attacks, Security Equipment, Security Monitoring, Security Software, Software Architecture, Software Design, Software Development, Software Patches, Standards Strategy, Strategic Planning, System Operations, System Validation, Systems Administration/Management, Systems Analysis, Systems Maintenance, Technical Leadership, Technical Operations, Technical Recruiting, Technical Support, Telecommunications, Test Plan/Schedule, Testing, Transmission Security (TRANSEC), U.S. National Institute of Standards and Technology (NIST), United States Citizen, United States Department of Energy (DOE), User Interface/Experience (UI/UX), Willing to Travel
LOCATION
Vancouver, WA
POSTED
1 day ago
Job Title: Information System Security Engineer 3 - Infrastructure Security Architect – Control Center, Sys-Cyber and Box
Job Number: 120024
Location: Vancouver, WA - Onsite
Overtime: 5%
Travel: Up to 5% local travel for meetings

Length: 5 years

MUST be US Citizen to be eligible to apply for Federal Background Check

 
Requires Real ID and or Valid Passport to interview 

SUMMARY
 
This assignment is located in the OT Internal Business Operations, OT Cybersecurity organization.  This position will assist corporate management in implementing, managing, operating, and maintaining mission critical systems that support the reliable and secure operations of corporate grid operations as well as critical business applications.   This assignment serves as a programmatic expert for the recommendation, development and implementation of operational cyber security and compliance strategies, standards, processes, guidelines, and projects to safeguard critical cyber assets that are necessary for reliable and secure operation of the assets used in the operation and control of the Bulk Electric System (BES).  
The individual in this assignment will be one of the technical security experts and in collaboration with corporate management, will recommend and influence security and regulatory compliance for the most strategic and complex control center infrastructure systems and for the design, development and integration of large complex high availability, 24x7, multi-site, control center infrastructure systems, which are necessary for supporting grid operations.  This assignment will also provide expert technical security advice, guidance, and recommendations to management and other technical specialists on critical control center infrastructure projects and management issues. 
In addition, this assignment will isolate and identify unprecedented issues and unknown conditions; develops, tests, and advises on new technologies, methods, approaches, and guides; and will provide expertise and recommendations on project planning and policy-making functions covering a broad range of control center infrastructure projects. Serves as technical expert to agency management officials, including DOE, for security advice on integrating control center security programs with other key mission-critical Transmission Services’ programs.
This assignment will also review, analyze, and design solutions and implement management approved automated technical capabilities to verify that information security processes are practiced by corporate control center information security practitioners, project managers, and system owners. Will apply new applications or developments to resolve unique or novel problems, conditions, or issues; significantly alter standard existing security practices, equipment, devices, processes, and known techniques; provide significant and innovative recommendations for advancing good security practices
 
POSITION RESPONSIBILITIES 
  • Provide technical expertise on control center infrastructure security architecture and management for control center infrastructure systems and related matters.
  • Applies a broad knowledge of power system operations and associated control center systems including knowledge of security and regulatory (i.e. FISMA and NERC CIP) as it pertains to compliance computer networks, user interfaces, system software, data acquisition, telecommunications, substation field equipment, and related computer hardware areas.
  • Provide Information System Security Officer support and technical expert for the corporate control center General Support Systems and programs by providing expert technical advice, guidance, and recommendations to management and other technical and security specialists on critical operational issues relating to control center control infrastructure and data systems including the upgrade and enhancement of all systems in the two critical corporate control centers.
  • Recommend security strategies in the development of system, software and hardware architectures, technical plans and specifications, system designs, software designs, integration plans, test plans, and project plans.
  • Advises other IT experts and security practitioners throughout the control centers on a variety of situations and issues that involve applying or adapting new security technology theories, concepts, applications, standards, and/or practices.
  • As the control center infrastructure security architect and expert, serve as the project security/compliance lead, on assigned projects, for an interdisciplinary project team of electrical engineering and information technology staff assigned to execute on the most complex control center system projects.
  • Architect and design high availability infrastructures and applications to support current and future grid operations.
  • Verifies that the project plans conform to applicable organizational, agency and external security and compliance standards, policies and guidelines.
  • Provide technical expertise and assistance with the recommendation, development and implementation of corporate management-approved operational cyber security and compliance strategies, processes, guidelines, and projects to safeguard critical cyber assets.
  • Provide technical input, recommendations and assistance with the implementation of both higher and granular-level cyber security approaches, methods and solutions that incorporate and maintain compliance to requirements resulting from laws, regulations, or Presidential directives.
  • Develop / draft, recommend and execute corporate management-approved testing plans; report results and recommendations.
  • Provide security engineering expertise and recommendations.
  • In collaboration with the corporate manager and per established procedures, develop a cyber-security architecture for the corporate control centers to include accurate, comprehensive applicable documentation.
  • Perform detailed and comprehensive security event analysis.
  • Provide guidance and input in to technical reviews of proposed projects, and corporate system security authorization processes.
  • Provide technical input and support to the Continuous Assessment and Monitoring Program.
  • Draft and recommend detailed project plans, timelines, milestones and objectives for upgrades, patches and other changes and/or for monitoring security measures for the protection of divisional computer networks and information. 
  • Perform risk assessments and execute tests of data processing system to validate functioning of data processing activities and security measures.
  • Validate appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure.
  • Coordinate, facilitate and assist with general support systems and major applications’ security and compliance projects and program changes and initiatives that:
    • Are designed to anticipate, assess, and minimize system vulnerabilities and weaknesses;
    • Integrate across disciplines, platforms and internal organizations; (people, processes, systems).
    • Under the direction and leadership of corporate Management
  • Recommend the scope and level of detail for system security plans and collaborate and assist with draft policies, processes and procedures that are applicable to and promote Transmission Systems Operations security program.
  • Develop / draft long-range plans and strategies for IT security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with IT systems vulnerabilities.
  • Keep abreast of current and new security technologies and threats.
  • Identify the need or potential opportunity for changes based on new security technologies and threats; present recommendations and supportive data for consideration.
  • Research and review proposed new systems, networks, and software designs for potential security risks and impacts; recommend mitigation, countermeasures or other options.
  • Identify integration issues related to the implementation of new systems within the existing infrastructure; recommend mitigation and/or resolution options.
  • Provide subject matter expertise, technical guidance and assistance to other Security Control Assessors, Cyber Security personnel and Transmission Technology Operations  co-workers on a variety of ad hoc and standing projects requiring data / system process analysis.
  • Provide technical expertise, guidance and assistance to organizational co-workers with less experience, including cross-training as requested 
Education & Corresponding Experience 
  • Bachelor of Science in Computer Science, Information Technology or a directly related technical discipline is highly preferred.
    • With an applicable Bachelor’s Degree, 15 years of experience is required
    • Without an applicable Bachelor’s degree, 20 years of experience is required.
  • Experience must include the following:
    • Hands on technical implementation of networks and systems;
    • Experience evaluating various different technical, operational and management solutions to security problems, using written language and various media to present alternatives and recommendations;
    • Proven ability to develop documentation sufficient to arrive at logical and comprehensive conclusions and recommendations.  The documentation must be of a sufficient professional level to stand as an artifact for reuse as part of the security architecture;
    • Experience evaluating the adequacy and existence of IT security controls as is conforms to security architectures.
    • Experience having properly documented evidence of security architecting, design and cyber-security activities sufficient for a third-party reviewer to arrive at the conclusion the Security control Assessor has reached in the work.
  • 3+ years previous experience effectively performing security control implementation on networks, servers and systems and/or vulnerability assessments. 
 
Required Skills & Experience  
  • One or more of the following networking or security certifications:
    • Certified Information Systems Security Professional (CISSP)
    • Certified Information Systems Auditor (CISA)
    • Certified Information Security Manager (CISM)
  • 5+ years of experience performing security control evaluation and testing.
  • 8+ years of experience with North American Electric Reliability Corporation, Critical Infrastructure Protection (NERC CIP) regulatory standards and requirements.
  • 10+ years of experience with the Risk Management Framework and the 800 series of National Institute of Standards & Technology (NIST) Special Publications (in particular 800-37, 800-39, 800-53, 800-53A, and 800-115); 
Preferred Skills & Experience  
  • Expert knowledge on FISMA controls
  • Expert knowledge on NERC-CIP standards
  • Understanding and experience in Federal electrical utility operations and how it interplays with FISMA/NERC-CIP standards and compliance 
Additional Requirements:
  • Valid U.S. Driver’s License is required
  • First Aid/AED/CPR Certification required within 30 days of assignment start
  • PPE Equipment
 
 
Pre-Employment Requirement
All employment offers are contingent upon successful completion of our pre-employment screening that may include drug testing, background/criminal check, and if applicable, must meet eligibility requirements for access to classified information.
 
APR Staffing is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law.
 
About APR Staffing

APR Staffing was born from the merger of two well-respected technical staffing firms in Portland. ieSolutions and Data Resource Group. Both companies have recently been award winners for the Portland Business Journal's Fastest-Growing Private Companies. The two firms, now as APR Staffing, make for one of the fastest-growing and most-respected professional and technical staffing companies in Oregon and Southwest Washington.
 
Collaborating with our customers, we augment their workforce with technical and administrative professionals. We provide only high-caliber, professional-grade resources throughout the Pacific Northwest.
 

About the Company

A

APR Staffing