CIP Cybersecurity Engineer

As the nation’s first statewide “transmission only” company, VELCO manages the safe, reliable, and cost-effective transmission of electric power throughout Vermont and as a part of the integrated New England regional network.

Why you should join our team

At VELCO, we are committed to protecting our organization’s data, infrastructure and digital assets. You’ll have the opportunity to directly impact VELCO’s risk posture to keeping a safe, reliable, secure and compliant operating organization.

How you will make an impact

This role has the opportunity to contribute to grid data and research projects, best in class tools, and lots of room for learning a vast array of technologies from networking to AI. You’ll join the industrial control system security community!

The Critical Infrastructure Protection Cybersecurity Engineer provides enterprise Cybersecurity and NERC CIP compliance functions across the enterprise platforms; Corporate and SCADA. Collaborating with the IT team and stakeholders, this role is responsible for the design, implementation, and administration of the Cybersecurity solutions across the enterprise network, server, application, and telecom environment including addressing any threat detection and incident response. This role is also responsible for supporting compliance with the NERC CIP standards in alignment with and executing to meet the IT Compliance program requirements.

Responsibilities
• Support the enterprise security framework via deployment, operation and maintenance of cyber security solutions across applications and support platforms.
• Maintain situational awareness of the organization’s networks for unexpected security events and participate in any investigations.
• Collaborate in evaluations of security threats and vulnerabilities, security investigations/audits, standards interpretations and analysis, and ongoing program risk assessment activities.
• Develop detailed remediation reports and recommendations for compliance and security improvements based on existing and emerging threats.
• Maintain the server and network infrastructure supporting SCADA (Supervisory Control and Data Acquisition) and EMS (Energy Management System) services, including security and operational update activities.
• With Senior Engineer guidance, prepare and install solutions by determining and designing system specifications, standards, and programming.
• Participate in incident response and emergency preparation activities.
• Develop working knowledge to serve as a subject matter expert for the NERC requirements; support all compliance-related activities. Demonstrate broader knowledge of NERC and CIP compliance controls, regulatory matters, and business applications along with providing general and technical feedback and assistance on the interpretations of requirements.
• With leadership guidance, participate in projects activities and contribute to budget and project planning.
• May supervise others, such as an intern.
• Engage with staff across the company regarding cyber security and related compliance responsibilities and contribute to development of security standards, internal controls and best practices for the organization.
• Represent VELCO on various regional, ISO and transmission owner committees, attend conferences, and develop regional relationships related to the CIP regulatory environment. Attend workshops, reviews, seminars, and training on a regular basis.
• Partner closely with the Compliance Team on the development, support, and contribution to the on-going strategy of the NERC and CIP compliance program to meet regulatory and company requirements.
• Participate on key initiatives within the company.

Who you are

A Bachelor’s degree in Information Technology, Security, or related technical discipline. Equivalent work experience considered. Having relevant security certifications or the ability to obtain (CISA, CCSP, MCSE, GCIP, GSEC, GCED, GPEN, GSIP or GCIH) is expected. A Master’s degree may be substituted for some experience.

Knowledge/Skills

The practicing Cybersecurity Engineer will typically have 2 – 7 years’ relevant experience.

• Knowledge of Windows, Linux, Workstation platforms (Windows); AD; Patching tools (big fix, SCCM); Familiar with the basic SEIM and security methodologies.
• Familiarity and working knowledge of audits, compliance investigations, and internal controls evaluations.
• Knowledge of VMWare, storage technologies, AD, DHCP, DNS, VPN, SANS security guidance, NERC/FERC guidelines.
• Excellent organizational skills and attention to detail.
• Ability to create test plans and cases from specifications or verbal communications.
• Excellent interpersonal skills with the ability to serve as a liaison with developers, project managers, and customer support.
• Strong analytical, problem-solving skills, and project management skills.
• Superior verbal and written communication skills.
• Ability to interact effectively and professionally with a diverse group of employees throughout the organization.
• Ability to plan and complete multiple, diverse tasks and meet challenging deadlines.
• Able to clearly present complex technical information to committees, management, external regulators and industry associations.

Important Considerations

• VELCO is headquartered in Rutland, Vermont.

• This is a hybrid position and the expectation is that the incumbent will spend at least two days per week onsite and more as needed.

• Qualified candidates may be asked to complete a technical skills assessment.

• Must be able convey complex information in writing, verbally and by demonstration, perform typical administrative functions such as keyboarding, work additional hours when necessary.

• Duties will require periodic overnight travel.

• Prolonged periods sitting at a desk and working on a computer.
• Must be able to lift up to 15 pounds at times.
• Must be able to respond to off-duty calls, particularly in the event of system emergencies, prolonged equipment and/or customer outages.
• Must maintain a valid driver’s license.

• All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
• Starting pay will be determined at the time of offer based on the experience, education, and training of the successful candidate.
• Eligible applicants must be authorized to work in the United States.

• VELCO is handling all aspects of talent acquisition internally and will not engage the services of third-party staffing agencies, recruiters, or headhunters. We kindly request that these entities refrain from contacting us.

• Any offer of employment will be contingent upon successful reference check, background check (including social media check), physical examination, drug screening.

• If you need an accommodation as part of the application or interview process please send a request to careers@velco