Cyber Security Engineer

Westinghouse Electric Company

Westinghouse Electric Company is the world's leading supplier of safe, innovative nuclear technology and is shaping the future of carbon-free energy solutions.

Job Responsibilities:

• Assisting in the evaluation and implementation of network architecture and cyber security services and technologies in power plants.
• Working as a member of the site Engineering group and responsible for a variety of functions utilizing their understanding of cyber security practices and technologies.
• Implementing cyber security solutions on ICS, technical security audits, and general information technology & networking.
• Providing system build, configuration management, troubleshooting and verification/validation of security systems and industrial control networks.
• For multiple ongoing projects, providing network and system specification documentation deliverables to address cyber security vulnerabilities and the security controls necessary to mitigate the vulnerabilities to an acceptable level of risk.
• Participating in information sharing with internal and external customers including the delivery of presentation material, technical training, and knowledge transfer.
• Performing system administration, configuration management, network configuration, and virtual environment management.
• Engaging in network security, including firewalls, data diodes, security information & event management devices, network intrusion detection devices and application of host-based security products from a centralized server and secure (hardened) configuration of system components.

Education:

Technical Bachelor’s Degree in Engineering (Electrical or Computer) or Computer Science, Information Sciences and Technology, Cyber Security / Information Assurance, or similar.

Experience/Requirements:

• Ability to be granted 10 CFR 73.56 Trustworthy and Reliable clearance.
• Minimum of 4 (Prefer 8-10) years of professional experience (engineering, administration, and security of IT/OT).
• Experience performing requirements management or security audit/assessments.
• Experience with common PLC, Scada, DCS platforms (i.e., Emerson Ovation).
• Experience working in an industrial Operational Technology Environment.
• Knowledge of engineering principles and techniques.
• Knowledge in areas such as network design, Windows Domain setup expertise, security and group policy setup.
• Experience with security control frameworks such as NIST 800-53, 20 Critical Controls, ISO 27002, NEI 08-09.
• High level of experience in troubleshooting system integration issues, and working with cyber security, network, and virtualization technologies to implement comprehensive solutions.
• Experience in industrial environments or industrial control systems a plus.

Certifications:

At least one of the following security certifications from a nationally recognized organization is preferred but not required:

• GIAC Security Essentials Certification (GSEC) or equivalent.
• GIAC Systems and Network Auditor (GSNA), ISACA Certified Information Systems Auditor (CISA) or equivalent.
• Cisco Security Certification: (CCNP).
• ISC2 Certified Information Systems Security Professional (CISSP).
• Other related technical certifications showing areas of expertise from qualified and reputable vendors and certification agencies.