ACS Professional Staffing is looking for an employee to work on-site with our client. The Information Systems Security Engineer position will assist in implementing, managing, operating, and maintaining mission critical systems that support the reliable and secure operations of grid operations as well as critical business applications. This position serves as a programmatic expert for the recommendation, development and implementation of operational cyber security and compliance strategies, standards, processes, guidelines, and projects to safeguard critical cyber assets that are necessary for reliable and secure operation of the assets used in the operation and control of the Bulk Electric System. This full-time position Vancouver, WA.
Because we are a federal government contractor, we have special restrictions placed on us for hiring foreign nationals into certain key positions within the company. This particular position requires U.S. citizenship.
ACS Professional Staffing will provide equal employment opportunities to all applicants without regard to applicant’s race, color, religion, sex, gender, genetic information, national origin, age, veteran status, disability status, or any other status protected by federal or state law. The company will provide reasonable accommodations to allow an applicant to participate in the hiring process if so requested.
- Provide technical expertise on control center infrastructure security architecture and management for control center infrastructure systems and related matters.
- Provide Information System Security Officer support and technical expert for the control center General Support Systems and programs by providing expert technical advice, guidance, and recommendations to management
- Recommend security strategies in the development of system, software and hardware architectures, technical plans and specifications, system designs, software designs, integration plans, test plans, and project plans.
- Advises other IT experts and security practitioners throughout the control centers on a variety of situations and issues that involve applying or adapting new security technology theories, concepts, applications, standards, and/or practices.
- Serve as the project security/compliance lead, on assigned projects, for an interdisciplinary project team of electrical engineering and information technology staff assigned to execute on the most complex control center system projects.
- Architect and design high availability infrastructures and applications to support current and future grid operations.
- Verifies that the project plans conform to applicable organizational, agency and external security and compliance standards, policies, and guidelines.
- Provide technical expertise and assistance with the recommendation, development and implementation of operational cyber security and compliance strategies, processes, guidelines, and projects to safeguard critical cyber assets.
- Provide technical input, recommendations, and assistance with the implementation of both higher and granular-level cyber security approaches, methods and solutions
- Develop a cyber-security architecture for the control centers to include accurate, comprehensive applicable documentation.
- Perform detailed and comprehensive security event analysis.
- Provide technical input and support to the Continuous Assessment and Monitoring Program.
- Draft and recommend detailed project plans, timelines, milestones and objectives for upgrades, patches, and other changes and/or for monitoring security measures for the protection of TT computer networks and information.
- Perform risk assessments and execute tests of data processing system to validate functioning of data processing activities and security measures.
- Validate appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure.
- Recommend the scope and level of detail for system security plans and collaborate and assist with draft policies, processes and procedures that are applicable to and promote Transmission Systems Operations security program.
- Develop long-range plans and strategies for IT security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with IT systems vulnerabilities.
- Keep abreast of current and new security technologies and threats.
- Identify the need or potential opportunity for changes based on new security technologies and threats, present recommendations, and supportive data for consideration.
- Research and review proposed new systems, networks, and software designs for potential security risks and impacts; recommend mitigation, countermeasures, or other options.
- Identify integration issues related to the implementation of new systems within the existing infrastructure; recommend mitigation and/or resolution options.
- Bachelor of Science in Computer Science, Information Technology or a directly related technical discipline is highly preferred.
- With an applicable Bachelor’s Degree, 15 years of experience is required
- Without an applicable Bachelor’s degree, 20 years of experience is required.
- Experience must include the following:
- Hands on technical implementation of networks and systems.
- Experience evaluating various different technical, operational and management solutions to security problems, using written language and various media to present alternatives and recommendations.
- Proven ability to develop documentation sufficient to arrive at logical and comprehensive conclusions and recommendations. The documentation must be of a sufficient professional level to stand as an artifact for reuse as part of the security architecture.
- Experience evaluating the adequacy and existence of IT security controls as is conforms to security architectures.
- Experience having properly documented evidence of security architecting, design, and cyber-security activities sufficient for a third-party reviewer to arrive at the conclusion the Security control Assessor has reached in the work.
- 3+ years previous experience effectively performing security control implementation on networks, servers, and systems and/or vulnerability assessments.
- One or more of the following networking or security certifications:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- 5+ years of experience performing security control evaluation and testing.
- 8+ years of experience with North American Electric Reliability Corporation, Critical Infrastructure Protection (NERC CIP) regulatory standards and requirements.
- 10+ years of experience with the Risk Management Framework and the 800 series of National Institute of Standards & Technology (NIST) Special Publications (in particular 800-37, 800-39, 800-53, 800-53A, and 800-115).
- Expert knowledge on FISMA controls
- Expert knowledge on NERC-CIP standards
- Understanding and experience in Federal electrical utility operations and how it interplays with FISMA/NERC-CIP standards and compliance.
- May be required to work non-core hours as circumstances warrant.
- Work sponsorship not available at this time. No third-party candidates considered for this position.