Seattle City Light, a department of the City of Seattle, is one of the nation’s largest municipally owned utilities in terms of the number of customers served. Over the years we have worked very hard to keep Seattle's electricity affordable, reliable, and environmentally sound. Today, City Light is a recognized national leader in energy efficiency and environmental stewardship.
The OT Cyber Security Specialist works within the Seattle City Light Cyber Security team and contributes to many different areas of cybersecurity including governance processes, risk management activities, developing policies and standards, security controls design and development, security monitoring, and security incident detection and response activities.
A primary focus of this position will be reviewing latest changes to the threat landscape and assessing potential impacts to Seattle City Light operations. You will prepare threat summary reports and provide appropriate communications to leadership and operational technology staff.
In addition, this position will lead our training and awareness program which will include developing cyber security awareness communications, and supporting role based cyber security training for staff.
You will work with various groups within the utility, as well as with the City’s IT department, to monitor and manage risk for the utility’s critical information and operational technologies - helping to enable Seattle City Light’s vision of delivering clean, reliable, and affordable power.
This position will report to the City Light Cyber Security Senior Manager, CISO
Here is more about what you’ll be doing:
-
Lead cyber security threat management activities, to include gathering, analyzing, and assessing the current and future threat landscape; understanding threats to City Light infrastructure and operational missions; and developing and sharing threat intelligence through collaborative efforts to include coordination with DHS, US-CERT, MS-ISAC, E-ISAC, WSFC, FBI, SPD, and other threat sharing vectors. Develop threat summary reports and provide appropriate communications to leadership and operations staff.
-
Lead cyber security training and awareness efforts to include developing security awareness materials, supporting role based cyber security training for technical staff, and developing cyber security exercises.
-
Support development and maintenance of the utility’s cyber security governance processes, policies, and standards of practice, in coordination with City Light and Seattle IT stakeholders.
-
Maintain the risk framework and metrics used to monitor and report on risks, maturity, and progress of the cyber security program in order to identify high priority goals and support roadmap development.
-
Directly conduct or support third-party conduct of cyber risk assessments. Risk assessments may include OT/SCADA environments, IT/OT convergence areas, and various other existing and emerging technologies. Assess and provide subject-matter expertise and guidance on cybersecurity risk for OT projects and change requests.
-
Support the utility cyber security objectives, to include compliance, safety, reliability, and business continuity/disaster recovery initiatives. This includes leading/participating in various security enhancement projects to improve cyber security controls, and ensuring operational technology practices comply with organizational policies, industry best practices, and NERC-CIP regulatory requirements.
-
Support development of policies, guidelines, and standards to ensure the safety, reliability, availability, confidentiality, and integrity of a wide range of operational technologies to include SCADA systems, HMIs, RTUs, various IEDs, internal and perimeter communications, and other applicable devices or supporting services.
-
Support the vulnerability management program, to include developing policies and procedures for assessing systems for vulnerabilities, advising system owners on remediation strategies, and leveraging penetration testing where appropriate to validate controls and presumed security levels.
-
Design, configure, implement, and operate cyber security operational capabilities, and develop procedures for security threat monitoring, such as with intrusion detection/prevention (IDS/IPS), netflow, pcap, SIEM, and other security tools.
-
Support operational technology staff to identify malware or malicious activity and investigate/troubleshoot to root source. Lead and/or support incident response activities to minimize risk of compromised systems without impeding real time power grid operations.
-
Collaborate with Seattle IT Digital Security and Risk team to develop cross-department incident management protocols and to respond to incidents impacting City Light IT/OT environments.
Keep abreast of technological advancements and operational technology cyber security best practices for the electric power grid. Maintain subject matter expertise and represent City Light through various collaborative efforts, such as industry partnerships and participating in cyber security conferences, workshops, and information sharing.
-
-
Additional duties as assigned.
Required Qualifications: In addition to the skills and experience mentioned below, a successful applicant will have experience that reflects a commitment to creating fair and equitable outcomes and has:
Education:
Bachelor's degree in Cyber Security, Computer Science, Technology Management, SCADA/Communications Engineering, or a closely related field, or an equivalent combination of education, training, and experience.
Experience:
Five years of progressively responsible experience in threat management, information assurance, security operations, systems engineering, security policy development/administration, and/or security tool administration and use, preferably in an electric utility environment.
-
Excellent analytical ability, problem-solving, and collaboration skills.
-
Excellent verbal, written, and presentation communication skills.
-
Relevant professional certification, such as CISA, CISM, CISSP, CRISC, CGEIT, CIPP, and/or CIPP/IT.
-
Strong understanding of technology trends, risks, and cyber security best practices.
-
Knowledge of defense-in-depth principles and security architecture.
Desired Qualifications - You will be successful if you have the following experience, skills, and abilities:
-
Understanding of Power Grid Operational Technologies.
-
Ability to plan, manage, and execute multiple tasks and projects within defined timelines.
-
Experience with NERC-CIP cyber security requirements and compliance.
-
Background in common information and operational technologies applied in Utilities.
-
Ability to work in fast-paced government technology environment; to work as a productive member of a professional team, as well as initiative to be a self-starter; ability to work under pressure, multi-task, and rapidly change priorities.
Please note this job advertisement is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.
________________________________________________________________________________________________________
The full salary range for this position is $51.89 to $77.84 per hour.
Application Process
Please submit the following with your online application:
-
A cover letter in which you clearly describe how your knowledge, experience, skills, and abilities prepare you for the job responsibilities and qualifications outlined in the job announcement.
-
A current resume of your educational and professional work experience.
Who May Apply: This position is open to all candidates that meet the qualifications. Seattle City Light values diverse perspectives and life experiences. Applicants will be considered regardless of race, color, creed, national origin, ancestry, sex, marital status, disability, religious or political affiliation, age, sexual orientation, or gender identity. Seattle City Light encourages people of all backgrounds to apply, including people of color, immigrants, refugees, women, LGBTQIA+, people with disabilities, veterans, and those with diverse life experiences.
Job offers are contingent on the verification of credentials and other information required by the employment process, including the completion of a background check. The background check will involve a criminal history check, which includes conviction and arrest records in compliance with the Seattle’s Fair Chance Employment Ordinance, SMC 14.17 and the City of Seattle Personnel Rule 10.3 (Download PDF reader). A driving history review may be conducted in compliance with SMC 4.79.020. Applicants will be provided an opportunity to explain or correct background information.
The City of Seattle offers a comprehensive benefits package including vacation, holiday, and sick leave as well as medical, dental, vision, life and long-term disability insurance for employees and their dependents. More information about employee benefits is available on the City's website at: https://www.seattle.gov/human-resources/benefits/employees-and-covered-family-members/most-employees-plans.
Want to know more about Seattle City Light? Check out our web page: https://www.seattle.gov/city-light/about-us/careers.