Plant Operations Cyber Security Specialist
ELDON, TX, US, 77520
NRG
NRG is a leading North American energy and home services company dedicated to helping you power, protect, and intelligently manage your home or business.As an NRG employee, we encourage you to take charge of your career and development journey. We invite you to explore exciting opportunities across our businesses. You’ll find that our dynamic work environment provides variety and challenge. Your growth is key to our ongoing success—take the lead in shaping your career development, goals and future!
Job Summary
This position ensures the execution of the security services and CIP compliance for generating plants and will be responsible for maintaining inventories, configuration baselines, security logging, and patching. This position will also work with compliance and controls personnel to implement and maintain the program and serve as the primary contact for the services.
Essential Duties/ Responsibilities
• Ensure compliance with all NERC-CIP Standards at NRG’s facilities.
• Primary responsibility for CIP compliance at assigned site.
- Create and maintain compliance or operational procedures as required.
• Be the lead for all CIP-related Physical and Electronic Access Control for the identified site.
• Be the primary contact for issues with physical security at all assigned sites for physical security parameters, including verifying those needing access, response to breaches, and security system failures.
• Determination, verification, and justification of all open ports and enabled services on Cyber Assets.
• Assessment of security patches and updates for all Cyber Assets.
• Deployment or mitigation of required security patches and updates to all Cyber Assets.
• Ensure that Cyber Assets are protected by Antivirus/Antimalware applications; update as required.
• Ensure required logging and alerting of Cyber Assets is functional; respond to detection of various types of alerts or breaches.
• Be the administrator for personnel needing electronic access, both local and remote, to Cyber Assets.
• Follow NRG’s Policy and Procedure for reporting Cyber or Physical Security Incidents. Assist in testing the Incident reporting procedure annually.
• Perform and verify backups of Cyber Assets.
• Create and maintain disaster recovery procedures and assist with performance
- Follow and assist others in following the NRG Policy and Procedures for Change Management.
• Perform Cyber Vulnerability Assessments as needed.
• Provide accurate documentation for all NERC evidence requirements; complete evidence collection tasks in NRG’s workflow program in a timely manner.
• Assist with Compliance Requirements at other sites in the region as needed as well as being available to assist team members at other sites across the NRG fleet if needed.
• Work with team members on projects and new, innovative ideas.
• Working with various teams, prepare evidence needed for NERC Audits.
• Maintain great working relationships with site personnel and other teams.
• Some travel required- approximately 10-20%.
• Other duties as required.
Working Conditions
• Work in an open office or power plant environment
• Work overtime and non-standard working hours as directed
Minimum Requirements
- Three (3) or more years of experience in Cyber Security, NERC-CIP Compliance, and/or Power Generation or Transmission.
- Experience working with Distributed Control Systems (DCS).
- Knowledge of OT Technologies and Balance of Plant (BoP) Systems.
• Experience in the concepts of protection of assets using Antivirus/Antimalware, applying security updates and security monitoring.
• Experience in maintaining Windows-based servers and workstations including configuration, patching, and anti-malware
• Good working knowledge of Windows (Access, Word, and Excel), Visio, and Unix as related to both, servers and workstations.
• Working knowledge of Unix/ Linux Operating Systems.
• Working knowledge of network equipment such as firewalls, switches, and routers.
Preferred Qualifications
- Bachelor’s degree in information technology, engineering, or related area
- Cybersecurity certifications such as CISSP, CISA, Security+
- NERC-CIP experience and knowledge of NERC-CIP Standards and Requirements.
- Knowledge and/or experience working with Distributed Control Systems (DCS).
- Knowledge of OT Technologies and Balance of Plant (BoP) Systems.
- Experience using vulnerability scanning tools.
- Experience provisioning and maintenance of PACS.
- Administration experience of Windows and as related to both servers and workstations.
- Demonstrated ability to communicate (verbal and written) with all levels of internal and external customers.
- Demonstrated ability to work independently and as a team member.
- Demonstrated ability to set priorities and respond to changing demands.
- Ability to exercise discretion and independent judgment in applying established techniques, procedures, or standards; demonstrated ability to maintain confidentiality.
Additional KSAs
• Socialize innovative ideas with the team and others.
• Performs moderately complex work assignments under minimal supervision.
• Works to resolve moderately complex issues, and seeks guidance from team members on escalated issues.
• Demonstrated ability to communicate (verbal and written) with all levels of internal and external customers.
• Demonstrated ability to work independently and as a team member.
• 1 year or more of experience with system management (patching, troubleshooting, administration)
• Demonstrated ability to set priorities and respond to changing demands.
• Ability to exercise discretion and independent judgment in applying established techniques, procedures or standards; demonstrated ability to maintain confidentiality.
Physical Requirements
Demand
Frequency
• Requires lifting as appropriate to complete duties
Occasional
Statement
NRG Energy is committed to a drug and alcohol-free workplace. To the extent permitted by law and any applicable collective bargaining agreement, employees are subject to periodic random drug testing, and post-accident and reasonable suspicion drug and alcohol testing. EOE AA M/F/Vet/Disability Level, Title and/or Salary may be adjusted based on the applicant's experience or skills. Official description on file with Human Resources.
Please Note: Salary offered will be commensurate with the successful candidate’s education and/or experience and consistent with the job location’s market pay rate.
NRG Energy is committed to a drug and alcohol-free workplace. To the extent permitted by law and any applicable collective bargaining agreement, employees are subject to periodic random drug testing, and post-accident and reasonable suspicion drug and alcohol testing. EOE AA M/F/Vet/Disability. Level, Title and/or Salary may be adjusted based on the applicant's experience or skills.
Official description on file with Talent.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Antivirus Audits CISA CISSP Compliance Distributed Control Systems Firewalls Linux Malware Monitoring UNIX Windows
Perks/benefits: Career development
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.