• Cybersecurity Engineer

    Job Locations US-MA-Andover
    Job ID
    # of Openings
    Information, Communication, Technology
  • Overview

    Enel Green Power is looking for the ideal critical thinker to augment our cybersecurity needs.  The NERC CIP Cybersecurity Engineer will work with members of the ICT, ICS and NERC CIP teams to effectively identify, communicate and implement combined ICT and ICS procedures according to the defined NERC CIP requirements.  This person will coordinate and actively take part in various tasks to ensure that the Enel Green Power ICT team is meeting NERC CIP requirements and that scheduled deliverables are satisfactorily provided.  The technology is comprehensive covering multiple datacenters, power generation facilities,remote offices and remote power generation sites.  This person is expected to wear multiple technology hats, but whose primary focus is to ensure NERC CIP requirements are being met and deliverables are presented according to schedule.



    Required Design and Project Duties:

    • Risk based approach using cyber threat analysis
    • Alignment to NERC and stronger cybersecurity best practices
    • Provide cyber content for turbine supplier agreements
    • Provide cyber content for transmission line agreements
    • Contribute and own process, network, data, and system documents
    • Contribute to the internal process improvements within and between Enel teams


    Required Validation Activities:

    • Risk improvements based on data interpreted from Enel cyber tool sets
    • Various cyber sweeps to confirm posture
    • Backup check validations
    • Documentation checks and related change control documents


    Required Operational Duties:

    • Vulnerability sweeps through regular Nessus scanning
    • System (Linux, Network, VM, other) hardening through patch remediation, least privilege, whitelisting, antivirus and compensating technologies.
    • SIEM monitoring and reports via RSA Secure Analytics
    • Determining and assigning network and system access for potential stakeholders
    • Oracle Patch Management according to SCADA vendor recommendations
    • Scripting for automation of tasks
    • Preparation for Audits:

    ACL/IDS/IPS configurations and reports

    Asset, data, ports and services documentations

    • Training Cybersecurity to stakeholders



    Required Skills:

    • Linux Administration
    • DBA skills in Oracle
    • Storage Server and Backup with HP Blade environments
    • Cybersecurity experience in Linux, Cisco and Fortinet equipment
    • Industrial control system knowledge
    • Project management knowledge



    • Mandatory Minimal Education: BSCS, BSCE, BSEE or other engineering degree
    • Security Certifications: GIAC, CISSP, CCNA Security or equivalent
    • Experience in relevant security standards: NERC-CIP, IEC62443, ISA99, ISO27002, various government and segment standards.
    • Several years of experience in implementing any of the following: SIEM, Vulnerability Testing, Whitelisting, Anti-Virus, Multifactor Authentication, AAA, NAC, Linux hardening.
    • Cisco Switch, Cisco WiFi, Router and Firewalls experience highly desirable
    • Procedures and Policy Experience: Policy and procedure lifecycle. Including, Incident Management.
    • Project Management experience
    • Experience in one or more of the following: Nessus, Grassmarlin, Snort, SCCM or RSA Analytics products.
    • Previous technical administration experience in Linux, storage and RDBMS.
    • A passion to learn and be self-directed to address cyber priorities


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.