SCADA & OT Cyber Security Engineer

It takes the brightest minds to be a technology leader. It takes imagination to create green energy for the generations to come. At Siemens Gamesa we make real what matters, join our global team.

Position Overview:

• The SCADA team in Siemens Gamesa is responsible for SCADA installation, maintenance, network architecture design and sub-system support as part of the Technology Services team.
• The SCADA networks are used for controlling, operating and monitoring wind energy power plants. A successful candidate has the ability to work effectively and diligently as an individual engineer and team member in front of both internal and external customers and may be exposed to challenging areas of customer interface and sales strategies.
• The SCADA & OT cyber Security Engineer will further enhance the capacity of the team by participating in the design and consultation of security modifications and upgrades with the R&D teams, Sales teams, and External clients for the wind power plant environment including but not limited to: WAN, LAN, DMZ, and ICS environments.
• The SCADA & OT Cyber Security Engineer position is located in US-Orlando, FL - Corporate 11950.
• Travel required: up to 15%
• Relocation may be offered for this role should it be necessary.

Responsibilities:

• Supports and consults internal/external customers in implementing the required (software and hardware) product & solution security
  • Includes interface to sales for quoting and scope purposes
• Supports project teams in conducting security activities during the development process, project management process and / or services.
• Can support multiple projects at the same time
• Coordinates with the Product & Solution Security Officer at regional and global levels
  • Synchronize adequately with Information Security organization to ensure that the development, manufacturing and integration of IT-infrastructure is sufficiently secure (e.g. to ensure confidentiality, integrity or availability of source code, binaries and configuration).
• Ensures that security is adequately reflected in skills, processes and technologies (tools, platforms) used for service delivery.
• Continuously monitors and evaluates the effectiveness of the security measures and supports in incident handling.
• Provide regulation definition input to global development programs
• Supports the SCADA team manager to build up required competencies for product & solution security within the project team
• Coaching of project teams during product & solution development (e.g. creation of requirements specifications, architecture and design, implementations, test cases, user documentation)
• Specification and maintenance of configuration and hardening guidelines (e.g. for SGRE products and third-party components and manufacturing equipment).
• Reviews documents produced during the development and engineering process (e.g. threat and risk analysis results, requirements specification, architecture and design, test specification, user documentation) regarding product & solution security.
• Guide Technological Aspects:
  • Specification and maintenance of security requirements for the project. Support for meeting international and regional security standards and regulations (like IEC62443, WIB, NERC-CIP) in the project.
  • Planning and performing threat and risk analysis and definition of countermeasures in line with risk acceptance criteria of organization.
  • Evaluation of third party components regarding product & solution security.
• Verifies implementation regarding security requirements (e.g. as part of system test, factory or site acceptance test).
• Validates (e.g. friendly hacking, penetration testing) to ensure that implementation fulfills security expectations of customers (e.g. to identify security vulnerabilities, and to evaluate the effectiveness of remediation measures). This includes recommendation and creation of security testing tools.
• Involvement in the analysis and handling of security vulnerabilities & incidents.

Support Communication:

• Contact person for product management, supply management (e.g. during contract negotiation) for security topics. Support for communication with customer (e.g. security-relevant information and available security updates).
• Represent customer project towards customers security representatives, align with customer's security and risk strategy
• Participate in release of products or solutions from product & solution security standpoint (e.g. at certain milestones or quality gates).
• Collection of product & solution security related lessons learned and feed into in continuous improvement activities (e.g. update of guidelines, reporting to PSSOs, integration in awareness material).

Maintenance & Support (Windfarm Operations & Sales)

• Maintain and support the SCADA Systems in North America
• Periodic checkup, track & coordinate with wind farm /Site operation /customer to do proactive maintenance security systems
• Assist other SCADA team members, Engineering & field personnel in root cause analysis and troubleshooting SCADA and security systems
• Handling, configuration and troubleshooting of the wind farm networks, which includes but is not limited to the wind farm fiber-optic and Ethernet networks, switches, radios (WAN and LAN)
• Prepare & Maintain technical documentation related to SCADA/Cyber security both for internal (SCADA team, Operation) and for external (customers)
• Suggest product strategies and priorities with engineering and sales teams

Customer Support

• Should be able/willing to handle customer calls /support directly
• Review Cyber security necessities /discussions with customer

Installation & Test

• Travel to wind farms as needed to support testing /upgrade of security systems
• Support Deploy cyber security upgrades

Required Knowledge, Education, Experience and Skills :

• Bachelor’s degree in Computer Science, Electrical Engineering, Electronics Engineering, IT security, Certified Information Systems or related field of study mandatory
• Strong Knowledge of NERC CIP Cyber security for power plants, preferably renewables (Wind)
• Must be familiar & worked minimum 5 years with any industrial standard SCADA systems /cyber security projects on SCADA (preferable in power industry)
• Strong working knowledge to various Database – like SQL
• Must be familiar with industrial standards protocols – MODBUS, DNP, IEC, OPC
• Strong networking experience (CCNA certification or equivalent)
• Strong Windows Server knowledge (any Microsoft cert preferable or equivalent)
• Basic knowledge about power systems and regulation standards

Preferred Knowledge, Education, Experience and Skills

• Spanish/Danish multilingual is preferable
• Instrumentation related to SCADA /Control systems
• Understanding of basic wind turbine components and functions
• Programming languages – C ,C++ , C#, JSON, CITECT etc.
• Wind farm/ Energy SCADA experience
• Security Professional (CISSP) and Certified Secure Software Life Cycle Professional (CSSLP) is helpful
• Has successfully worked as manufacturing engineer or security consultant

#Associate

To learn more about Siemens Gamesa, check out these videos:

Empowering our people

[https://www.siemensgamesa.com/sustainability/employees>

How do you imagine the future?

https://youtu.be/12Sm678tjuY

Equal Employment Opportunity Statement

Siemens Gamesa Renewable Energy is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, physical or mental disability unrelated to ability, marital status, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, order of protection status, protected veteran or military status, or an unfavorable discharge from military service, and other categories protected by federal, state or local law.

EEO is the Law

Applicants and employees are protected under Federal law from discrimination. To learn more, click here.

Pay Transparency Non-Discrimination Provision

Siemens Gamesa Renewable Energy follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision. To learn more, click here.

California Privacy Notice

California residents have the right to receive additional notices about their personal information. To learn more, click here.

Employee Benefits

To learn more about our benefits, Click here

Siemens Gamesa is an equal opportunity employer and maintains a work environment that is free from discrimination and where employees are treated with dignity and respect. Employment at Siemens Gamesa is based solely on an individual's merit and qualifications, which are directly related to job competence. Siemens Gamesa does not discriminate against any employee or job applicant on the basis of race, ethnicity, nationality, ancestry, genetic information, citizenship, religion, age, gender, gender identity/expression, sexual orientation, pregnancy, marital status, disability or any other characteristic protected by applicable laws, rules or regulations. We adhere to these principles in all aspects of employment, including recruiting, hiring, training, compensation, promotion and benefits.

We are driven by people - from more than 100 different countries, they build the company we are every day. Our diverse and inclusive culture encourages us to think outside the box, speak without fear, and be bold. We value the flexibility that our smart-working arrangements, our digital disconnection framework and our family-friendly practices bring to the new way of working.