Salary: $109,595.20 – $140,004.80 annually
Location: Fort Worth, TX
Position Summary:
TRWD manages an extensive floodway system and supplies raw water to over thirty wholesale customers that serve over two million people. The OT/IT Cybersecurity Engineer supports our safe and reliable operations by reducing the cybersecurity risk to our OT and IT environments.
As our OT/IT Cybersecurity Engineer, you will work closely with the SCADA and Information Services teams to operationalize best practices related to cybersecurity, manage vulnerabilities, support cybersecurity audit and compliance activities, and respond to cybersecurity incidents.
Essential Functions and Responsibilities:
The duties listed below are intended only as illustrations of the various types of work that may be performed. The omission of specific statements of duties does not exclude them from the position if the work is similar, related, or a logical assignment to this position.
- Vulnerability Management
- Research, prioritize, and coordinate the mitigation of CVEs applicable to TRWD’s OT and IT environments.
- Ensure vulnerability and threat management software such as Claroty, Tenable, and CrowdStrike Falcon are deployed, tuned, and working as expected on all OT/IT endpoints.
- Perform patch management on OT endpoints, fully coordinating any patch related outages with the SCADA team to minimize impact to operations.
- Subscribe to and actively monitor OT and industry specific cybersecurity resources to keep informed of evolving threat scenarios.
- Work with the SOC to ensure SIEM is ingesting all expected log sources and is tuned appropriately.
- Provide awareness training for users with SCADA access on OT threats and vulnerabilities.
- Incident Management
- Create and maintain incident response playbooks and procedures.
- Actively respond to SOC-generated incidents, evaluating scope and managing mitigation activities.
- Coordinate incident reporting and communication activities among internal and external stakeholders.
- Actively participate in cybersecurity color team incident response tabletop exercises.
- Legal and Audit Compliance
- Identify and coordinate compliance activities related to legal, regulatory, and framework requirements related to cybersecurity.
- Enterprise Change and Risk Management
- Produce and maintain security architecture documents establishing the operational, system, and technical views of OT security architecture.
- Contribute to organizational change management planning to operationalize cybersecurity best practices in the OT/IT environments.
- SCADA Project Review
- Assist in reviewing architecture and configuration of new projects to ensure cybersecurity standards are met.
- Advise contractors and SCADA Teams on cybersecurity best practices during projects.
- Periodic cybersecurity compliance reviews of project activities, identifying potential risks and possible remediations.
- Maintain familiarity with strategic District levels of service
- Continuous improvement monitoring and innovation efforts
- Perform other duties as required
Required Experience:
- Five (5) years direct experience working as a cybersecurity professional in OT environments.
- Technical understanding of OT network protocols such as Modbus, OPC, CIP, DNP3, BACnet and Ethernet/IP.
- Strong understanding of cybersecurity frameworks and controls including NIST Cybersecurity Framework (CSF), NIST SP800-53, NIST SP800-82, and CIS
Desired Experience:
- Experience utilizing the MITRE ATT&CK for Industrial Control Systems framework.
- Industry experience with Water & Wastewater or Oil and Gas SCADA operations.
- Experience performing threat modeling and Cyber Risk Quantification (CRQ) assessments using industry standard frameworks.
Required Education/Certification/License:
- Bachelor’s degree in Engineering, Computer Science, or related technical field. Degree requirement can be substituted with an additional three (3) years of direct industry experience.
- Current certification in one of the following or equivalent certifications:
- Certified SCADA Security Architect (CSSA)
- GIAC certifications such as Global Industrial Cyber Security Professional (GICSP), GIAC Critical Infrastructure Protection (GCIP), or GIAC Response and Industrial Defense (GRID)
- Certified Information Systems Security Professional (CISSP)
- Valid Texas driver’s license
- Must pass a Texas DPS/FBI Criminal Justice Information Services (CJIS) criminal history background check and maintain CJIS eligibility
Success Factors/Job Competencies:
- Ability to analyze and operate at various levels of abstraction.
- Self-motivated and constant learner.
- Excellent problem-solving ability and strategic thinking skills
- Strong verbal and written communication: able to speak to all stakeholder levels at the organization, document standards and procedures, articulate priorities.
- Planning – ability to think ahead and plan over five years.
- Ability to influence, mobilize, and lead interdepartmental teams towards a set of objectives and a common vision.
Physical Demands and Work Environment:
The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Physical demands: While performing duties of job, employee is occasionally required to stand; walk; sit; use hand to finger, handle, or feel objects, tools, or controls; reach with hands and arms; balance; stoop; talk and hear. Must not be afraid of heights. Must be able to drive necessary distances when required. Employee must occasionally lift and/or move up to 50 pounds. Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.
- Work environment: While performing the duties of this job, the employee typically resides within an office or cubicle and may have occasional field work that will expose the employee to weather conditions prevalent at the time.
For HR Use Only (POS#335)
