More than a career - a chance to make a difference in people's lives.
Build an exciting, rewarding career with us help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.
This position can be located anywhere within the Florida regional footprint
This position is responsible for providing development, support, to the on-going strategy of the NERC CIP010 r4 program to meet regulatory and corporate requirements. Consults with other business groups on Transit Cyber Asset (TCA) to help meet IT503 requirements and future strategies. Provides solutioning and support for TCA's in regard to hardware, software, infrastructure planning, consultation, technical advice, functional advice, and direction in support of assigned business group strategies. Works directly with vendors of relay field applications to detect and mitigate field application vulnerabilities following the timeline lines provided operational documentation. Serves as an interface between CMV, support groups, corporate IT, CPM and application vendors to ensure appropriate communication and problem resolution.
Incident analysis, root cause analysis and problem resolution experience
Working knowledge of network architecture and firewall security
Must be able to effectively communicate with or testify before regulatory agencies
Strong communication and presentation skills with demonstrated ability to communicate with varying audiences
Ability to support, trouble shoot field application, laptops, and accessories
Has the ability to manage confidential information with a high degree of integrity
Demonstrates good listening skills and puts forth the effort to understand others points of view
Ability to operate within fast paced and stressful environments
Ability to operate with team environment and good relationships to achieve expected results
Broad knowledge of the application of IT cybersecurity practices
Broad knowledge of installing and maintaining Transmission field applications and associated hardware
Responsibilities for CMV include:
For TCA's Ensure a strong cyber security posture that is CIP compliant across the enterprise
Manage compliance of Transit Cyber Devices which includes patching vulnerabilities, scanning for malware, approving and whitelisting applications.
Participate in the development and implementation NERC compliance by providing process expertise to the enterprise on CIP10 r4 policy/programs/processes/procedures
Leads and facilitate cause investigations for CIP010 r4, including extent of condition
Manages business area Active Directory groups for TCA authorized users.
Troubleshoots hardware and software issues for TCAs in the field and engage IT organization to address as needed
Participates in the evaluation of new applications and the identification of system requirements for planning purposes.
Monitors vendors (SEL, ABB, GE, Windows etc.) or identified sources (DHS, NCICC, ES-ISAC, SANS) for security vulnerabilities for business area applications on established frequencies (weekly/monthly).
Facilitates assessments of software updates or security patches for implementation on TCAs within established timeframes. Creates project trackers to ensure compliance evidence is maintained for security patching.
Development of CIP Elearning Operational Tutorials
Generates reports and compliance evidence using available tools (system management, configuration management, hardening and whitelisting applications, or future tools as available)
Relay Application Management
Supports hardware for field operations of TCA Laptops
Laptop/TCA Patch management
Laptop/TCA Application Upgrades
Laptop/TCA New Applications
Works directly with vendors on version notification and patching
Assist Lead CIP Compliance Analyst on test parameters collection and storage
Deployment of applications, upgrades (versioning), patches
Interfaces with IT Manages relay bundles
Manages Active directory for access to relay bundles
Have administrative rights to add and manipulate applications on TCA's.
Manages TCA whitelist for region(s)
Supports hardware for field operations of TCA Laptops
Mangers Tripwire for region and investigates anomalies
Manages active directory list for TCA's
Serves as region administrator for the TCA Harding Application
Monitors IP connections
Adds and removes laptops from application
Provide reporting to regional CIP Lead
Champions TCA compliance and service as region support and trainer
Service as liaison with CyOps
Supports CIP010 r4 CIP Lead
Operation Systems and Removable Media
Works with CyOps on patching vulnerabilities associated with Operating systems
Works with CIP Leads and to test and validate operability all Relay applications when new operating systems and associated images are released
Monitors the use of RM an helps shape direction to remove the use and need for RM
Works with IT on approved RM list and existing exceptions
Supports Region CIP Leads on CIP010 r4 and any other standards which can impact TCA's.
Relocation Assistance Provided (as applicable)Yes
Visa Sponsored PositionNo
Posting Expiration Date
Tuesday, March 26, 2019
All job postings expire at 12:01 AM on the posting expiration date.
Please note that in order to be considered for this position, you must possess all of the basic/required qualifications.
Duke Energy Corporation