Sr. ICS Security Engineer

If end date is listed, the posting will come down at 12:00 am on that date:

About The Position

The Senior ICS Security Engineer:

• Maintains an understanding of Ameren's threat landscape and works to optimize Ameren's strategies and tool sets used to protect critical infrastructure control systems.
• Maintains an understanding of Ameren's cybersecurity regulations, controls, processes, standards, policies, and procedures; and maintains an understanding of the capabilities and limitations of industrial control systems.
• Collaborates with both operations and IT stakeholders to design and implement Cybersecurity improvements in either the ICS environments or mitigating controls around them. This person will also work to quantify and communicate existing Cyber risks and risk reductions realized through improvements.

Key responsibilities include:

• Provides Cybersecurity guidance and expertise regarding protection of critical infrastructure control systems to cross-functional teams; and assesses impact on other related programs, areas, or processes.
• Collaborates with multiple teams to identify needs and develop cost-effective, secure, and supportable solutions.
• Develops and maintains an understanding of operational facilities' current threat posture and collaborates with other teams to effectively identify and understand emerging threat patterns.
• Monitors threat intelligence communications and assists in developing and implementing response action plans.
• Supports development and implementation of Cyber risk mitigation action plans within and in support of industrial control systems.
• Supports development and enactment of realistic cyber-event exercises for critical infrastructure support teams.
• Supports continuous improvement approach to performance, monitoring, and evidence collection for Cybersecurity controls in various operating areas, and in compliance with appropriate regulatory requirements.
• Supports accurate collection, presentation, and communication of Cybersecurity evidence to regulatory audit teams.
• Executes on threat intelligence programs, reviews patterns and trends, and provides updates/reports to senior team members.
• May be occasionally required to provide on-call support for a 7x24x365 operation.
• Regional travel may be required to Ameren operating facilities, including nuclear energy facilities.

Qualifications

• A Bachelor's degree is preferred, ideally in engineering, mathematics, computer science, or cybersecurity.
• Consideration will be given to candidates with eight or more years of relevant experience in lieu of the degree requirement.
• 4+ years of relevant experience.
• The ideal candidate will have experience with utility-related Cybersecurity regulatory compliance programs (NERC CIP, NRC NEI 08-09, TSA Security Directives, etc.)
• Professional certification (e.g. CISSP, Security+, Network+, OSCP, GIAC, CDH) preferred.

In addition to the above qualifications, the successful candidate will demonstrate:

• Strong analytical skills.
• Strong communication skills
• Strong knowledge of common security tools.

Additional Information

Ameren's selection process includes a series of interviews and may include a leadership assessment process. Specific details will be provided to qualified candidates.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, ethnicity, age, disability, genetic information, military service or status, pregnancy, marital status, sexual orientation, gender identity or expression, or any other class, trait, or status protected by law.