• Job Description

  Req#: 4962028

  Seattle City Light, a department of the City of Seattle, is one of the nation’s largest municipally owned utilities in terms of the number of customers served. Over the years we have worked very hard to keep Seattle's electricity affordable, reliable, and environmentally sound. Today, City Light is a recognized national leader in energy efficiency and environmental stewardship.

  The Senior OT Cyber Security Specialist works within the Seattle City Light Enterprise Cyber Security Program, supporting governance processes, risk frameworks, standards of practice, security controls design and development, and other proactive risk management activities. A primary function will be performing risk assessments, addressing risk mitigations, and leading efforts to improve cyber security practices in the utility.

  This role will support current and emerging Utility and Operational Technologies, including development and maintenance of policies and technical standards to ensure our Grid Modernization initiatives, power grid technologies, and supporting systems meet cyber security objectives and regulatory requirements. In addition, this role may support cyber security incident detection and response activities and will work with cyber security systems and toolsets.

  This position works with various groups within the utility, as well as with the City’s IT department to monitor and manage risk for the utility’s critical information and operational technologies - helping to enable Seattle City Light’s vision of delivering clean, reliable, and affordable power.

  This position will report to the City Light Cyber Risk Manager

  Here is more about what you’ll be doing:

  
  

  • Directly conduct or support third-party conduct of cyber risk assessments. Risk assessments may include OT/SCADA environments, IT/OT convergence areas, Grid Modernization technology, and various other existing and emerging technologies. Assess and provide subject-matter expertise and guidance on cybersecurity risk for technology projects and change requests.

  
  

  • Support the utility cyber security objectives, to include compliance, safety, reliability, and business continuity/disaster recovery initiatives. This includes leading/participating in various security enhancement projects to improve cyber security controls, and ensuring operational technology practices comply with organizational policies, industry best practices, and NERC-CIP regulatory requirements.

  
  

  • Support development of policies, guidelines, and standards to ensure the safety, reliability, availability, confidentiality, and integrity of a wide range of operational technologies to include SCADA systems, HMIs, RTUs, various IEDs, internal and perimeter communications, and other applicable devices or supporting services.
    
  • Support development and maintenance of the utility’s cyber security governance processes, policies, and standards of practice, in coordination with City Light and Seattle IT stakeholders.

  
  

  • Maintain the risk framework and metrics used to monitor and report on risks, maturity, and progress of the cyber security program in order to identify high priority goals and support roadmap development.

  
  

  • Support the vulnerability management program, to include developing policies and procedures for assessing systems for vulnerabilities, advising system owners on remediation strategies, and leveraging penetration testing where appropriate to validate controls and presumed security levels.

  
  

  • Support cyber security threat management activities, to include gathering, analyzing, and assessing the current and future threat landscape; understanding threats to City Light infrastructure and operational missions; and developing and sharing threat intelligence through collaborative efforts to include coordination with DHS, US-CERT, MS-ISAC, E-ISAC, WSFC, FBI, SPD, and other threat sharing vectors. Develop threat summary reports and provide appropriate communications to leadership and operations staff.

  
  

  • Support cyber security training and awareness efforts to include developing security awareness materials, supporting role based cyber security training for technical staff, and developing cyber security exercises.
    
  • Design, configure, implement, and operate cyber security operational capabilities, and develop procedures for security threat monitoring, such as with intrusion detection/prevention (IDS/IPS), netflow, pcap, SIEM, and other security tools.

  
  

  • Support operational technology staff to identify malware or malicious activity and investigate/troubleshoot to root source. Lead and/or support incident response activities to minimize risk of compromised systems without impeding real time power grid operations.

  
  

  • Collaborate with Seattle IT Digital Security and Risk team to develop cross-department incident management protocols and to respond to incidents impacting City Light IT/OT environments.

  
  

  • Keep abreast of technological advancements and operational technology cyber security best practices for the electric power grid. Maintain subject matter expertise and represent City Light through various collaborative efforts, such as industry partnerships and participating in cyber security conferences, workshops, and information sharing.
    
    
  • Additional duties as assigned.

  Required Qualifications:

  In addition to the skills and experience mentioned below, a successful applicant will have experience that reflects a commitment to creating fair and equitable outcomes and has:

  Education:

  Bachelor's degree in Cyber Security, Computer Science, Technology Management, SCADA/Communications Engineering, or a closely related field, or an equivalent combination of education, training, and experience.

  Experience:

  Five years of progressively responsible experience in threat management, information assurance, security operations, systems engineering, security policy development/administration, and/or security tool administration and use, preferably in an electric utility environment.

  • Excellent analytical ability, problem-solving, and collaboration skills.
  • Excellent verbal, written, and presentation communication skills.
  • Relevant professional certification, such as CISA, CISM, CISSP, CRISC, CGEIT, CIPP, and/or CIPP/IT.
  • Strong understanding of technology trends, risks, and cyber security best practices.
  • Knowledge of defense-in-depth principles and security architecture.

  Desired Qualifications - You will be successful if you have the following experience, skills, and abilities:

  • Understanding of Power Grid Operational Technologies.
  • Ability to plan, manage, and execute multiple tasks and projects within defined timelines.
  • Experience using GRC/IRM tools for cybersecurity processes
  • Experience with NERC-CIP cyber security requirements and compliance.
  • Background in common information and operational technologies applied in Utilities.
  • Ability to work in fast-paced government technology environment; to work as a productive member of a professional team, as well as initiative to be a self-starter; ability to work under pressure, multi-task, and rapidly change priorities.

  Please note this job advertisement is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

  The full salary range for this position is $60.10 to $90.16 per hour.

  Application Process

  Please submit the following with your online application:

  • A cover letter in which you clearly describe how your knowledge, experience, skills, and abilities prepare you for the job responsibilities and qualifications outlined in the job announcement
  • A current resume of your educational and professional work experience.

  *Incomplete applications will not be considered.*

  Who May Apply: This position is open to all candidates that meet the qualifications. Seattle City Light values diverse perspectives and life experiences. Applicants will be considered regardless of race, color, creed, national origin, ancestry, sex, marital status, disability, religious or political affiliation, age, sexual orientation, or gender identity. Seattle City Light encourages people of all backgrounds to apply, including people of color, immigrants, refugees, women, LGBTQIA+, people with disabilities, veterans, and those with diverse life experiences.

  Job offers are contingent on the verification of credentials and other information required by the employment process, including the completion of a background check. The background check will involve a criminal history check, which includes conviction and arrest records in compliance with the Seattle’s Fair Chance Employment Ordinance, SMC 14.17and the City of Seattle Personnel Rule 10.3. A driving history review may be conducted in compliance with SMC 4.79.020.Applicants will be provided an opportunity to explain or correct background information.

  The City of Seattle offers a comprehensive benefits package including vacation, holiday, and sick leave as well as medical, dental, vision, life and long-term disability insurance for employees and their dependents. More information about employee benefits is available on the City's website at: https://www.seattle.gov/human-resources/benefits/employees-and-covered-family-members/most-employees-plans.

  Want to know more about Seattle City Light? Check out our web page: https://www.seattle.gov/city-light/about-us/careers.

• About the company

  The Seattle City Attorney is a non-partisan elected official in Seattle, Washington whose job is to "prosecute people for misdemeanor offenses, defend the city against lawsuits and gives legal advice to the city".

Notice