Principal Systems Cyber Security Engineer - OT
$135,900 - $151,000/Yr
Constellation Energy - Baltimore, MD
posted 24 days ago
Full-time - Principal
Baltimore, MD
Utilities
About the position
The Principal Systems Cyber Security Engineer - OT at Constellation is responsible for leading the security engineering design and implementation of Industrial Control Systems (ICS) within the power generation environment. This role serves as a liaison among various teams, ensuring effective communication and collaboration to enhance ICS security. The engineer will participate in industry forums, guide documentation development, and maintain compliance with regulatory requirements while mentoring IT personnel and promoting a diverse and inclusive workplace.
Responsibilities
- Develop Industrial Control System design specifications in collaboration with Operational Technology and Information Technology teams.
- Verify security design specifications for Industrial Control System assets using a risk-based approach aligned with Constellation's Cyber Security objectives.
- Understand Constellation's computing environment and the necessary security technologies and architectures.
- Review regulatory roadmaps and evaluate new controls for compliance strategies.
- Maintain a map of regulatory and internal requirements to identify gaps and create improvement projects.
- Support regulatory audits and provide coaching/mentorship for IT personnel.
- Promote diversity, equity, and inclusion within the team.
Requirements
- Bachelor's Degree in Computer Science, Information Technology, or a related discipline.
- 8 to 10 years of experience in Cyber Security Engineering and/or Architecture.
- Demonstrated analytical skills and technical knowledge in cyber and information security principles.
- Experience with enterprise and Industrial Control System specific security solutions.
- Knowledge of network services and protocols, incident categories, and responses.
- Experience in project support, planning, maintenance, and operations.
- Knowledge of intrusion detection methodologies and network attack types.
- Basic system administration and network hardening techniques.
- Understanding of network security architecture concepts and the OSI model.
Nice-to-haves
- Graduate degree in cyber security or related area.
- Skill in using security event correlation tools.
- Knowledge of cyber defense policies and regulations.
- Certifications such as GIAC GICSP, GIAC GRID, CISSP, or SSCP.
- Familiarity with NERC CIP, CMMC, NRC, and other compliance frameworks.
Benefits
- Competitive compensation and benefits package.
- Bonus program and 401(k) with company match.
- Employee stock purchase program.
- Comprehensive medical, dental, and vision benefits.
- Robust wellness program.
- Paid time off for vacation, holidays, and sick days.
