Systems and SCADA Security Engineer
The SCADA team in Siemens Gamesa is responsible for SCADA installation, maintenance, network architecture design and sub-system support as part of the Technology Services team. The SCADA networks are used for controlling, operating and monitoring wind energy power plants. A successful candidate has the ability to work effectively and diligently as an individual engineer and team member in front of both internal and external customers and may be exposed to challenging areas of customer interface and sales strategies. The Systems and SCADA Security Engineer will further enhance the capacity of the team by participating in the design and consultation of security modifications and upgrades with the R&D teams, Sales teams, and External clients for the wind power plant environment including but not limited to: WAN, LAN, DMZ, and ICS environments.
The Systems and SCADA Security Engineer:
Supports and consults internal/external customers in implementing the required (software and hardware) product & solution security
Includes interface to sales for quoting and scope purposes
Supports project teams in conducting security activities during the development process, project management process and / or services.
Can support multiple projects at the same time
Coordinates with the Product & Solution Security Officer at regional and global levels
Synchronize adequately with Information Security organization to ensure that the development, manufacturing and integration of IT-infrastructure is sufficiently secure (e.g. to ensure confidentiality, integrity or availability of source code, binaries and configuration).
Ensures that security is adequately reflected in skills, processes and technologies (tools, platforms) used for service delivery.
Continuously monitors and evaluates the effectiveness of the security measures and supports in incident handling.
Provide regulation definition input to global development programs
Supports the SCADA team manager to build up required competencies for product & solution security within the project team
Coaching of project teams during product & solution development (e.g. creation of requirements specifications, architecture and design, implementations, test cases, user documentation)
Specification and maintenance of configuration and hardening guidelines (e.g. for SGRE products and third-party components and manufacturing equipment).
Reviews documents produced during the development and engineering process (e.g. threat and risk analysis results, requirements specification, architecture and design, test specification, user documentation) regarding product & solution security.
Guide Technological Aspects:
Specification and maintenance of security requirements for the project. Support for meeting international and regional security standards and regulations (like IEC62443, WIB, NERC-CIP) in the project.
Planning and performing threat and risk analysis and definition of countermeasures in line with risk acceptance criteria of organization.
Evaluation of third party components regarding product & solution security.
Verifies implementation regarding security requirements (e.g. as part of system test, factory or site acceptance test).
Validates (e.g. friendly hacking, penetration testing) to ensure that implementation fulfills security expectations of customers (e.g. to identify security vulnerabilities, and to evaluate the effectiveness of remediation measures). This includes recommendation and creation of security testing tools.
Involvement in the analysis and handling of security vulnerabilities & incidents.
Contact person for product management, supply management (e.g. during contract negotiation) for security topics. Support for communication with customer (e.g. security-relevant information and available security updates).
Represent customer project towards customers security representatives, align with customer's security and risk strategy
Participate in release of products or solutions from product & solution security standpoint (e.g. at certain milestones or quality gates).
Collection of product & solution security related lessons learned and feed into in continuous improvement activities (e.g. update of guidelines, reporting to PSSOs, integration in awareness material).
Maintenance & Support (Windfarm Operations & Sales)
Maintain and support the SCADA Systems in North America
Periodic checkup, track & coordinate with wind farm /Site operation /customer to do proactive maintenance security systems
Assist other SCADA team members, Engineering & field personnel in root cause analysis and troubleshooting SCADA and security systems
Handling, configuration and troubleshooting of the wind farm networks, which includes but is not limited to the wind farm fiber-optic and Ethernet networks, switches, radios (WAN and LAN)
Prepare & Maintain technical documentation related to SCADA/Cyber security both for internal (SCADA team, Operation) and for external (customers)
Suggest product strategies and priorities with engineering and sales teams
Should be able/willing to handle customer calls /support directly
Review Cyber security necessities /discussions with customer
Support regulation test with customers
Installation & Test
Travel to wind farms for installation /upgrade of security systems
Conduct /Perform Factory acceptance test & Site acceptance test for security systems and SCADA
Deploy cyber security upgrades
Required Knowledge/Skills, Education, and Experience
Bachelor’s degree in Computer Science, Electrical Engineering, Electronics Engineering, IT security, Certified Information Systems or related field of study mandatory
Strong Knowledge of NERC CIP Cyber security for power plants, preferably renewables (Wind)
Must be familiar & worked minimum 2 years with any industrial standard SCADA systems /cyber security projects on SCADA (preferable in power industry)
Strong working knowledge to various Database – like SQL
Must be familiar with industrial standards protocols – MODBUS, DNP, IEC, OPC
Strong networking experience (CCNA certification or equivalent)
Strong Windows Server knowledge (any Microsoft cert preferable or equivalent)
Basic knowledge about power systems and regulation standards
Preferred Knowledge/Skills, Education, and Experience
Spanish/Danish multilingual is preferable
Instrumentation related to SCADA /Control systems
Understanding of basic wind turbine components and functions
Programming languages – C ,C++ , C#, JSON, CITECT etc.
Wind farm/ Energy SCADA experience
Security Professional (CISSP) and Certified Secure Software Life Cycle Professional (CSSLP) is helpful
Has successfully worked as manufacturing engineer or security consultant
Organization: Siemens Gamesa Renewable Energy
Company: Siemens Gamesa Renewable Energy, Inc.
Experience Level: Mid-level Professional
Job Type: Full-time
Equal Employment Opportunity Statement
Siemens is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, physical or mental disability, marital status, family responsibilities, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, protected veteran or military status, and other categories protected by federal, state or local law.
EEO is the Law
Applicants and employees are protected under Federal law from discrimination. To learn more, Click here.
Pay Transparency Non-Discrimination Provision
Siemens follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision. To learn more, Click here.
California Privacy Notice
California residents have the right to receive additional notices about their personal information. To learn more, click here.