Systems and SCADA Security Engineer
Business Unit: Wind Power and Renewables
Requisition Number: 235999
Primary Location: United States-Florida-Orlando
Assignment Category: Full-time regular
Experience Level: Senior level
Education Required Level: Bachelor's Degree
Travel Required: 15%
About Siemens Gamesa Renewable EnergyWith a worldwide installed capacity of 75 GW, Siemens Gamesa Renewable Energy has a presence in more than 90 countries and a team of 27,000 employees worldwide. Its end-to-end value chain presence encompasses onshore and offshores wind turbines design, manufacturing, installation as well as cutting-edge service solutions. The global headquarters and legal domicile of the company is located in Zamudio, Spain. The company is listed on the Spanish stock exchange.
Systems and SCADA Security Engineer
The SCADA team in Siemens Gamesa is responsible for SCADA installation, maintenance, network architecture design and sub-system support as part of the Technology Services team. The SCADA networks are used for controlling, operating and monitoring wind energy power plants. A successful candidate has the ability to work effectively and diligently as an individual engineer and team member in front of both internal and external customers and may be exposed to challenging areas of customer interface and sales strategies. The Systems and SCADA Security Engineer will further enhance the capacity of the team by participating in the design and consultation of security modifications and upgrades with the R&D teams, Sales teams, and External clients for the wind power plant environment including but not limited to: WAN, LAN, DMZ, and ICS environments.
The Systems and SCADA Security Engineer:
· Supports and consults internal/external customers in implementing the required (software and hardware) product & solution security
- Includes interface to sales for quoting and scope purposes
· Supports project teams in conducting security activities during the development process, project management process and / or services.
· Can support multiple projects at the same time
· Coordinates with the Product & Solution Security Officer at regional and global levels
- Synchronize adequately with Information Security organization to ensure that the development, manufacturing and integration of IT-infrastructure is sufficiently secure (e.g. to ensure confidentiality, integrity or availability of source code, binaries and configuration).
· Ensures that security is adequately reflected in skills, processes and technologies (tools, platforms) used for service delivery.
· Continuously monitors and evaluates the effectiveness of the security measures and supports in incident handling.
· Provide regulation definition input to global development programs
· Supports the SCADA team manager to build up required competencies for product & solution security within the project team
· Coaching of project teams during product & solution development (e.g. creation of requirements specifications, architecture and design, implementations, test cases, user documentation)
· Specification and maintenance of configuration and hardening guidelines (e.g. for SGRE products and third-party components and manufacturing equipment).
· Reviews documents produced during the development and engineering process (e.g. threat and risk analysis results, requirements specification, architecture and design, test specification, user documentation) regarding product & solution security.
· Guide Technological Aspects:
- Specification and maintenance of security requirements for the project. Support for meeting international and regional security standards and regulations (like IEC62443, WIB, NERC-CIP) in the project.
- Planning and performing threat and risk analysis and definition of countermeasures in line with risk acceptance criteria of organization.
- Evaluation of third party components regarding product & solution security.
· Verifies implementation regarding security requirements (e.g. as part of system test, factory or site acceptance test).
· Involvement in the analysis and handling of security vulnerabilities & incidents.
· Contact person for product management, supply management (e.g. during contract negotiation) for security topics. Support for communication with customer (e.g. security-relevant information and available security updates).
· Represent customer project towards customers security representatives, align with customer's security and risk strategy
· Participate in release of products or solutions from product & solution security standpoint (e.g. at certain milestones or quality gates).
· Collection of product & solution security related lessons learned and feed into in continuous improvement activities (e.g. update of guidelines, reporting to PSSOs, integration in awareness material).
Maintenance & Support (Windfarm Operations & Sales)
· Maintain and support the SCADA Systems in North America
· Periodic checkup, track & coordinate with wind farm /Site operation /customer to do proactive maintenance security systems
· Assist other SCADA team members, Engineering & field personnel in root cause analysis and troubleshooting SCADA and security systems
· Handling, configuration and troubleshooting of the wind farm networks, which includes but is not limited to the wind farm fiber-optic and Ethernet networks, switches, radios (WAN and LAN)
· Prepare & Maintain technical documentation related to SCADA/Cyber security both for internal (SCADA team, Operation) and for external (customers)
· Suggest product strategies and priorities with engineering and sales teams
· Should be able/willing to handle customer calls /support directly
· Review Cyber security necessities /discussions with customer
· Support regulation test with customers
Installation & Test
· Travel to wind farms for installation /upgrade of security systems
· Conduct /Perform Factory acceptance test & Site acceptance test for security systems and SCADA
· Deploy cyber security upgrades
Required Knowledge/Skills, Education, and Experience
Bachelor’s degree in Computer Science, Electrical Engineering, Electronics Engineering, IT security, Certified Information Systems or related field of study mandatory
· Strong Knowledge of NERC CIP Cyber security for power plants, preferably renewables (Wind)
· Must be familiar & worked minimum 2 years with any industrial standard SCADA systems /cyber security projects on SCADA (preferable in power industry)
· Strong working knowledge to various Database – like SQL
· Must be familiar with industrial standards protocols – MODBUS, DNP, IEC, OPC
· Strong networking experience (CCNA certification or equivalent)
· Strong Windows Server knowledge (any Microsoft cert preferable or equivalent)
· Basic knowledge about power systems and regulation standards
Qualified Applicants must be legally authorized for employment in the Unites States. Qualified Applicants will not require employer sponsored work authorization now or in the future for employment in the United States.
Preferred Knowledge/Skills, Education, and Experience
· Spanish/Danish multilingual is preferable
· Instrumentation related to SCADA /Control systems
· Understanding of basic wind turbine components and functions
· Programming languages – C ,C++ , C#, JSON, CITECT etc.
· Wind farm/ Energy SCADA experience
· Security+, Network+ certifications
· Has successfully worked as manufacturing engineer or security consultant