Maintaining the operational integrity and availability of systems is paramount to the cooperative being able to conduct its business. The Cyber Security Specialist (CSS):
Monitors GSEC systems, networks and data for indicators of abnormal or suspicious activity
Handling of Cyber Security incidents, investigations, and analysis
Produces polices, procedures, and other documentation in support of strategy and audit requirements to include:
NERC CIP Policies
Standard Operating Procedures (SOPs)
Provides real-time response and cybersecurity actions
Produces reports and provides real-time status on open incident, vulnerabilities and cyber posture
The CSS will execute on planned CIP strategies, policies, and documentation efforts and is responsible for managing projects and tasks within their areas of responsibility, developing and coordinating work plans and schedules dependent upon available resources.
The CSS is responsible for:
Implementing mature security process and workflow management for incident identification, triage, response and remediation across GSEC.
Providing cybersecurity training to employees, enhances organizational threat and vulnerability awareness, and provides security help desk support.
Conducting cyber risk assessments and audits of GSEC networks and systems, addressing gaps with GSEC security tools and methods, and deploying or suggesting countermeasures necessary to mitigate threats and vulnerabilities to GSEC IT networks and systems.
Conducts access management audits as per NERC CIP
Regular review of the Security Operations Center (SOC) NERC CIP responsibilities
The CSS is part of a team responsible for maintaining the confidentiality, integrity and availability of GSEC systems, data and services and assists other security team members with their assigned responsibilities as necessary and appropriate.
Performance outcome 1: Audit and Compliance
Ensure that appropriate controls exist, that processing is efficient and accurate, and that information systems procedures are in compliance with regulations and standards including NERC-CIP
Research and understand the direction that the federal government and other regulatory bodies are going, in terms of audit and technical requirements, to ensure future compliance.
Conduct regular cyber security audits for both best practice and NERC CIP requirements
Performance outcome 2: Continuous Monitoring and Vulnerability Identification
Leverage the GSEC suite of tools to Identify, Protect, Detect, Respond, and Recover from cybersecurity incidents.
Monitor the AlienVault, Tenable, Tripwire, and other reports to the SOC each day. Triage these reports and update the IT Security Manager as to any anomalies, incidents, or failures that have taken place which helps satisfy numerous NERC CIP requirements and is part of day-to-day operations in the SOC.
Evaluate and recommend security products, services and/or procedures to enhance productivity and effectiveness of continuous monitoring
Regularly assess and inventory the current technology assets to ensure that each are deployed and maintained in accordance with GSEC policies and industry best practices
Performance outcome 3: Training and Awareness
Develop and execute the cyber security awareness program to ensure staff and members across the organization understand the trade-off between risk and return.
Complete and maintain an Audit of NERC CIP Training and Awareness requirements for those who have access to CIP Restricted Information
Assess and create better awareness of the cyber security training areas of improvement within the staff.
Create education opportunities for interested staff to increase their knowledge of cyber security. This includes quarterly cyber security bulletins.
Push for cyber security best practices to be institutionalized within technical and non-technical staff alike.
Educates decision makers on the cyber security risks that a new technology, application, or system introduces to the cooperative.
Provide expertise with regards to the latest trends, attack vectors, and mitigation tools and technologies to ensure proper security controls are in place for access management.
Performance outcome 4: Reporting
Establish security metrics and provide scheduled reports.
Ensure that all SOC Reporting satisfies the NERC CIP requirements
Create after-action-reports following live incidents and exercises
Direct the design, development, editing and dissemination of timely and actionable cybersecurity information to diverse communities and audiences, such as cross-cooperative committees.
Facilitate the rapid and secure exchange, preservation and analysis of cybersecurity information used to identify, respond to, and prevent information system compromises.
Lead an effort to participate in information awareness through incident reporting agencies such as US-CERT, and other critical infrastructure cyber incident reporting organizations.
Performance outcome 5: Policy/Procedure
Development and implementation of policies, plans, and procedures to ensure the reliable, safe and secure operation of information systems and networks in the delivery of all digital services within the Corporate and NERC CIP environments to include:
Security Operations Center (SOC) Concept of Operations
Cyber Security Policy
Patch Management Plan
Visitor Access Control Plan
Physical Security Management Plan.
Information Protection Plan
Reuse and Disposal Plan
Change and Configuration Management Plan
Incident Response Plan
Ports and Services Management Plan
System Access Control Plan
Malicious Code Policy
Electronic Access Plan
Cyber Security Awareness and Training
Access Management documents.
Regular audit assistance ensuring these plans are implemented properly and are compliant with the latest NERC CIP guidance.
Performance outcome 6: Technology
Evaluate and recommends security products, services and/or procedures to enhance productivity and effectiveness.
Regularly assess and inventory the current technology assets to ensure that each are deployed, maintained, and backed up with a security mindset.
Complexity of Problems:
Must have the ability to work both independently or as part of a group with diverse backgrounds, skills, and have strong, positive interpersonal communication ability
Strong time management and organizational skills are essential
Must have the ability to handle multiple tasks and projects while meeting deadlines
Must be able to accurately analyze complex technical issues and provide recommendations that could impact the strategic direction of GSEC.
Internal and External Contacts:
Internal contacts will include participation in teams with employees across multiple departments.
External contacts will include outside consultants, vendors, contractors, and federal assessment teams.
Education, Knowledge, and Experience Required:
Bachelor’s degree in Cyber Security, or a related field
Ten or more years of relevant experience
Certified IT Security professional certificate(s) or relative experience.
Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA) or equivalent
Experience with NERC CIP or other federal audits
Ability to communicate effectively, both in writing and verbally with internal employees, external consultants, and vendors
Experience in law enforcement and/or national security is highly relevant
Knowledge of national and international regulatory compliances and frameworks such as the NIST Cybersecurity Framework, NIST 800-53, ISO, COBIT, and NERC CIP
Professional experience working in a Security Operations Center or as part of a Cyber Incident Response Team (CERT)
Demonstrated ability to develop IT security standards and procedures
Exempt, Overtime may be required.
Preferable location is Amarillo, but location is negotiable
About Golden Spread Electric Cooperative, Inc.
Golden Spread Electric Cooperative, Inc. is a tax-exempt, consumer-owned public utility, organized in 1984 to provide low cost, reliable electric service for its rural distribution cooperative members.
Its 16 Member systems provide service to approximately 282,000 member-consumers located in the Oklahoma Panhandle and an area covering 24 percent of Texas land area including the Panhandle, South Plains and Edwards Plateau Regions.
Golden Spread owns Mustang Station, a 480 megawatt, a gas-fueled, combined cycle generating plant located near Denver City, Texas, as well as Mustang Station Units 4, 5 and 6, two 150 megawatt combustion turbine-generators and one 163 megawatt combustion turbine-generator with inlet chilling located at the Mustang Station site. In 2011 Golden Spread added to its generating fleet Antelope Station, a 168 megawatt generating facility made up of 18 quick start engines located near Abernathy, Texas, and Golden Spread Panhandle Wind Ranch, a 78 megawatt wind facility made up of 34 wind turbines located near Amarillo, Texas. In 2014 and 2015 Golden Spread expanded its generation capacity further by adding 3 GE combustion turbines at Antelope Station, which... was re-branded the Antelope Elk Energy Center with the installation of Elk Units 1, 2, and 3, capable of producing a combined 606 megawatts.