Sr Analyst, Cyber Security Analyst - Colorado - City of Fort Collins

 

Job description

The City of Fort Collins Information Technology Department has an outstanding opportunity for an experienced Operational Technology (OT) Cybersecurity Analyst to focus on maintaining, monitoring, and hardening the City’s secure operational networks and devices. This position will report directly to the IT Senior Manager and will work with numerous other technology professionals and customers in the support of the City's operational technology portfolio.

The Operational Technology Cybersecurity Analyst is a subject matter expert responsible to secure Fort Collins’ OT systems and environments and to ensure that OT cyber risk is assessed, managed and reported regularly and consistently. OT systems and environments include electric SCADA, substations, water SCADA, pumping stations, control points, other City OT environments, and the associated networks and communications. This person will be accountable to ensure that OT cybersecurity is managed appropriately according to security best practices and industry standards and frameworks. Your resume and application need to demonstrate that:

  • You understand cybersecurity controls, frameworks, and have experience applying those controls and frameworks to OT systems

  • You can develop long-term strategies for protecting the OT infrastructure

  • You have managed internal and external audits and can assess risk

  • You have monitored systems, logs, and threat-level intelligence

  • You have assisted in incident response and mitigation

  • Responsible for recommending and potentially initiating and managing vulnerability and patching programs for OT systems and environments

  • You stay current with industry advances in technology and cybersecurity

  • You work well with peers and management in a team environment

  • You solve problems

  • You are adept at teaching and mentoring

Because this position will be working on the City’s secure OT systems, you need to demonstrate current technical competencies in:

  • MS Windows applications, including Visio

  • Network hardware such as switches and routers

  • Cybersecurity hardware such as firewalls, IPS/IDS, and SIEM

  • Operational technology systems

  • Security frameworks such as the NIST Cybersecurity Framework, American Water Works Association (AWWA) security controls and industry best practices as recommended by NIST, and American Public Power Association (APPA)

  • Security policies, practices and procedures across all five NIST Cybersecurity Functions: Identify, Protect, Detect, Respond and Recover.

  • Privacy assessment and security controls 

ESSENTIAL DUTIES AND RESPONSIBILITIES

The following duties and responsibilities are illustrative of the primary functions of this position and are not intended to be all inclusive. 

  • Accountable for inventorying OT systems and understanding the current state of cybersecurity controls

  • Responsible for assisting in developing, managing, and implementing the OT cybersecurity roadmap as part of the overall Utilities cybersecurity initiative

  • Accountable for initiating and completing Threat Risk Assessments (TRAs) of current and planned OT systems as part of Systems Development Life Cycle project management and change management

  • Responsible for monitoring OT threat level intelligence and log information

  • Responsible for assisting in OT cyber risk mitigation

  • Responsible for scheduling and performing OT security testing such as vulnerability assessments and social engineering

  • Responsible for recommending and potentially initiating and managing vulnerability and patching programs for OT systems and environments

  • Responsible for hardening OT devices in coordination with the OT teams and IT

  • Responsible for developing and maintaining a cybersecurity risk register and align the cyber risks with the City's enterprise risk management

  • Accountable for reporting of the OT cyber risk posture

  • Accountable for developing OT procedures based on City standards

  • Responsible for guiding and working with IT and other utility staff to implement security patches as applicable

  • Responsible for supporting other functions and departments as applicable (e.g., smart metering, Platte River Power Authority)

  • Responsible for training and assisting technical staff in cybersecurity techniques and applications

  • Responsible for creating reports as applicable

  • Accountable for managing vendors who provide OT cybersecurity technical support

  • Responsible for staying current with industry advances in technology and cybersecurity

QUALIFICATIONS

The requirements listed below are representative of the knowledge, skills, and abilities required to perform the essential functions of this position. 

KNOWLEDGE, SKILLS, AND ABILITIES

  • Proficient in MS Windows applications

  • Knowledge and experience in networking environments and communications

  • Hands-on knowledge and experience in OT and enterprise cybersecurity

  • Hands-on knowledge and experience with firewalls, intrusion detection / protection and Security Information & Event Management (SIEM) systems

  • Knowledge and experience with web technologies

  • Knowledge and experience with security frameworks such as the NIST Cybersecurity Framework, American Water Works Association (AWWA) security controls and industry best practices as recommended by NIST, and American Public Power Association (APPA)

  • Experience in security policies, practices and procedures across all five NIST Cybersecurity Functions: Identify, Protect, Detect, Respond and Recover.

  • Experience in privacy assessment and security controls

  • Ability to communicate effectively orally and in writing, and ability to convey complex technical information in an understandable manner

  • Self-motivated, strong self-initiative

  • Strong team skills with experience in problem solving in IT and OT environments

EDUCATION and/or EXPERIENCE

Bachelor's degree in engineering (electrical, industrial, process control), computer science or related field from an accredited college or university plus five years of related experience; or equivalent combination of education and experience. Security and/or networking certifications, such as from Cisco, CompTIA, or ISC2, or related industry certifications, are desirable.

Previous article Cyber Security Analyst - CO, US - Peraton
Next article Cyber Security Analyst - Sacramento, CA, US - Recology