Share this Job

Senior Cyber Security Analyst (ICS Penetration Testing)

Date: Oct 29, 2020

Location: RICHMOND, VA, US, 23219

Company: Dominion Energy

At Dominion Energy we love our jobs.  That’s right.  Love.  Every day we go to work filled with passion to be excellent, to creatively problem solve and to innovate.  These are exciting days for energy companies, and Dominion Energy aims to shape the future of energy in America. We are looking at all of our work with fresh eyes, retooling everything we do, in every part of the company, to operate more sustainably and to deliver energy more reliably than ever.  We are looking for interesting, independent thinkers and doers who can help shape the culture of a forward-looking company that’s proud of its rich legacy. Are you a change agent?  Do you think differently?  Do you want to fall in love with your job? If you answered “yes,” then read on!

At this time, Dominion Energy cannot transfer nor sponsor a work visa for this position.

This position does not offer relocation assistance. 

Job Summary

This is not your typical cyber role.  We’re looking for someone who can outsmart the best cyber criminals and nation state attackers in the world. Here are the details:
 

This role performs more complex cyber security activities, working closely with critical infrastructure business area partners to enhance and validate the cyber security posture of Industrial Control System (ICS) environments through the assessment of vulnerabilities, validation of monitoring and detection capabilities, and the development of recommendations.
 

Performs reconnaissance and research activities to determine internally and externally available information that can be used to facilitate unauthorized access to ICS environments. Performs product and technology research to understand application and network topologies, communication requirements, documented and undisclosed susceptibilities, and potential exploit mechanisms.
 

Utilizes a variety of software and hardware tools and techniques to discover available information, access paths into environments, evaluate the effectiveness of security controls and defenses, and determine optimum defenses against such activities. 
 

Works closely with the Cyber Security Operations Center (CSOC) to facilitate the creation of use cases to detect adversarial and reconnaissance activities and enhance monitoring capabilities.
 

Provides written summaries of findings and documents recommended actions in both executive summaries as well as detailed technical reports for system owners and operators.
 

Applies considerable understanding of IT technologies, evaluation of cyber security risks and attack vectors, and develops an evolving knowledge of mitigation options to assess the current threat landscape and improve ICS environment security. Consults with ICS subject matter experts and business representatives to provide input on cyber security decisions, the establishment of cyber security policies, and to foster security awareness.
 

Perform other duties as requested or assigned. 23261

23261

Required Knowledge, Skills, Abilities & Experience

Must possess at minimum of 5-7 years of work experience in cyber security, and/or extensive operational experience deploying and managing technologies and performing system hardening to protect environments from cyber threats. (Note:  A Master's degree will count as one year towards the experience requirement.  A partial year of six months or more will be rounded up to one year)
 

Specific knowledge, skills, abilities and experience include:
 

  • Demonstrated working knowledge in the identification, gathering and analysis of information, threats, etc. to investigate and mitigate security risks desirable but not required. Considerable knowledge of cyber security best practices and frameworks (ex. NIST 800-82, ANSI/ISA-62443-1-1, CIS 20, NIST Cyber Security Framework, NIST 800-53, etc.) and security controls.
  • Previous experience performing red team or other vulnerability assessment activities highly desirable.
  • Working knowledge of ICS cyber security standards or general ICS knowledge desirable. Demonstrated organization and planning skills, including time management, project coordination, and project management. Demonstrates excellent analytical, troubleshooting, and problem-solving skills, with a questioning attitude.
  • Demonstrated competency in verbal and written communication, with good presentation skills. An in-depth experience in security aspects of multiple platforms, operating systems, software, communications, and network protocols is strongly desired.
  • Highly motivated, with the ability to work effectively under minimal supervision in a fast-paced environment. Excellent analytical, troubleshooting, organizational, and problem-solving skills, to include time management, project coordination, and project management. Must be team-oriented, placing priority on quality and the successful completion of team goals.
  • Demonstrated competency in developing effective solutions to business problems, with the ability to understand customer’s business needs, analyze problems and make decisions. Demonstrated leadership of work teams or groups, with the ability to work with all levels of employees. Ability to handle multiple deadlines and associated pressures, is a self-starter, and to work independently.


Note:  This position requires in office work.  You must be willing to report to Dominion Energy's corporate headquarters in Richmond, Virginia.


Travel:  15-25%, including some overnight travel.


Note:  The Company is actively seeking United States military veterans and service members who meet the qualifications outlined below.

  • Military service members and veterans with ranks from E5-E9, W1-CW5, or O3-O6, plus appropriate equivalent combination of education and years of experience as outlined above.
Education Requirements

Education Level:  Degree or an equivalent combination of education and demonstrated related experience may be accepted in lieu of preferred level of education: Bachelor
 

Preferred Disciplines: Information System Security, Computer Science; Engineering; Information Systems
 

Other disciplines may be substituted for the preferred discipline(s) listed above.

Licenses, Certifications, or Quals Description

Security-related industry certifications desired (CISSP, GIAC, EC-Council, etc.)

Working Conditions
Office Work Environment 76 -100%
Travel Up to 25%
Other Working Conditions
Test Description

No Testing Required

 

Export Control


Certain positions at Dominion Energy may involve access to information and technology subject to export controls under U.S. law.  Compliance with these export controls may result in Dominion Energy limiting its consideration of certain applicants.

 

Other Information


We offer excellent plans and programs for employees. Employees are rewarded with a competitive salary and comprehensive benefits package which may include: health benefits with coverage for families and domestic partners, vacation, retirement plans, paid holidays, tuition reimbursement, and much more.   To learn more about our benefits, click here dombenefits.com.

Dominion Energy is an equal opportunity employer and is committed to a diverse workforce. Qualified applicants will receive consideration for employment without regard to their protected veteran or disabled status.  

You can experience the excitement of our company – it's the difference between taking a job and starting a career.


Nearest Major Market: Richmond

Job Segment: Information Systems, Computer Science, Testing, Project Manager, Technology, Research