Share this Job

Senior Cyber Security Analyst - Generation Operational and Communication Technology (S. Eastern VA)

Date: Mar 17, 2023

Location: RICHMOND, VA, US, 23219

Company: Dominion Energy

At Dominion Energy we love our jobs.  That’s right.  Love.  Every day we go to work filled with passion to be excellent, to creatively problem solve and to innovate.  These are exciting days for energy companies, and Dominion Energy aims to shape the future of energy in America. We are looking at all of our work with fresh eyes, retooling everything we do, in every part of the company, to operate more sustainably and to deliver energy more reliably than ever.  We are looking for interesting, independent thinkers and doers who can help shape the culture of a forward-looking company that’s proud of its rich legacy. Are you a change agent?  Do you think differently?  Do you want to fall in love with your job? If you answered “yes,” then read on!

At this time, Dominion Energy cannot transfer nor sponsor a work visa for this position.


Job Summary

Dominion Energy’s Power Generation Business Unit seeks a Generation Cyber Security Senior Analyst to support the Power Generation fleet (non-nuclear) with computer, communications, and network security in Operational Technology (OT) Industrial Control System (ICS) environments and ICS Cyber Security environments.

This position will have primary focus for a region of power stations in southeastern Virginia. The selected candidate will initially report to the Thomas F. Farrell II location in Richmond Virginia and later will relocate to a base office in southeastern Virginia.  The support responsibilities include offshore wind and will require GWO certification.

Job Summary & Responsibilities:

The successful candidate will be able to provide the support noted below in accordance with standards, best practices, and regulatory requirements, for the operating units and auxiliaries:

1.    Provide ongoing support for the Industrial Control System (ICS) cyber security systems and program.
2.    Administer and maintain cyber security systems deployed in protection of ICS/DCS/PLC assets, including asset inventory systems, change management, network intrusion detection, file security, anti-virus, whitelisting, SIEM, WSUS, and firewalls.  
3.    Follow policy, procedures, and Power Generation Corporate Cyber Security guidance. 
4.    Provide day to day monitoring, surveillance, and troubleshooting of cyber security systems.  
5.    Actively review, analyze, and investigate logs, events, and alerts for potential security breaches and follow incident response procedures.
6.    Serve as plant lead for cyber security event investigation in coordination with Incident Response Team.
7.    Implement cyber security architectures necessary to maintain the plant cyber security and compliance posture.
8.    Develop station or system specific procedures for review by the corporate Cyber Security and Regulatory personnel.
9.    Execute procedures for system maintenance, surveillance, and reporting.
10.    Deploy cyber security equipment patches and upgrades recommended by the Corporate Cyber Security Lead in accordance with policy and procedures. 
11.    Maintain current knowledge and awareness of cyber security best practices, industry trends, and regulatory requirements.
12.    Review industry guidance for cyber security, identify gaps in cyber security controls and recommend/implement technical or administrative solutions to remediate.  
13.    Review change management records and design change packages for cyber security compliance and impacts.  
14.    Make backups and ensure periodic validation of backups.
15.    Address and resolve ICS-CERT vulnerabilities in coordination with station personnel and Power Generation Regulatory Compliance (PGRC).
16.    Coordinate with Power Generation Corporate Cyber Security and IT for enterprise firewall rule change requests as needed.
17.    Perform physical computer and network switch modifications or replacement.
18.    Ensure system drawings and documentation are revised as needed.
19.    Verify that locally managed projects follow approved cyber security requirements and practices.  
20.    Perform other duties as assigned.

This position will provide paid relocation assistance and will reimburse for interview expenses.  A valid driver's license is required.

Required Knowledge, Skills, Abilities & Experience

1)    At least five years of experience in OT/IT cyber security, system administration, networks, firewalls, and management of Windows operating systems security - or - 7 years of a combination of this experience and ICS experience with a Bachelor’s degree (education & experience equivalency may be accepted).

2)    Must have ‘hands on’ experience/understanding with cyber security processes and technologies including:

•    Experience with security technologies such as network intrusion detection systems, logging and monitoring tools, antivirus tools, whitelisting, malware prevention, incident response tools, asset inventory systems, and security analytics platforms.
•    Incident analysis, root cause analysis, and problem resolution.
•    ICS networks and the differences from business IT systems when applying cyber security controls on OT systems.
•    Workstation and server security and protection.
•    Experience in security aspects of multiple platforms, operating systems, software, communications, and network architecture and topologies.
•    Experience with network devices (network switches, firewalls, routers).
•    OT security principles, technologies, best practices, and NIST ICS guidance.

Other requirements:

1)    Excellent analytical and problem-solving skills.  Ability to successfully work independently and in a team environment to identify errors, pinpoint root causes, and devise solutions with minimal oversight.
2)    Ability to coordinate multi-project assignments and manage deadlines. 
3)    Microsoft/Cisco system administration experience.
4)    Strong leadership and interpersonal skills.
5)    Strong verbal and written communication skills.

Preferred Skills

•    Systems Security Certified Practitioner (SSCP)
•    Certified Information System Security Professional (CISSP)
•    Familiarity with Industrial Control Systems / Programmable Electronic Systems (DCS and PLC) and third party datalink protocols (Modbus, DNP, ABPLC).

Education Requirements

Degree or an equivalent combination of education and demonstrated related experience may be accepted in lieu of preferred level of education; Bachelor of Engineering, Computer Science, or Information Systems.

Licenses, Certifications, or Quals Description

Systems Security Certified Practitioner (SSCP) preferred

Certified Information System Security Professional (CISSP) preferred

Working Conditions

Office Work Environment 76 -100%
Cold Up to 25%
Dust / Grease / Oil Up to 25%
Heat Up to 25%
Loud Noise Up to 25%
Operating Machinery Up to 25%
Travel 51-75%

Other Working Conditions

Test Description

No Testing Required


Export Control

Certain positions at Dominion Energy may involve access to information and technology subject to export controls under U.S. law.  Compliance with these export controls may result in Dominion Energy limiting its consideration of certain applicants.


Other Information

We offer excellent plans and programs for employees. Employees are rewarded with a competitive salary and comprehensive benefits package which may include: health benefits with coverage for families and domestic partners, vacation, retirement plans, paid holidays, tuition reimbursement, and much more.   To learn more about our benefits, click here

Dominion Energy is an equal opportunity employer and is committed to a diverse workforce. Qualified applicants will receive consideration for employment without regard to their protected veteran or disabled status.  

You can experience the excitement of our company – it's the difference between taking a job and starting a career.

Nearest Major Market: Richmond

Job Segment: Offshore Oil, Testing, Nuclear Engineering, Computer Science, Cisco, Energy, Technology, Engineering