Nov 28, 2022

Industrial Control System Specialist - Entry to Expert Level (MD Location)

  • National Security Agency
  • Fort Meade, MD, USA

Job Description

The National Security Agency (NSA) currently has opportunities for highly motivated Industrial Control System (ICS) Specialists/Engineers to provide expertise in the design, construction, commissioning, and operation of new and renovated electrical infrastructure. This position has two areas of focus, one within Design and Engineering (D&E) and the other with Operations and Maintenance (O&M). As an ICS Specialist/Engineer within D&E, you will work closely with multidisciplinary teams encompassing project managers, stakeholders, and contractors throughout the entirety of the project life-cycle, including close coordination with O&M. You will also be responsible for the development and review of designs, specifications, technical reports, and cost estimates for power monitoring and control of electrical infrastructure, energy management monitoring and control of mechanical infrastructure, and ICS cybersecurity. As an ICS Specialist/Engineer within O&M, you will work closely with ICS Specialists who support many facets of the Industrial Control Systems in the Facilities Control Center (FCC), which is a 24/7 operations center where facilities systems can be effectively monitored and maintained. The ICS team supports power monitoring and control, energy management monitoring and control, the transport network and various Information Technology (IT) and Operational Technology (OT) hardware, components, software, and applications to ensure a robust secure operation of the overall system. As an ICS Specialist/Engineer within Defense Critical Infrastructure, you will work in a team environment to evaluate the cybersecurity of control systems, identify vulnerabilities and threats, develop and implement mitigations in order to meaningfully improve the cybersecurity posture of these systems and reduce risk in DoD customers. You may also analyze and provide context to relevant threat intelligence data and reports in order to defend DoD systems. The range of control systems evaluated include, but are not limited to, the system listed below. Support for Industrial Control Systems require a variety of skills. The successful candidate shall have knowledge/skills in at least one of the following areas and the drive and passion to master many of these functions: - ICS Power Control - Provide support in the area of electrical power control and monitoring systems also known as Supervisory Control and Data Acquisition (SCADA) systems. The candidate should be knowledgeable about or interested in learning about electrical power systems, configuring Schweitzer protective relays, integrating power devices into Real-Time Automation Controllers (RTAC) as well as Programmable Logic Controllers (PLC) programming. Knowledge of the protocols used by these devices, including mirrored bits, Modbus, DNP3, and SNMP, is desired. - ICS Building Automation - Provide support to a variety of technical areas that include HVAC and chilled water distribution systems, coordination of utility outages that impact the ICS and to minimize disruptions to mission systems and support of the ICS installation and oversight of ICS commissioning. Knowledge or interest in learning about the field of building automation and the variety of components used by such systems is preferred. This includes devices such as Direct Digital Controls (DDC), DDC Logic, seniors, and end devices such as, but not limited to Variable Frequency Drives (VFD), dampers, actuators, and valves. - Networking Technologies - The candidate should be knowledgeable about or interested in learning about configuring and troubleshooting Cisco switches and routers. Knowledge of and experience in routing protocols, Port Security, Cisco Identity Services Engine (ISE), Domain Authentication, and VLANs is desired. Additionally, knowledge of best security practices is desired. - Firewalls - The candidate should be knowledgeable about or interested in learning about Cisco firewalls, including Firewall Management Center (FMC) for deployment and management of firewalls. - Information Technology (IT) Management - The candidate should be knowledgeable about or interested in learning about Microsoft Endpoint Configuration Manager (MECM), Microsoft Active Directory (AD), and similar tools used for managing access controls, patch deployments, configuring policies, troubleshooting application issues, and developing/deploying software images. - Network Security - The candidate should be knowledgeable about or interested in learning about multiple topics including, but not limited to, System Information and Event Management (SIEM), including creating anomalies alert dashboards; management of Antivirus (AV) and malware protection; access controls to include Identification, Authentication, Authorization, and Accountability (IAAA), as well as Multifactor Authentication (MFA); cybersecurity framework and policies; Network Discovery and asset management; Network Intrusion Prevention and Detection Systems (IPS/IDS); ICS/SCADA network protocol and vulnerability analysis; ICS/SCADA recovery & mitigation and signature development and implementation; and network penetration testing. A working knowledge of assessment and analytic tools and techniques is a plus. In addition, the candidate shall adapt work methods in response to new information, changing conditions, emergencies or unexpected challenges. Have the ability to articulate viewpoints and answers to customers, peers, and supervisors in an effective manner, both written and orally. Identify and analyze technical issues, report, document, and attend project status briefings. Knowledgeable with calendar scheduling, MS Outlook, MS Word/Excel and office equipment such as copiers, printers and scanners.

NSA is growing by leaps and bounds and is in need of skilled/experienced Facilities and Logistics professionals. One of those needs is for highly motivated Industrial Control System (ICS) Specialists/Engineers to join the Design and Engineering team, Operations and Management team, and Defense Critical Infrastructure Division in order to ensure the proper operation and cybersecurity of NSA's and Department of Defense (DoD) ICS, often from concept to operation.

The qualifications listed are the minimum acceptable to be considered for the position. Degree must be in Systems and Controls or Control and Instrumentation, or related field (e.g., Computer Science, Electrical Engineering, Mechanical Engineering, Network Engineering, Information Technology, Cybersecurity, Computer Security). Relevant experience must be in industrial control systems, or in the operation, maintenance, design, or modification of facilities. ENTRY/DEVELOPMENTAL Entry is with a Bachelor's degree and no experience. An Associate's degree plus 2 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position. FULL PERFORMANCE Entry is with a Bachelor's degree plus 3 years of relevant experience, or a Master's degree plus 1 year of relevant experience, or a Doctoral degree and no experience. An Associate's degree plus 5 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position. SENIOR Entry is with a Bachelor's degree plus 6 years of relevant experience, or a Master's degree plus 4 years of relevant experience, or a Doctoral degree plus 2 years of relevant experience. An Associate's degree plus 8 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position. EXPERT Entry is with a Bachelor's degree plus 9 years of relevant experience, or a Master's degree plus 7 years of relevant experience, or a Doctoral degree plus 5 years of relevant experience. An Associate's degree plus 11 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position.

The ideal candidate demonstrates the following: - Problem Solving - Interpersonal Skills - Partnering - Customer Service - Accountability - Continual Learning - Resilience - Effective Communication Knowledge and experience in one or more of the following is desired: - Reliable power distribution design (high voltage, medium voltage, low voltage) - Substation and generators plant relay protection and control systems - Codes and standards (NFPA, IEEE, etc.) - Technical modeling and simulation software packages (AutoCAD, ETAP, SKM, EasyPower, PowerWorld, etc.) - Cost estimating - Commissioning: Factory witness testing, functional performance testing, and integrated system testing - Building Automation System programming control logic - Creating and modifying Building Automation System graphics - Third party integration via BACnet/Modbus protocols - Managing and securing network infrastructure (e.g. port security, certificate management, etc.) - Applying concepts, principles, and methods for network connectivity (e.g. routing, switching, tunneling, and IP addressing) - Configuring, maintaining, and troubleshooting firewalls and access control lists. - Implementing, configuring, and sustaining computer security (e.g. Active Directory, Domain Policies, Patch Deployment, Antivirus, and Allowlisting) - Employing Secure Technical Implementation Guidance (STIG) and government security standards. - Configuring and supporting Schweitzer Real Time Automation Controllers (RTAC) - Evaluating and documenting PLC programs for electrical power control - Creating and modifying graphics and points SCADA systems - Electrical power systems, metering, protection, and control devices - Assisting project teams throughout the project's lifecycle - Configuring firewall rulesets and troubleshooting issues. - Computer network defense and forensic capability awareness and use - Industrial Control Systems network defense experience a plus - Red and Blue team activities - Computer network monitoring and forensic experience

Salary offers are based on candidates' education level and years of experience relevant to the position and also take into account information provided by the hiring manager/organization regarding the work level for the position. On-the job training, Internal NSA courses, and external training will be made available based on the need and experience of the selectee. Salary Range: $74,682 - $176,300 (Entry, Full Performance, Senior, Expert) Work Schedule: This is a full-time position, Monday - Friday, with basic 8 hour/day work requirements between 0600 and 1800 (flexible).