ICS - Principal Field Service Engineer

Your Role and Responsibilities:

• Secure Operations Management: Enforce company policies and practices to ensure that all products and systems are compliant with cybersecurity standards. This is a hands-on role that actively participates in security operations. 

• Security Risk Assessment: Provide input for security risk assessments and compliance audits, identifying potential information and network security vulnerabilities. 

• Operational Incident Handling: Manage the detection, response, mitigation, and reporting of incidents within the environment. This role is responsible for hands-on incident resolution and actively participating in the incident response process. 

• Vulnerability Management: Participate in the IT vulnerability management program by classifying vulnerabilities, providing remediation guidance, and working with the team to prioritize and address vulnerabilities. 

• Compliance and Policy Enforcement: Ensure compliance with relevant cybersecurity compliance regulations. Execute company policies to maintain compliance. 

• Documentation: Document standard operating procedures and guidelines. Develop, maintain, and publish standards to mitigate risk and influence user behaviors. Assist in reviewing and documenting exceptions to security standards. 

• Security Technology Evaluation: Investigate and recommend security technologies and solutions to support secure development functions. 

• Technical Guidance: Provide technical guidance and consultation related to information security issues. This is a hands-on role that actively contributes to the resolution of security challenges. 

• Process Performance: Actively participate in security processes and procedures, ensuring their effectiveness and efficiency. 

• Weekly Meetings: Be an active member of secure development meetings, providing updates, insights, and participating in the decision-making process. 

• Travel up to 85%, typically when deploying systems to the field for installation and commissioning 

• Maintain in-depth knowledge of Westinghouse deployed solutions for cyber security and distributed control and information systems. 

• Professional interaction with WEC Customers. 

Required Technical and Professional Expertise:

• Bachelor's degree in a relevant field or associate’s degree and equivalent experience, coupled with high proficiency operating in Enterprise OT Security. 

• Proven experience in cybersecurity operations, risk assessment, and incident management, along with demonstrated supervisory experience. 

• Strong knowledge of cybersecurity best practices, compliance regulations, and industry standards. 

• Hands-on experience with security tools and technologies. 

• Excellent communication and teamwork skills. 

• Relevant certifications (e.g., CISSP, CISM, CompTIA Security+) are a plus. 

• Minimum 5+ Years of installation and troubleshooting experience in Operational Technology / Information Technology with 5* Years experience leading a large-scale cyber security program. typically, 10+ 

• Ability to be granted 10 CFR 73.56 Trustworthy and Reliability Clearance for US Nuclear Plant Entry 

• Professional certifications, such as CISSP, GIAC (GSTRT, GLEG, GSLC, GPEN), OSCP, or other applicable technical certifications showing area of expertise from qualified and reputable vendors and certification agencies. 

• Experience with interpreting Security Control & Program Frameworks such as NIST 800-53, NIST 800-82r2, 20 Critical controls, ISO 27001 & 27002, NEI-08-09, NEI 13-10 into Cybersecurity Program, Policy & Procedures. 

• Excellent team leadership, technical teamwork, written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and nontechnical audiences. 

• Strong risk analysis, risk management and proven experience in reducing risk to the organization. 

Preferred Technical and Professional Expertise:

• Familiarity with modern enterprise security practices both on-premises and Cloud. 

• Demonstrated internal team collaboration and external vendor management. 

• Demonstrated experience with VMWare and ESXi. 

• Familiarity with Rapid7 Vulnerability Management tools. 

• Familiarity with current and legacy Windows and Linux operating systems. 

• Demonstrated experience with Security Audit Assessments