Industrial Control System Specialist - Entry to Expert Level (MD Location)

National Security Agency   Fort Meade, MD   Full-time     Engineering
Posted on November 18, 2022
Apply Now
The National Security Agency (NSA) currently has opportunities for highly motivated Industrial Control System (ICS) Specialists/Engineers to provide expertise in the design, construction, commissioning, and operation of new and renovated electrical infrastructure. This position has two areas of focus, one within Design and Engineering (D&E) and the other with Operations and Maintenance (O&M). As an ICS Specialist/Engineer within D&E, you will work closely with multidisciplinary teams encompassing project managers, stakeholders, and contractors throughout the entirety of the project life-cycle, including close coordination with O&M. You will also be responsible for the development and review of designs, specifications, technical reports, and cost estimates for power monitoring and control of electrical infrastructure, energy management monitoring and control of mechanical infrastructure, and ICS cybersecurity. As an ICS Specialist/Engineer within O&M, you will work closely with ICS Specialists who support many facets of the Industrial Control Systems in the Facilities Control Center (FCC), which is a 24/7 operations center where facilities systems can be effectively monitored and maintained. The ICS team supports power monitoring and control, energy management monitoring and control, the transport network and various Information Technology (IT) and Operational Technology (OT) hardware, components, software, and applications to ensure a robust secure operation of the overall system. As an ICS Specialist/Engineer within Defense Critical Infrastructure, you will work in a team environment to evaluate the cybersecurity of control systems, identify vulnerabilities and threats, develop and implement mitigations in order to meaningfully improve the cybersecurity posture of these systems and reduce risk in DoD customers. You may also analyze and provide context to relevant threat intelligence data and reports in order to defend DoD systems. The range of control systems evaluated include, but are not limited to, the system listed below. Support for Industrial Control Systems require a variety of skills. The successful candidate shall have knowledge/skills in at least one of the following areas and the drive and passion to master many of these functions: - ICS Power Control - Provide support in the area of electrical power control and monitoring systems also known as Supervisory Control and Data Acquisition (SCADA) systems. The candidate should be knowledgeable about or interested in learning about electrical power systems, configuring Schweitzer protective relays, integrating power devices into Real-Time Automation Controllers (RTAC) as well as Programmable Logic Controllers (PLC) programming. Knowledge of the protocols used by these devices, including mirrored bits, Modbus, DNP3, and SNMP, is desired. - ICS Building Automation - Provide support to a variety of technical areas that include HVAC and chilled water distribution systems, coordination of utility outages that impact the ICS and to minimize disruptions to mission systems and support of the ICS installation and oversight of ICS commissioning. Knowledge or interest in learning about the field of building automation and the variety of components used by such systems is preferred. This includes devices such as Direct Digital Controls (DDC), DDC Logic, seniors, and end devices such as, but not limited to Variable Frequency Drives (VFD), dampers, actuators, and valves. - Networking Technologies - The candidate should be knowledgeable about or interested in learning about configuring and troubleshooting Cisco switches and routers. Knowledge of and experience in routing protocols, Port Security, Cisco Identity Services Engine (ISE), Domain Authentication, and VLANs is desired. Additionally, knowledge of best security practices is desired. - Firewalls - The candidate should be knowledgeable about or interested in learning about Cisco firewalls, including Firewall Management Center (FMC) for deployment and management of firewalls. - Information Technology (IT) Management - The candidate should be knowledgeable about or interested in learning about Microsoft Endpoint Configuration Manager (MECM), Microsoft Active Directory (AD), and similar tools used for managing access controls, patch deployments, configuring policies, troubleshooting application issues, and developing/deploying software images. - Network Security - The candidate should be knowledgeable about or interested in learning about multiple topics including, but not limited to, System Information and Event Management (SIEM), including creating anomalies alert dashboards; management of Antivirus (AV) and malware protection; access controls to include Identification, Authentication, Authorization, and Accountability (IAAA), as well as Multifactor Authentication (MFA); cybersecurity framework and policies; Network Discovery and asset management; Network Intrusion Prevention and Detection Systems (IPS/IDS); ICS/SCADA network protocol and vulnerability analysis; ICS/SCADA recovery & mitigation and signature development and implementation; and network penetration testing. A working knowledge of assessment and analytic tools and techniques is a plus. In addition, the candidate shall adapt work methods in response to new information, changing conditions, emergencies or unexpected challenges. Have the ability to articulate viewpoints and answers to customers, peers, and supervisors in an effective manner, both written and orally. Identify and analyze technical issues, report, document, and attend project status briefings. Knowledgeable with calendar scheduling, MS Outlook, MS Word/Excel and office equipment such as copiers, printers and scanners.
The ideal candidate demonstrates the following: - Problem Solving - Interpersonal Skills - Partnering - Customer Service - Accountability - Continual Learning - Resilience - Effective Communication Knowledge and experience in one or more of the following is desired: - Reliable power distribution design (high voltage, medium voltage, low voltage) - Substation and generators plant relay protection and control systems - Codes and standards (NFPA, IEEE, etc.) - Technical modeling and simulation software packages (AutoCAD, ETAP, SKM, EasyPower, PowerWorld, etc.) - Cost estimating - Commissioning: Factory witness testing, functional performance testing, and integrated system testing - Building Automation System programming control logic - Creating and modifying Building Automation System graphics - Third party integration via BACnet/Modbus protocols - Managing and securing network infrastructure (e.g. port security, certificate management, etc.) - Applying concepts, principles, and methods for network connectivity (e.g. routing, switching, tunneling, and IP addressing) - Configuring, maintaining, and troubleshooting firewalls and access control lists. - Implementing, configuring, and sustaining computer security (e.g. Active Directory, Domain Policies, Patch Deployment, Antivirus, and Allowlisting) - Employing Secure Technical Implementation Guidance (STIG) and government security standards. - Configuring and supporting Schweitzer Real Time Automation Controllers (RTAC) - Evaluating and documenting PLC programs for electrical power control - Creating and modifying graphics and points SCADA systems - Electrical power systems, metering, protection, and control devices - Assisting project teams throughout the project's lifecycle - Configuring firewall rulesets and troubleshooting issues. - Computer network defense and forensic capability awareness and use - Industrial Control Systems network defense experience a plus - Red and Blue team activities - Computer network monitoring and forensic experience
Salary offers are based on candidates' education level and years of experience relevant to the position and also take into account information provided by the hiring manager/organization regarding the work level for the position. On-the job training, Internal NSA courses, and external training will be made available based on the need and experience of the selectee. Salary Range: $74,682 - $176,300 (Entry, Full Performance, Senior, Expert) Work Schedule: This is a full-time position, Monday - Friday, with basic 8 hour/day work requirements between 0600 and 1800 (flexible).
NSA is growing by leaps and bounds and is in need of skilled/experienced Facilities and Logistics professionals. One of those needs is for highly motivated Industrial Control System (ICS) Specialists/Engineers to join the Design and Engineering team, Operations and Management team, and Defense Critical Infrastructure Division in order to ensure the proper operation and cybersecurity of NSA's and Department of Defense (DoD) ICS, often from concept to operation.
U.S. Citizenship is required for all applicants. NSA is an equal opportunity employer and abides by applicable employment laws and regulations. All applicants and employees are subject to random drug testing in accordance with Executive Order 12564. Employment is contingent upon successful completion of a security background investigation and polygraph. Due to time sensitive communications regarding your application, please ensure your spam filters are configured to accept email from Please review the job posting thoroughly to ensure you meet the described qualifications and are aware of all associated requirements. To apply for this position, please click the 'Apply' button located at the top right of this posting. After completing the application for the first time, or reviewing previously entered information, and clicking the 'Submit' button, you will receive a confirmation email. We encourage you to apply as soon as possible, as job postings could close earlier than the closing date due to sufficient number of applicants, or the position is no longer available. You may be asked a series of questions depending on the position you apply for. Your responses will be used as part of the application screening process and will assist in determining your eligibility for the position. Be sure to showcase within your resume those experiences relevant to this position. Failure to provide the required information or providing inaccurate information will result in your application not being considered for this position. Only those applicants who meet all position qualifications, may be contacted to begin employment processing. Please remain diligent in monitoring email and your SPAM folder. Reasonable accommodations may be provided to applicants with disabilities during the application and hiring process where appropriate. Please visit our Diversity link for more information. This position is a Defense Civilian Intelligence Personnel System (DCIPS) position in the Excepted Service under 10 U.S.C. 1601. DoD Components with DCIPS positions apply Veterans' Preference to eligible candidates as defined by Section 2108 of Title 5 USC, in accordance with the procedures provided in DoD Instruction 1400.25, Volume 2005, DCIPS Employment and Placement. If you are a veteran claiming veterans' preference, as defined by Section 2108 of Title 5 U.S.C., you may be asked to submit documents verifying your eligibility.
DCIPS Disclaimer
The National Security Agency (NSA) is part of the DoD Intelligence Community Defense Civilian Intelligence Personnel System (DCIPS). All positions in the NSA are in the Excepted Services under 10 United States Codes (USC) 1601 appointment authority.