TECO Energy
Cyber Security Analyst Progression
Our people power everything we do. At Tampa Electric, dependable electricity starts with dedicated individuals whose talent, skill and passion drive our success. We've been lighting the way for West Central Florida for more than 125 yearsand we're just getting started. Join us and build a rewarding career with competitive pay, comprehensive benefits and a culture that supports your growth. Your potential finds its purpose at Tampa Electric. We proudly deliver 99.98% electric service reliability to nearly 860,000 customers across 2,000 square miles of Hillsborough County and parts of Polk, Pasco and Pinellas counties. Through innovation and strategic investments, we're creating a cleaner, brighter energy futurewhile delivering exceptional service every step of the way. We reflect the communities we serve and foster a workplace where every employee feels welcomed, valued and engaged. Join our team of energy experts and help shape the future of power. Storm Duty Requirements Tampa Electric and its sister companies serve a role in providing critical services to our community during an emergency. Team members are required to participate in the response/recovery activities related to emergencies/disasters to maintain service to our Tampa Electric customers. Team members are required to work in their normal job duties or other assigned activities. Proper compensation will be made in accordance with the company's rules and procedures. Responding to storms will be considered a condition of employment. Tampa Electric is proud to be an Equal Opportunity Employer. To learn more, please click on link below: Disclosure Statements Title: Cyber Security Analyst Progression Company: Tampa Electric Company State and City: Florida - North Ruskin Shift: 8 Hr. X 5 Days Cyber Security Analyst Level 1
The Cyber Security Analyst Operational Technology (OT) is responsible for maintaining the security and integrity of operational technology systems through routine cybersecurity maintenance activities. Manages and continuously improves the asset inventory database to ensure accurate visibility and tracking of the operational technology. Supports the development and implementation of the organization's OT Cybersecurity program and framework, aligning activities with industry standards and regulatory requirements. Collaboration with cross-functional teams ensures consistent application of security controls and continuous improvement of cybersecurity posture. Cyber Security Analyst Sr Level 2
The Cyber Security Analyst Sr is responsible for addressing Operation Technology (OT) vulnerabilities by taking the appropriate corrective action or following the appropriate escalation procedures, assessing threat landscape, confirming for secure configuration of Tampa Electric's OT assets, identifying vulnerabilities applicable to the OT components and developing the remediation plans. Develop cybersecurity maintenance procedures and enforce OT cybersecurity framework and standards, evaluate IT related needs of OT environment and team members, and identify cybersecurity awareness gaps. Evaluate OT cyber assets and assign criticality rating to cyber assets and develop remediation plan for gaps in compliance of the systems with the OT cybersecurity program. Has increased responsibilities in security intelligence monitoring, incident response, and development of cybersecurity maintenance procedures. May serve as a project lead and mentor Cyber Security Analyst. Works under general supervision. Cyber Security Analyst Lead Level 3
The Cyber Security Analyst Lead is responsible for maintaining and improving OT cybersecurity framework and standards, reviewing cybersecurity maintenance procedures and threat landscape assessment, implementing vulnerability management technologies and vulnerability remediation plans. Lead will facilitate asset criticality evaluation process, maintain cybersecurity maintenance schedule, and train staff. Lead will maintain and improve the OT cybersecurity program, ensuring its alignment with the latest industry standards (NERC, NIST), build cross departmental ITOT collaboration, educate team members the latest cybersecurity industry trends. Has increased responsibilities in evaluating industry standards and adopting them into cybersecurity controls. May serve as a project lead and mentor to other department team members. Level 1: Duties and Responsibilities
Identifies cybers assets, examines and extracts asset configuration, updates the OT cyber asset database to protect operational technology. Installs security patches, updates antivirus definitions, and creates system backups. Collects, maintains, updates baselines of the operational systems, updates cybersecurity SharePoint site for stakeholder engagement. Reviews the releases of new CVEs from external sources for applicability to operational assets regularly. Assists OT team l with IT-related work: software and hardware of HMIs and network appliances, remote connectivity. Level 2: Duties and Responsibilities
Evaluates network architecture, system configuration, and external connection layout to ensure compliance of operational technology systems with cybersecurity program. Reviews vendor manuals, training materials, industry standards, and develops cybersecurity maintenance procedures. Provides activities planning guidance, feedback on work completed, and training to Cybersecurity Analysts. Evaluates new CVEs for applicability to OT cyber assets. Level 3: Duties and Responsibilities
Translate all applicable standards (NERC CIP, NIST CSF, NIST 800-53, etc.) into appropriate systemic and procedural solutions. Review, revise, and update Energy Supply's operational technology cybersecurity standards and procedures. Evaluate the Energy Supply's operational technology systems and coordinate necessary actions to maintain compliance with applicable internal and regulatory standards. Develop management responses to internal and external government and regulatory audits and data requests with respective management and team members. Review operational technology cyber asset management process. Train and educate team members and facilitate ITOT collaboration. Education: Level 1, 2 and 3
Required: High School Diploma or equivalent. Preferred: Bachelor's Degree in Computer Science, Information Systems, or other IT related discipline. Licenses/Certifications: Level 1, 2 and 3
Required: From the list of certification vendors, one related Information Security professional certification or ability to obtain via self-study within one year of hire date (ex: CISCO, (ISC)2, GIAC, ISA, ISACA, CompTIA, e-Council, etc.). Preferred: three or more of the following or similar Information Security professional certifications (ex: ACE, CCE, CAP, CEH, CCNA, CCNP, CISA, CISM, CISSP, CRISC, EnCE, GCCC, GCDA, GCED, GCFA, GCFE, GCIA, GCIH, GCWN, GICSP, GMON, GNFA, GPEN, GPPA, GREM, GWAPT, GXPN, OSCP, SSCP). Experience:
Level 1: Required: 5 years of related Cyber Security, industrial automation, IT, OT, or Technical (hands-on networking, telecommunications [radios, satellites, communications, etc.], hardware, software) experience. May consider 2 years related experience with an Associate's Degree or 1 year related experience with a Bachelor's Degree in Computer Engineering/Science, Cybersecurity, Information Systems, or other IT related discipline. Level 2: Required: 6 years of related Cyber Security, industrial automation, IT, OT, or Technical (hands-on networking, telecommunications [radios, satellites, communications, etc.], hardware, software) experience. May consider 4 years related experience with an Associate's Degree or 3 year related experience with a Bachelor's Degree in Computer Science, Information Systems or other IT related discipline. Level 3: Required: 8 years of related Cyber Security, industrial automation, IT, OT, or Technical (hands-on networking, telecommunications [radios, satellites, communications, etc.], hardware, software) experience. May consider 4 years related experience with an Associate's Degree or 2 years related experience with a Bachelor's Degree in Computer Science, Information Systems or other IT related discipline. Level 1: Knowledge/Skills/Abilities
Required: Basic knowledge of industrial automation (ABB, Allen Bradley, Emerson, GE, Siemens) or basic knowledge of major operating system security (Windows, Mac OS, Linux/Unix), endpoint, server, and network security. Basic knowledge of major security systems and functions for incident response, monitoring and forensic activities: Firewalls, IDS/IPS, Antivirus/Antimalware, SIEM, Incident Response, Threat Prevention, Web/Application Control Filtering, Email Filtering, NetFlow Analysis, Endpoint Security, Configuration and Change Management, File Integrity Monitoring, and DLP. Basic knowledge of log, network, and system forensic investigation techniques. Basic working knowledge of networking protocols and systems administration. Basic working knowledge of identifying and capturing indicators of compromise and methods for detecting them within incidents. Basic working knowledge with packet analysis and malware analysis. Basic working knowledge of the processes that ensure compliance with regulatory or industry requirements such as NERC CIP, SOX and PCI. Good analytical and risk assessment skills and strong listening, written and computer communication skills for reporting and auditing purposes. Preferred: Performing cybersecurity maintenance activities: applying patches, updating antivirus signatures, creating system backups. Configuring network appliances Troubleshooting network communications Supporting compliance audits Designing, implementing,
Our people power everything we do. At Tampa Electric, dependable electricity starts with dedicated individuals whose talent, skill and passion drive our success. We've been lighting the way for West Central Florida for more than 125 yearsand we're just getting started. Join us and build a rewarding career with competitive pay, comprehensive benefits and a culture that supports your growth. Your potential finds its purpose at Tampa Electric. We proudly deliver 99.98% electric service reliability to nearly 860,000 customers across 2,000 square miles of Hillsborough County and parts of Polk, Pasco and Pinellas counties. Through innovation and strategic investments, we're creating a cleaner, brighter energy futurewhile delivering exceptional service every step of the way. We reflect the communities we serve and foster a workplace where every employee feels welcomed, valued and engaged. Join our team of energy experts and help shape the future of power. Storm Duty Requirements Tampa Electric and its sister companies serve a role in providing critical services to our community during an emergency. Team members are required to participate in the response/recovery activities related to emergencies/disasters to maintain service to our Tampa Electric customers. Team members are required to work in their normal job duties or other assigned activities. Proper compensation will be made in accordance with the company's rules and procedures. Responding to storms will be considered a condition of employment. Tampa Electric is proud to be an Equal Opportunity Employer. To learn more, please click on link below: Disclosure Statements Title: Cyber Security Analyst Progression Company: Tampa Electric Company State and City: Florida - North Ruskin Shift: 8 Hr. X 5 Days Cyber Security Analyst Level 1
The Cyber Security Analyst Operational Technology (OT) is responsible for maintaining the security and integrity of operational technology systems through routine cybersecurity maintenance activities. Manages and continuously improves the asset inventory database to ensure accurate visibility and tracking of the operational technology. Supports the development and implementation of the organization's OT Cybersecurity program and framework, aligning activities with industry standards and regulatory requirements. Collaboration with cross-functional teams ensures consistent application of security controls and continuous improvement of cybersecurity posture. Cyber Security Analyst Sr Level 2
The Cyber Security Analyst Sr is responsible for addressing Operation Technology (OT) vulnerabilities by taking the appropriate corrective action or following the appropriate escalation procedures, assessing threat landscape, confirming for secure configuration of Tampa Electric's OT assets, identifying vulnerabilities applicable to the OT components and developing the remediation plans. Develop cybersecurity maintenance procedures and enforce OT cybersecurity framework and standards, evaluate IT related needs of OT environment and team members, and identify cybersecurity awareness gaps. Evaluate OT cyber assets and assign criticality rating to cyber assets and develop remediation plan for gaps in compliance of the systems with the OT cybersecurity program. Has increased responsibilities in security intelligence monitoring, incident response, and development of cybersecurity maintenance procedures. May serve as a project lead and mentor Cyber Security Analyst. Works under general supervision. Cyber Security Analyst Lead Level 3
The Cyber Security Analyst Lead is responsible for maintaining and improving OT cybersecurity framework and standards, reviewing cybersecurity maintenance procedures and threat landscape assessment, implementing vulnerability management technologies and vulnerability remediation plans. Lead will facilitate asset criticality evaluation process, maintain cybersecurity maintenance schedule, and train staff. Lead will maintain and improve the OT cybersecurity program, ensuring its alignment with the latest industry standards (NERC, NIST), build cross departmental ITOT collaboration, educate team members the latest cybersecurity industry trends. Has increased responsibilities in evaluating industry standards and adopting them into cybersecurity controls. May serve as a project lead and mentor to other department team members. Level 1: Duties and Responsibilities
Identifies cybers assets, examines and extracts asset configuration, updates the OT cyber asset database to protect operational technology. Installs security patches, updates antivirus definitions, and creates system backups. Collects, maintains, updates baselines of the operational systems, updates cybersecurity SharePoint site for stakeholder engagement. Reviews the releases of new CVEs from external sources for applicability to operational assets regularly. Assists OT team l with IT-related work: software and hardware of HMIs and network appliances, remote connectivity. Level 2: Duties and Responsibilities
Evaluates network architecture, system configuration, and external connection layout to ensure compliance of operational technology systems with cybersecurity program. Reviews vendor manuals, training materials, industry standards, and develops cybersecurity maintenance procedures. Provides activities planning guidance, feedback on work completed, and training to Cybersecurity Analysts. Evaluates new CVEs for applicability to OT cyber assets. Level 3: Duties and Responsibilities
Translate all applicable standards (NERC CIP, NIST CSF, NIST 800-53, etc.) into appropriate systemic and procedural solutions. Review, revise, and update Energy Supply's operational technology cybersecurity standards and procedures. Evaluate the Energy Supply's operational technology systems and coordinate necessary actions to maintain compliance with applicable internal and regulatory standards. Develop management responses to internal and external government and regulatory audits and data requests with respective management and team members. Review operational technology cyber asset management process. Train and educate team members and facilitate ITOT collaboration. Education: Level 1, 2 and 3
Required: High School Diploma or equivalent. Preferred: Bachelor's Degree in Computer Science, Information Systems, or other IT related discipline. Licenses/Certifications: Level 1, 2 and 3
Required: From the list of certification vendors, one related Information Security professional certification or ability to obtain via self-study within one year of hire date (ex: CISCO, (ISC)2, GIAC, ISA, ISACA, CompTIA, e-Council, etc.). Preferred: three or more of the following or similar Information Security professional certifications (ex: ACE, CCE, CAP, CEH, CCNA, CCNP, CISA, CISM, CISSP, CRISC, EnCE, GCCC, GCDA, GCED, GCFA, GCFE, GCIA, GCIH, GCWN, GICSP, GMON, GNFA, GPEN, GPPA, GREM, GWAPT, GXPN, OSCP, SSCP). Experience:
Level 1: Required: 5 years of related Cyber Security, industrial automation, IT, OT, or Technical (hands-on networking, telecommunications [radios, satellites, communications, etc.], hardware, software) experience. May consider 2 years related experience with an Associate's Degree or 1 year related experience with a Bachelor's Degree in Computer Engineering/Science, Cybersecurity, Information Systems, or other IT related discipline. Level 2: Required: 6 years of related Cyber Security, industrial automation, IT, OT, or Technical (hands-on networking, telecommunications [radios, satellites, communications, etc.], hardware, software) experience. May consider 4 years related experience with an Associate's Degree or 3 year related experience with a Bachelor's Degree in Computer Science, Information Systems or other IT related discipline. Level 3: Required: 8 years of related Cyber Security, industrial automation, IT, OT, or Technical (hands-on networking, telecommunications [radios, satellites, communications, etc.], hardware, software) experience. May consider 4 years related experience with an Associate's Degree or 2 years related experience with a Bachelor's Degree in Computer Science, Information Systems or other IT related discipline. Level 1: Knowledge/Skills/Abilities
Required: Basic knowledge of industrial automation (ABB, Allen Bradley, Emerson, GE, Siemens) or basic knowledge of major operating system security (Windows, Mac OS, Linux/Unix), endpoint, server, and network security. Basic knowledge of major security systems and functions for incident response, monitoring and forensic activities: Firewalls, IDS/IPS, Antivirus/Antimalware, SIEM, Incident Response, Threat Prevention, Web/Application Control Filtering, Email Filtering, NetFlow Analysis, Endpoint Security, Configuration and Change Management, File Integrity Monitoring, and DLP. Basic knowledge of log, network, and system forensic investigation techniques. Basic working knowledge of networking protocols and systems administration. Basic working knowledge of identifying and capturing indicators of compromise and methods for detecting them within incidents. Basic working knowledge with packet analysis and malware analysis. Basic working knowledge of the processes that ensure compliance with regulatory or industry requirements such as NERC CIP, SOX and PCI. Good analytical and risk assessment skills and strong listening, written and computer communication skills for reporting and auditing purposes. Preferred: Performing cybersecurity maintenance activities: applying patches, updating antivirus signatures, creating system backups. Configuring network appliances Troubleshooting network communications Supporting compliance audits Designing, implementing,