Returning Candidate?

Cyber Security Engineer - Federal

Cyber Security Engineer - Federal

Job ID 
Job Locations 
Information Technology

More information about this job


Fueled by a dedicated workforce, AMERESCO is the premier provider of energy efficiency and renewable technology solutions. From conservation to renewable energy generation, Ameresco employees have developed and implemented over $5 Billion in energy savings solutions that help our customers utilize clean and sustainable resources.


Ameresco maintains a fully-integrated Federal Group in order to focus on the unique challenges and opportunities associated with work in this sector, especially at secure military bases.  This team of roughly 180 engineers, project and construction managers, technicians, operators, and management and administrative staff is responsible for the development, design, construction, commissioning, financing, operation and maintenance (O&M), and performance verification of all manner of large energy projects.  Projects are driven by each client’s desire to reduce energy and O&M costs, reduce their carbon footprint, and improve utility infrastructure, particularly when it will enhance energy resiliency.  Energy project technologies include distributed generation, combined heat and power (CHP), renewable energy, energy storage, and energy efficiency and conservation. 


Energy projects typically require advanced communications and controls systems including Building Automation Systems (BAS), SCADA systems, and other Industrial Control Systems (ICS).  Many of these energy projects need to communicate with entities outside the host site in order to operate based on signals from utility companies or Regional Transmission Operators (RTOs), and to allow key equipment vendors to diagnose and maintain equipment remotely.  Increasingly, the federal government is concerned about the cyber security of the energy projects and assets that Ameresco develops. 


Ameresco seeks to enhance our ability to address the cyber security aspects of energy projects we develop by using in-house resources with strategic use of third-party industry consultants.  We seek a Cyber Security Engineer to lead this effort.  The tasks associated with this newly-created position are as follows. 



  1. Determine the cyber security standards and procedures that apply to energy projects proposed by Ameresco for each potential Ameresco client site under the customer and/or Agency specific requirements. This involves review of contract or request-for-proposal (RFP) documents, discussion with host site personnel to understand site-specific standards, procedures and practices, and understanding guidelines from NIST, DHS, and other industry sources as they apply to the energy project proposed for each site.  In most cases this will involve complying with the federal Department of Defense’s Risk Management Framework (RMF).   


  1. Assess the level of cyber security risk posed to the site by the proposed energy project. Develop a written Cyber Security Plan that meets the contract requirements for mitigating such risk.  Ameresco may draw upon outside consultants for assistance with aspects of writing or implementing the Cyber Security Plan at each client site.  This position will coordinate those efforts by issuing Professional Service Agreements (PSAs) with such consultants for a defined scope of work and price and tracking and integrating their deliverables.


  1. Work with Ameresco project managers, design engineers, construction managers, and O&M staff to guide them in incorporating the requirements of the Cyber Security Plan into the design, equipment procurement, construction, commissioning, and operation and maintenance of the energy project. Help the Ameresco team to understand the schedule and cost impacts associated with complying with each Cyber Security Plan for each site.  


  1. For projects in the proposal phase, determine the subcontracted costs and direct material and labor burden associated with developing the Cyber Security Plan defined by Tasks (1) and (2) above. Estimate any incremental project implementation and O&M cost and schedule impacts associated with implementing the Plan.  


  1. Manage periodic Risk Assessments of Cyber Security Plans using third-party reviewers. Where third-party execution of the Risk Assessment is not required contractually, conduct Risk Assessments in-house. 


  1. Prepare written Annual Reports and review (or write) Risk Assessments for each project.   


  1. Provide training to Ameresco management and operations staff as necessary to educate staff in the procedures that must be followed to meet cyber security requirements.


  1. Define Ameresco standard procedures to support cyber security requirements at all sites. Update and revise such procedures on an ongoing basis as needed. 


  1. Develop and maintain a Cyber Security Sustainment Plans that provide a sequence of notifications, procedures, and definitive actions for breaches and identified weaknesses, as well as periodic maintenance, and system integrity and vulnerability evaluations. Such plans shall be customized to individual clients and the portfolio of installed energy efficiency and renewable energy measures implemented at each site, as well as to the specific roles and responsibilities for ongoing operations, maintenance, repair & replacement, and performance monitoring for each project.


Minimum Qualification

B.S. degree or equivalent in information technology, computer science, controls systems, or an engineering discipline.


Additional Preferred Qualifications

  1. Five to seven years’ experience in IT and/or controls systems, ideally with focus on network and cybersecurity.
  2. Minimum three years’ experience with primary administration responsibility of control networks for utilities or industrial customers.
  3. Specific experience and demonstrated proficiency with industrial control systems to include PLC-based plant control systems, building energy management and environmental control systems, utility-grade protection and control systems and SCADA, cloud based services, serial and IP-based fieldbus networks, enterprise operating systems, discrete application specific controllers, wireless point-to-point, mesh, and broadcast WANs, and public networks.
  4. Strong written and verbal skills with ability to explain cyber security concepts and requirements in clear language in plans and proposals.
  5. Familiarity with NIST, DHS, DoD RMF and other industry guidelines on cyber security.


Interested individuals are encouraged to visit to submit your resume, cover letter, sample project history, and salary information.  DIRECT Applicant Response Preferred.


AMERESCO challenges the brightest, most talented and creative individuals in the industry by providing an environment that embraces initiative, diversity, and achievement along with comprehensive rewards, including people-oriented insurance, investment, and incentive plans. `

Equal Opportunity/Affirmative Action Employer/Women/Minorities/Veteran/Disability.