Fueled by a dedicated workforce, AMERESCO is the premier provider of energy efficiency and renewable technology solutions. From conservation to renewable energy generation, Ameresco employees have developed and implemented over $5 Billion in energy savings solutions that help our customers utilize clean and sustainable resources.
Ameresco maintains a fully-integrated Federal Group in order to focus on the unique challenges and opportunities associated with work in this sector, especially at secure military bases. This team of roughly 220 engineers, project managers, technicians, operators, and management and administrative staff is responsible for the development, design, construction, financing, operation, and maintenance (O&M), and performance verification of all manner of large energy projects. Projects are driven by each client’s desire to reduce energy and O&M costs, reduce their carbon footprint, and improve utility infrastructure, particularly when it will enhance energy resiliency. Project technologies include distributed generation, combined heat and power (CHP), renewable energy, energy storage, electric distribution and infrastructure improvements, and energy efficiency and conservation.
Projects typically require advanced communications and controls systems including Building Automation Systems (BAS), SCADA systems, and other Industrial Control Systems (ICS). Many of these energy projects need to communicate with entities outside of the host site in order to operate based on signals from utility companies or Regional Transmission Operators (RTOs), and to allow key equipment vendors to diagnose and maintain equipment remotely. Increasingly, the federal government is concerned about the cyber security of the energy assets that Ameresco develops.
Ameresco seeks a subject matter specialist to assist in developing, maintaining, and reviewing cybersecurity policies and controls for client projects.
Determine the cyber security standards and procedures that apply to each client and project (e.g. Risk Management Framework (RMF)). Defining the applicable standards and procedures requires review of project contractual requirements, review and negotiation with host site personnel regarding site-specific standards, procedures and practices, and understanding guidelines from NIST, DHS, and other industry sources as they apply to the project proposed for each site.
Assess the level of cyber security risk posed to the site by the proposed project. Develop a written Cyber Security Plan that meets the contract requirements for mitigating such risk.
This position will participate in identifying, qualifying, and maintaining relationships with outside cybersecurity consultants. This position will develop site- and contract-specific external scopes of work and administer value-based solicitations, ultimately resulting in procurement of such consultant services through Professional Service Agreements (PSAs). This position will administer and provide quality control of consultant deliverables and services.
Topics typically covered in a Cyber Security Plan may include (but not be limited to) the following: physical security, system monitoring and performance verification, remote access control, account management, session management, authentication/password policy and management, logging and auditing, communications restrictions, malware detection and protection, confirmation of heartbeat signals, life cycle security, intrusion detection, incident documentation and tracking, incident response, patch management and updating, contractor personnel management and training, supply chain security, wireless technologies, cryptography, information and data security.
Work with Ameresco project managers, design engineers, construction managers, and O&M staff to guide them in incorporating the requirements of the Cyber Security Plan into the design, equipment procurement, construction, commissioning, and operation and maintenance of the energy project. Help the Ameresco team to understand the schedule and cost impacts associated with complying with each Cyber Security Plan for each site.
For projects in the proposal phase, determine the subcontracted costs and direct material and labor burden associated with developing the Cyber Security Plan defined by Tasks (1) and (2) above. Estimate any incremental project implementation and O&M cost and schedule impacts associated with implementing the Plan.
Manage periodic Risk Assessments of Cyber Security Plans using third-party reviewers. Where third-party execution of the Risk Assessment is not required contractually, conduct Risk Assessments in-house.
Prepare written Annual Reports and review (or write) Risk Assessments for each project.
Provide training to Ameresco management and operations staff as necessary to educate staff in the procedures that must be followed to meet and sustain cyber security requirements.
Develop and maintain Ameresco standard procedures to support cyber security requirements at all project-sites. Update and revise such procedures on an ongoing basis as needed.
Develop and maintain Cyber Security Sustainment Plans that provide a sequence of notifications, procedures, and definitive actions for breaches and identified weaknesses, as well as periodic maintenance, and system integrity and vulnerability evaluations. Such plans shall be customized to individual clients and the portfolio of installed energy efficiency and renewable
energy measures implemented at each site, as well as to the specific roles and responsibilities for ongoing operations, maintenance, repair & replacement, and performance monitoring for each project.
B.S. degree or equivalent in information technology, computer science, controls systems, or engineering discipline.
Five years’ experience in IT and/or controls systems, ideally with focus on network and cyber security.
Additional Preferred Qualifications:
Minimum three years of experience with primary administration responsibility for control networks for utilities or industrial customers.
Specific experience and demonstrated proficiency with industrial control systems to include PLC-based plant control systems, building energy management and environmental control systems, utility-grade protection and control systems and SCADA, cloud based services, serial and IP-based fieldbus networks, enterprise operating systems, discrete application specific controllers, wireless point-to-point, mesh, and broadcast WANs, and public networks.
Strong written and verbal skills with ability to explain cyber security concepts and requirements in clear language in plans and proposals.
Familiarity with NIST and DHS, DoD RMF and other guidelines on cyber security.
Must be United States citizen.
Interested individuals are encouraged to visit http://careers.ameresco.com to submit your resume, cover letter, sample project history, and salary information. DIRECT Applicant Response Preferred.
AMERESCO challenges the brightest, most talented and creative individuals in the industry by providing an environment that embraces initiative, diversity, and achievement along with comprehensive rewards, including people-oriented insurance, investment, and incentive plans.
Equal Opportunity/Affirmative Action Employer/Women/Minorities/Veteran/Disability.