Operational Technology (OT) Security Analyst

About the Pay

Central Arizona Project (CAP) is a 336-mile system that supplies Colorado River water to central and southern Arizona. More than 6 million people rely on this supply. CAP employs nearly 500 people who enjoy a team-oriented and safety-focused work culture. The close community of a small company is driven to help fulfill our extremely valuable mission.

Compensation & Benefits Package includes:

• Competitive Salaries
• Arizona State Retirement System - Pension
• 401(k)
• Medical, Dental and Vision
• Life insurance, LTD, Short-term disability
• 4-10 (Mon-Thur) work schedule
• Option for part-time remote work
• Paid training & tuition reimbursement
• 9 paid holidays
• Paid vacation & sick time
• Wellness programs
• No benefits waiting period
• Relocation benefits
• Significant training and development opportunities
• Public Student Loan Forgiveness eligible employer

1. Serve as Operational Technology (OT) Security Analyst specializing in Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems.
2. Collaborate with IT peers to integrate Operational Technology (OT) network security protocols, ensuring seamless alignment with enterprise IT security frameworks and facilitating cross-functional incident response and threat mitigation.
3. Design cyber solutions and support implementation of network segmentation strategies and technologies, remote and local access controls, and advanced intrusion detection/prevention systems for OT environments, including ICS and SCADA systems.
4. Deploy and administer various cyber security products, tools, solutions and their corresponding applications and clients.
5. Collaborate with teams to plan and execute system scans, upgrades, and security patches to ensure that all systems are up to date with the latest security fixes or design a mitigation plan for legacy system limitations.
6. Implement and maintain continuous cyber security monitoring of OT/ICS/SCADA systems to ensure optimal performance, timely support, and detection of security related anomalies.
7. Develop and execute incident response plans, conduct investigations, and implement corrective actions. Respond to security incidents according to established procedures and guidelines, and report them to senior staff, including the root cause, impact and mitigation actions.

• Bachelor's degree and a minimum of five (5) years’ related experience or:
• High school diploma or equivalent plus a minimum of nine (9) years’ related experience.
• Experience with and knowledge of common OT/ICS communication protocols, controls systems and architectures, including IIoT, PLCs, HMIs, SCADA, etc.
• Proficiency in OT system security, network security, and application security.
• Excellent analytical, organizational, time management, and problem-solving skills are essential, including managing multiple projects at once that require collaboration of other teams.

Experience in performing cybersecurity assessments, risk management, governance, and compliance management.
Experience in managing OT security projects from conception through implementation.
Experience with incident response and recovery planning specific to OT environments.
Experience working within critical infrastructure systems, specifically water or energy utility highly preferred.
• One or more of the following certifications:
  Certified Information Systems Security Professional (CISSP)
  Certified Information Security Manager (CISM)
  Certified Information Systems Auditor (CISA)
  Global Information Assurance Certification (GIAC) in relevant areas (e.g., GSEC, GCIH, GCED)
  Global Industrial Cyber Security Professional Certification (GICSP)
  GIAC Critical Infrastructure Protection Certification (GCIP)
  Certified Automation Cybersecurity Expert (CACE)
  Certified Automation Cybersecurity Specialist (CACS)
  Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or equivalent.