×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Cyber Security Engineer - Compliance

Job in Rutland, Rutland County, Vermont, 05702, USA
Listing for: VELCO - Vermont Electric Power Company
Full Time position
Listed on 2026-02-16
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

Overview

As the nation’s first statewide, “transmission only” company, VELCO manages the safe, reliable, cost-effective transmission of electric power throughout Vermont and as a part of the integrated New England regional network.

At VELCO, we are committed to protecting our organization’s data, infrastructure and digital assets. You’ll have the opportunity to directly impact VELCO’s risk posture to keeping a safe, reliable, secure and compliant operating organization.

How You Will Make An Impact

You’ll be responsible for constructing systems that gather, analyze and measure adherence to North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards and National Institute of Standards and Technology (NIST) cybersecurity frameworks. This role supports the secure operation of the utility’s business functions, customer support systems, and critical infrastructure, including substations, control centers, and related operational technology (OT) systems.

The Cyber Security Engineer
- Compliance will maintain, enhance, develop, implement, and monitor compliance controls, risk assessment workflows, and collaborate with NERC Compliance, IT, OT, and Information Security teams to maintain regulatory compliance and enhance cybersecurity risk comprehension.

Responsibilities
  • Regulatory & Business Compliance:
    Track compliance with NERC CIP standards (e.g., CIP-002 through CIP-014) and NIST frameworks (e.g., NIST 800-53, NIST CSF) for the protection of infrastructure & data.
  • Risk Assessments:
    Catalog and document risk assessment findings for substations, control centers, and OT systems that will automate remediation and/or creation of compliance artifacts.
  • Policy Lifecycle and Management:
    Integrate compliance policy requirements, procedures, and controls into digital workflows supporting subject matter experts with business processes and compliance artifacts.
  • Audits and Reporting:
    Prepare for and support NERC CIP audit subject matter experts, including evidence collection, documentation, and response to audit findings.
  • Awareness:
    Collaborate with NERC Compliance and Information Security to ensure adherence to current and future NERC CIP and NIST regulation/requirements, fostering a culture resilient to regulatory change.
  • Incident Response:
    Collaborate with Information Security to scribe, document, and track the lifecycle of cybersecurity incidents, ensuring compliance with incident reporting obligations.
  • System Monitoring:
    Monitor & correct the operational health of compliance data acquisition systems to ensure data quality and time bound accuracy.
  • Continuous Improvement:
    Stay updated on evolving NERC CIP and NIST standards, recommending improvements to enhance compliance and security posture.
  • Other duties as assigned.
Who You Are

A Bachelor's degree in Computer Science, Cyber Security or related technical discipline. Equivalent work experience considered. Having relevant security certifications or the ability to obtain GIAC GCIP and/or GIAC GCCC is expected. A Master’s degree may be substituted for some experience.

Knowledge/Skills
  • Direct experience with NERC CIP standards and NIST frameworks is highly preferred.
  • Familiarity with OT systems (e.g., SCADA, PLCs) and utility operations.
  • Familiarity with networking technologies, operating systems, regular expressions, and API/Script based data acquisition methods.
  • Experience with Tripwire Enterprise, Sigma Flow Beacon, or governance risk and compliance (GRC) tools with workflow and ability to dynamically retrieve data is highly preferred.
  • Strong understanding of Information Security frameworks.
  • A functional understanding of API and scripted data retrieval across various technologies.
  • Proficiency with SQL Query languages
  • Demonstrated ability to securely create and manage scripts for data acquisition
  • Proficiency in risk assessment methodologies and cybersecurity tools.
  • Excellent analytical, problem-solving, and documentation skills.
  • Ability to communicate complex technical concepts to technical and semi-technical stakeholders.
  • A desire to pursue training and certifications in information security & operational technologies as they evolve.
  • Knowledge…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search