Senior SCADA Network Administrator

City of Irvine | Irvine, CA

Applying to this job will open a new window on the employer's web site to apply there.

Posted Date 7/10/2019

Salary: $7,605 - $10,530 / Monthly

General Description:
The Irvine Ranch Water District is accepting applications for a Senior SCADA Network Administrator. The successful candidate will be responsible for the design, installation, configuration, optimization, administration, maintenance, cybersecurity protection and continuous 24/7 operation of the IRWD Industrial Control System / Supervisory Control and Data Acquisition (ICS/SCADA) system.

Summary of Duties:

Network, Server and SCADA Application: 

  • Design and oversee ICS/SCADA network and server infrastructure


  • Evaluate and simulate the effects of patches, firmware, drivers, operating systems, and software updates in a SCADA sandbox environment.


  • Plan, schedule, install, configure, integrate, troubleshoot, patch, update, and maintain ICS/SCADA hardware and software to improve, secure and support continuous 24/7 operation of the ICS/SCADA infrastructure with minimum to zero downtime production environment.


  • Collaborate with consultants, vendors and staff members to resolve network, server and SCADA application issues.


  • Provide advanced technical expertise and hands-on support to the Automation team and internal customer as required.


  • Segment network utilizing Purdue model, principles of least privilege and need-to-know basis and other best practice.


  • Install and configure point-to-point VPN, IPS, IDS, Firewalls and other applications to secure ICS/SCADA communication.


  • Develop and maintain documentation, including but not limited to ICS/SCADA architecture drawings, installation, configuration, and troubleshooting procedures.


ICS/SCADA Cybersecurity:


  • Lead Automation team in collaboration efforts with other cybersecurity experts, consultants and internal staff to develop well-constructed approaches to ICS/SCADA risk management, mitigation, and monitoring strategies.


  • Responsible to create, maintain, assess, audit and comply with applicable laws, regulatory and security policies, standards and best practice hardening guidelines of the ICS/ SCADA infrastructure utilizing


  • NIST Framework for Improving Critical Infrastructure Cybersecurity


    • NIST 800-82 - Guide to Industrial Control Systems (ICS) Security


    • NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations


    • AWWA G430-14 - American Water Works Association Security Practices for Operation and Management


    • Other relevant framework or standards



  • Utilize Kali Linux, Metasploit, Wireshark, Nessus and other tools to penetrate ICS/SCADA system to discover vulnerability and deficiency.


  • Educate internal staff about the risk and the steps required to close the security gap and to report cyber threats and attacks.


  • Develops, reviews, and implements improvements to the Backup and Disaster Recovery Plans and periodically simulate a disaster event to ensure the ICS/SCADA is able to recover from a disaster.


  • Maintain a performance management program with relevant key performance indicators (KPIs) and tracking mechanisms.


  • Review automation software and hardware histories and determine repair, system upgrades, and replacement needs


  • Develop, and execute policies including but not limited to network reliability, SCADA cybersecurity, backup and disaster recovery.


  • Stay abreast with current developments and regulation changes in the automation controls, information systems technologies, cybersecurity and water utility industries in order to provide updates and recommendation to management staff.


  • Maintain regular contact with Operations, Maintenance, Engineering and other departments or consultants to provide as needed support and participate in cross-department projects as directed.


  • After hours' accessibility will be required as needed to meet District needs.


  • Perform other related duties as assigned.


  • Comply with District work-related safety practices and attend relevant safety training.


A combination of education and experience equivalent to a Bachelor's degree in Computer Science, Engineering or related field and at least five (5) years of experience in Operational Technology (ICS/SCADA) or Information Technology environment required.

Experience with the following software, hardware and protocols required:


  • Microsoft Windows Server and Desktop operating system


  • Microsoft Active Directory and Group Policy


  • Powershell Scripting


  • VMWare Hypervisor, vCenter and Microsoft Hyper-V


  • Veeam


  • Industrial communication protocols, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Host


  • Intrusion Prevent System (HIPS), Layer 7 Application Control, SNORT and Wireshark


  • Kali Linux or other similar distribution


  • Nessus, OpenVAS, Metasploit or other vulnerability management software


  • Radio communications equipment, Network Switches, Virtual Private Network (VPN), Routers and Firewalls


  • Security Information and Event Management (SIEM), Syslog and Simple Network Management Protocol (SNMP) and Trap


Experience with the following software and hardware is highly desired:


  • Wonderware Intouch, Application Server or other SCADA software


  • Schneider Modicon PLC


  • Microsoft SQL and Power BI


  • Schneider/Wonderware System Platform, Historian, InTouch and Maple Systems


  • Schneider Unity Pro


  • Python Scripting


License / Certifications Required:


  • Depending on assignment, a valid Class 'C' California Driver's License may be required.


Must obtain 1 or more of the following certifications within 9 months of hire date:


  • Cisco CCNP (Cisco Certified Network Professional)


  • Cisco CCNA (Cisco Certified Network Associate)


  • Microsoft MSCE (Microsoft System Certified Engineer)


Must obtain 1 or more of the following certifications within 9 months of hire date:


  • CompTIA Security+


  • Certified Penetration Tester (CPT)


  • Certified Expert Penetration Tester (CEPT)


  • Certified Ethical Hacker (CEH)


  • GIAC Industrial Cyber Security Professional (GICSP)


  • GIAC Critical Infrastructure Protection (GCIP)


  • GIAC Response and Industrial Defense (GRID)


  • Cisco CCNA Security (Cisco Certified Network Associate Security)


  • Certified Information Systems Security Professional (CISSP)





Job Category
Local Government
Career Level

Share this job