Job Duties:
Execute the planning, design, development, and implementation of technical controls, procedures, and policies associated with cybersecurity compliance and/or regulatory standards.
Maintain the highest level of integrity, protecting the confidentiality and security of all clients and project information.
Identify and diagnose operational issues and implement design alterations to address these issues.
Conduct vulnerability assessments of OT networks for cybersecurity, risk management, and/or compliance purposes.
Perform detailed, post-event analysis of unusual events, and direct needed procedure or process changes in response.
Pursue, obtain, and maintain industry-recognized certifications related to cybersecurity such as ethical hacking, penetration testing, network engineering, Industrial Control System (ICS), Supervisory Control and Data Acquisition (SCADA), risk management, and others, as necessary.
Resolve technical issues, analyze implications to the client’s business, and be able to communicate them with applicable stakeholders within the business.
Develop policies & procedures for secure process control network design, technical and design recommendations for implementing firewalls, unidirectional gateways, zero trust design, and other network security controls.
Compiles technical documentation of network traffic and firewall services/solutions, including explanations and diagrams.
Work collaboratively with other groups and divisions inside of 1898 & Co. and Burns & McDonnell.
All other duties as assigned.
Requirements:
Important Notes:
- Consultant can sit in Kansas City, Houston, or Atlanta Offices
- 15-25% Travel required
Bachelor's degree in a technical field, e.g., (Cybersecurity, Industrial Cybersecurity, Industrial Cyber Engineering, Cyber-Physical System Security, Computer Science or Information Systems, Computer Engineering, Electrical Engineering, or another related technical field with appropriate experience.
Minimum 8 years of industrial cybersecurity experience.
Additional applicable years of experience may be considered in place of degree requirements.
Advanced knowledge of security principles and firm knowledge of cybersecurity technologies, as well as industry-recognized certifications.
Knowledge and experience with ISA/IEC 62443, NIST Cybersecurity Framework (NIST CSF), and ideally NIST SP800-82 required.
Experience with security engineering principles, various cybersecurity assessment methodologies, security control implementation, and validation, and system life-cycle practices.
Experience in the capabilities and/or configuration of cybersecurity controls, specifically those relating to firewalls, identity, and access control, zero-trust security, authentication and authorization, anti-virus/anti-malware, patch management, network, and system hardening, SIEM implementation, and/or tuning, and logging.
Experience working with development teams to determine application requirements.
Advanced knowledge of control systems utilized by Oil, Gas, and Chemicals; Manufacturing; Utilities (Power and/or Water); Energy; Transportation; etc., is preferred.
Strong written and oral communication skills.
Strong analytical and critical thinking skills.
Ability to operate under pressure and under tight deadlines, to operate onsite within industrial, corporate, and government work settings.
Demonstrate an understanding of business principles and operational security practices specific to engineering and/or security consulting.
Knowledge and/or experience with legacy and modern computer networking and telecommunications.
Experience with physical cabling for network communications and control system input/output.
Strong technical writing skills
Ability to develop and maintain strong relationships with clients.
Ability to present complex technical issues and their impact in an easy-to-understand manner.
Knowledge and experience with corporate policies and procedures
Travel for site work is estimated to average 25-50% annually.
The Ideal Candidate will also have the following preferred skills:
Soft skills:
Tenacious Problem solving
Unselfish collaborator
Intellectual curiosity
Dedicated to continuous improvement.
Grit
Consulting background
Relevant industry certifications such as - CISSP, CISM, CISA, CEH, GICSP, etc.
Bonus points for - ITIL certification, Prosci, or similar people change management certification.
Knowledge or experience with:
OT asset inventory w/ change detection solutions
Vulnerability Management solutions
Identity and Access Control solutions
Zero Trust Security solutions
OT network & communications monitoring solutions
Security, Orchestration, Automation & Response (SOAR) solutions
Knowledge of the Purdue model for zones/segmentation
TWIC, HUET, and/or BOSIET certifications
Certified Ethical Hacker (CET) certification with previous experience performing OT-relevant Pen Testing, Threat Hunting, or similar activities.
Ability to integrate multiple data sources into a single system.
Familiarity with code testing frameworks.
Demonstratable name recognition in the OT / ICS / SCADA cybersecurity industry
ANY GRADUATE