Industrial Cybersecurity Consultant

Industrial Cybersecurity Consultant (34689)

3 days ago Be among the first 25 applicants

Industrial Cybersecurity Consultant

STSI is looking for a Cyber Security Consultant who is detail oriented with a willingness to utilize their investigative mind and dig into remediation issues, conduct security audits, and implement change plans in IT & OT environments. Ideal candidates have experience assessing security and PLC controls with experience conducting security audits, maintaining up-to-date understanding of guidance from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and have a firm understanding and experience with Allen Bradley PLC and Modbus PLC universal communication protocol.

Type: Full-time Contract - W2 ONLY, accepting candidate that are a US Citizen (nonnegotiable)

Compensation: $50.00 USD to 60.00 USD

# of Positions: 3-5

Location: Richmond, VA and Glen Allen, VA

Travel: 80% - 100% - accepting only local candidates in the state of Virginia who are able to drive/go to different locations/offices in VA. Consultants will use their own vehicle and must have a valid driver's license.

Expense: Miles, Hotel (when required), food are reimbursed expenses.

Schedule: Daylight, Monday through Friday.

Reports to: Director of Network & Endpoint Security, Project Manager & Delivery Lead

The Cybersecurity Consultant will independently execute significant portions of projects addressing Information Technology (IT) and Industrial Control System security. The Cybersecurity Consultant supports the execution of projects consisting of network penetration testing, web application security testing, cybersecurity vulnerability assessments, secure system design and integration, and/or development of cybersecurity programs at client sites across the U.S and Canada utilizing the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), NIST Risk Management Framework (RMF), and other industry or data specific compliance frameworks and regulations.

Execute the planning, design, development and implementation of technical controls, procedures and policy associated with cybersecurity compliance and/or regulatory standards.

• Maintain highest level of integrity, protecting the confidentiality and security of all clients and project information.
• Identify and diagnose operational issues and implement design alterations to address these issues.
• Conduct network penetration tests and vulnerability assessments of IT and Operational Technology (OT) networks, for both compliance and security purposes.
• Perform detailed, post event analysis of unusual events, and direct needed procedure or process changes in response.
• Pursue, obtain, and maintain industry recognized IT certifications related to cybersecurity such as ethical hacking, network engineering, Industrial Control System (ICS), Supervisory Control and Data Acquisition (SCADA), risk management, and others as necessary.
• Resolve technical issues, analyze implications to the client's business, and be able to communicate them with applicable stakeholders within the business.
• Develop policies & procedures for secure process control network design, technical and design recommendations for the implementation of firewalls and other network security and compliance controls.
• Compile technical documentation of network traffic as well as firewall services/solutions including explanations and diagrams.
• Work collaboratively with other groups and divisions inside the company.
• Performs other duties as assigned.
• Comply with all policies and standards.

• Bachelor’s degree in Cybersecurity, Computer Science, Computer Engineering, Electrical Engineering, or a related technical field and min 3 years of related/relevant experience is required.
• Advanced knowledge of security principles and firm knowledge of cybersecurity technologies, as well as industry-recognized certifications.
• Experience with cybersecurity vulnerability assessments, penetration tests, and the tools/techniques involved in both.
• Experience in the capabilities and/or configuration of cybersecurity controls, specifically those relating to firewalls, access control, authentication, anti-virus/anti-malware, patching, and logging.
• Advanced knowledge of control systems utilized by utilities, manufacturing, oil and gas, transportation, smart buildings, and cities.
• Strong written and oral communication skills.
• Strong analytical and critical thinking skills.
• Ability to operate under pressure and under tight deadlines, to operate in on-site industrial, corporate, and government work.
• Demonstrate capability to make sound decisions based on good security practices and principles.
• Demonstrate an understanding of business principles and operational security practices specific to engineering and/or security consulting.
• Knowledge and/or experience with corporate policies and procedures.
• Strong technical writing skills. Knowledge and experience with modern and legacy computer networking and…