Industrial Cybersecurity Consultant STSI is looking for a Cyber Security Consultant who is detail oriented with a willingness to utilize their investigative mind and dig into remediation issues, conduct security audits, and implement change plans in IT & OT environments. Ideal candidates have experience assessing security and PLC controls with experience conducting security audits, maintaining up to date understanding of guidance from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and have a firm understanding and experience with Allen Bradley PLC and Modbus PLC universal communication protocol.
Type: Full-time Contract - W2 ONLY, accepting candidate that are a US Citizen (nonnegotiable)
Compensation: $ 50.00 USD to 60.00 USD
# of Positions: 3-5
Location: Richmond, VA and Glen Allen, VA
Travel: 80% - 100% - accepting only local candidates in the state of Virginia who are able to drive/go to different locations/offices in VA. Consultants will use their own vehicle and must have a valid driver's license.
Expense: Miles, Hotel (when required), food are reimbursed expenses.
Schedule: Daylight, Monday through Friday.
Reports to: Director of Network & Endpoint Security, Project Manager & Delivery Lead
Position Summary: The Cybersecurity Consultant will independently execute significant portions of projects addressing Information Technology (IT) and Industrial Control System security. The Cybersecurity Consultant supports the execution of projects consisting of network penetration testing, web application security testing, cybersecurity vulnerability assessments, secure system design and integration, and/or development of cybersecurity programs at client sites across the U.S and Canada utilizing the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), NIST Risk Management Framework (RMF), and other industry or data specific compliance frameworks and regulations. Execute the planning, design, development and implementation of technical controls, procedures and policy associated with cybersecurity compliance and/or regulatory standards.
Responsibilities:
- Maintain highest level of integrity, protecting the confidentiality and security of all clients and project information.
- Identify and diagnose operational issues and implement design alterations to address these issues.
- Conduct network penetration tests and vulnerability assessments of IT and Operational Technology (OT) networks, for both compliance and security purposes.
- Perform detailed, post event analysis of unusual events, and direct needed procedure or process changes in response.
- Pursue, obtain, and maintain industry recognized IT certifications related to cybersecurity such as ethical hacking, network engineering, Industrial Control System (ICS), Supervisory Control and Data Acquisition (SCADA), risk management, and others as necessary.
- Resolve technical issues, analyze implications to the client's business, and be able to communicate them with applicable stakeholders within the business.
- Develop policies & procedures for secure process control network design, technical and design recommendations for the implementation of firewalls and other network security and compliance controls.
- Compiles technical documentation of network traffic as well as firewall services/solutions including explanations and diagrams.
- Work collaboratively with other groups and divisions inside the company.
- Performs other duties as assigned.
- Comply with all policies and standards.
- Performs other duties as assigned.
Required Experience:
- Bachelor’s degree in Cybersecurity, Computer Science, Computer Engineering, Electrical Engineering, or a related technical field and min 3 years of related/relevant experience is Required.
- Advanced knowledge of security principles and firm knowledge of cybersecurity technologies, as well as industry-recognized certifications.
- Experience with cybersecurity vulnerability assessments, penetration tests, and the tools/techniques involved in both.
- Experience in the capabilities and/or configuration of cybersecurity controls, specifically those relating to firewalls, access control, authentication, anti-virus/anti-malware, patching, and logging.
- Advanced knowledge of control systems utilized by utilities, manufacturing, oil and gas, transportation, smart buildings, and cities.
- Strong written and oral communication skills.
- Strong analytical and critical thinking skills.
- Ability to operate under pressure and under tight deadlines, to operate in on-site industrial, corporate, and government work.
- Demonstrate capability to make sound decisions based on good security practices and principles.
- Demonstrate an understanding of business principles and operational security practices specific to engineering and/or security consulting.
- Knowledge and/or experience with corporate policies and procedures.
- Strong technical writing skills. Knowledge and experience with modern and legacy computer networking and telecommunications.
- Experience with physical cabling for network communications and control system Input/Output.
- Ability to obtain and maintain access to current and future client sites.
We are an Equal Opportunity Employer and do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other legally protected status. All qualified applicants will receive consideration for employment without regard to any of these characteristics.
