Job Title: Cyber Security Engineer
Location: Manassas, VA (Onsite)
Position Type: Contract position
· Strong understanding of cybersecurity frameworks for ICS/OT environments (ISA-99/IEC 62443, NIST SP 800-82, CIS, etc.)
· You'll assist multiple projects in supporting and maintaining technology solutions in the areas of Operational Technology (OT), including networking, servers, virtualization, and security technologies.
· Experience conducting risk assessments to identify vulnerabilities, threats, and potential impacts on the OT systems and infrastructure.
· Design and implement security architectures for OT systems. This includes developing secure network infrastructures, access control mechanisms, intrusion detection and prevention strategies, and other security controls to protect against cyber threats.
· Contribute towards developing the OT DR study, be responsible for implementing the recommendation from the DR study, and be accountable for testing and maintaining the OT environment, including OT DR.
· Experience in developing and implementing incident response plans for OT systems. Establishing procedures to detect, respond to, and recover from security incidents, such as malware infections or unauthorized access.
· Experience deploying and managing security monitoring tools to continuously monitor the OT systems for any signs of malicious activities or anomalies. This includes analyzing security logs, network traffic, and system behavior to detect potential security breaches.
· Designing and Implementing OT Security Measures: Protect OT systems, networks, and devices design by implementing security measures. This includes analyzing security logs, network traffic, and system behavior to detect potential security breaches. Deploy and manage security monitoring tools to continuously monitor the OT systems for any signs of malicious activities or anomalies. This involves assessing the security risks, identifying vulnerabilities, and developing and implementing appropriate security controls.
· Vulnerability Management: Performing regular vulnerability assessments and penetration testing to identify weaknesses in the OT systems. Working on remediation efforts to address any identified vulnerabilities and ensure that systems are patched and up to date.
· Security Policies and Standards: Development and enforcement of security policies and standards specific to the OT environment. This includes defining security baselines, access control policies, and security awareness training for personnel working with OT systems.
· Collaboration and Communication: Collaborating with cross-functional teams, such as IT teams, operations teams, and management, to ensure effective communication and coordination of cybersecurity initiatives. Providing guidance and recommendations to Client stakeholders on cybersecurity best practices.
· Compliance and Regulations: Ensuring compliance, such as NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) NIST 800-53. (Security and privacy control information)
· Enhanced Incident Response and Recovery: Lead the incident response efforts in a cybersecurity incident or breach. Effectively investigate incidents, mitigate damages, and implement remediation measures to restore operations promptly. Collaborate with incident response teams and law enforcement (as needed) to reduce the impact of the incidents.
· Protection of Intellectual Property and Sensitive Data: Responsible for safeguarding OT valuable information from theft, sabotage, or unauthorized access, preserving the organization's competitive advantage, and protecting its assets.
· Degree in Computer Science, Computer/Electrical Engineering, Information Technology, or other technical field
· 5-10 years of OT/IT experience
· Knowledge of and experience in security processes and organizational design.
· Experience with network analysis and penetration testing tools such as BackTrack, Metasploit, Rapid 7 Nexpose, NMAP, and/or Wireshark.
· Strong understanding of SCADA operation work relating to Critical Infrastructure (Water, Transportation, Power, Energy, Oil, and Gas)
· Strong interest in the field of cybersecurity in industrial control systems and the Internet of Things
· Knowledge of penetration testing, programming, networks, and operating system
One or more of the following Professional Certifications:
· Cisco Certified Network Associate (CCNA, CCDA)
· Response and Industrial Defense (GRID)
· Certified Penetration Tester (GPEN)
· Security Leadership Certification (GSLC)
· Certified Information Systems Auditor (CISA)
· Certified Information Systems Security Professional (CISSP)
If you believe you are qualified for this position and are currently in the job market or interested in making a change, please email me the resume along with contact details on email@example.com or give me a call at 201-484-0331.