Industrial Cybersecurity Consultant (NIST RMF) - & Co. (Honolulu)
Company: Burns & McDonnell
Location: Honolulu
Posted on: May 8, 2024
|
|
Job Description:
Description
1898 & Co. is a business, technology, and security solutions
consultancy where experience and foresight come together to unlock
lasting advancements. We innovate today to fuel our clients' future
growth, catalyzing insights that drive smarter decisions, improve
performance, and maximize value. As part of Burns & McDonnell, we
draw on more than 120 years of deep and broad experience in complex
industries as we envision and enable the future for our
clients.
The Industrial Cybersecurity Consultant will be a treasured member
of the 1898 & Co. Security & Risk Consulting practice. The 1898 &
Co. Security & Risk Consulting practice is a premier OT/ICS/SCADA
cybersecurity consulting practice whose mission is to serve
humanity by improving the safety, security, and reliability of the
world's critical infrastructure - improving risk management through
resiliency, situational awareness, and preparedness. The Industrial
Cybersecurity Consultant will be committed to will independently
execute significant portions of projects addressing the security of
Operational Technology (OT) systems consisting of Industrial
Control Systems (ICS), Supervisory Control and Data Acquisition
(SCADA), Programmable Logic Controllers (PLC), Discrete Process
Control (DPC) systems, etc.
The Industrial Cybersecurity Consultant supports the execution of
projects consisting of a variety of assessments (e.g.,
GAP/Maturity, Vulnerability, Risk, Threat, Firewall, etc.); secure
architecture, design, and implementation of OT networks, solution
implementation, and operations, respond and recover related
services (incident response planning, disaster recovery planning,
business continuity planning). The Industrial Cybersecurity
Consultant will support cybersecurity programs at client sites
across North America utilizing NERC CIP and the National Institute
of Standards and Technology (NIST) Cybersecurity Framework (CSF),
NIST Risk Management Framework (RMF), NIST 800-53, NIST SP800-82,
NIST 800-30, DFARS, CMMC, and other key industry best practices and
standards.
Job Duties:
Execute the planning, design, development, and implementation of
technical controls, procedures, and policies associated with
cybersecurity compliance and/or regulatory standards.
Maintain the highest level of integrity, protecting the
confidentiality and security of all clients and project
information.
Identify and diagnose operational issues and implement design
alterations to address these issues.
Conduct vulnerability assessments of OT networks for cybersecurity,
risk management, and/or compliance purposes.
Perform detailed, post-event analysis of unusual events, and direct
needed procedure or process changes in response.
Pursue, obtain, and maintain industry-recognized certifications
related to cybersecurity such as ethical hacking, penetration
testing, network engineering, Industrial Control System (ICS),
Supervisory Control and Data Acquisition (SCADA), risk management,
and others, as necessary.
Resolve technical issues, analyze implications to the client's
business, and be able to communicate them with applicable
stakeholders within the business.
Develop policies & procedures for secure process control network
design, technical and design recommendations for implementing
firewalls, unidirectional gateways, zero trust design, and other
network security controls.
Compiles technical documentation of network traffic as well as
firewalls services/solutions, including explanations and
diagrams.
Work collaboratively with other groups and divisions inside of 1898
& Co. and Burns & McDonnell.
All other duties as assigned.
Qualifications
Bachelor's degree in a technical field, e.g., (Cybersecurity,
Industrial Cybersecurity, Industrial Cyber Engineering,
Cyber-Physical System Security, Computer Science or Information
Systems, Computer Engineering, Electrical Engineering, or another
related technical field with appropriate experience).
Minimum 8 years of experience in industrial cybersecurity.
Additional applicable years of experience may be considered in lieu
of degree requirements.
Knowledge and experience with NERC CIP, NIST Risk Management
Framework; NIST 800-53; DFARS; NIST Cybersecurity Framework; NIST
SP800-82; CMMC required.
Advanced knowledge of security principles and firm knowledge of
cybersecurity technologies, as well as industry-recognized
certifications.
Experience with security engineering principles, various
cybersecurity assessment methodologies, security control
implementation, and validation, and system life-cycle
practices.
Experience in the capabilities and/or configuration of
cybersecurity controls, specifically those relating to firewalls,
identity, and access control, zero-trust security, authentication
and authorization, anti-virus/anti-malware, patch management,
network, and system hardening, SIEM implementation, and/or tuning,
and logging.
Advanced knowledge of networks and control systems utilized by
Federal, Military, Defense; etc., is preferred.
Strong written and oral communication skills.
Strong analytical and critical thinking skills.
Ability to operate under pressure and under tight deadlines, to
operate onsite within industrial, corporate, and government work
settings.
Demonstrate an understanding of business principles and operational
security practices specific to engineering and/or security
consulting.
Knowledge and/or experience with legacy and modern computer
networking and telecommunications.
Experience with physical cabling for network communications and
control system input/output.
Strong technical writing skills.
Ability to develop and maintain strong relationships with
clients.
Ability to present complex technical issues and their impact in an
easy-to-understand manner.
Knowledge and experience with corporate policies and procedures
Travel for site work is estimated to average 15-20% annually.
The Ideal Candidate will also have the following preferred
skills:
Soft skills -
Tenacious Problem solving
Unselfish collaborator
Intellectual curiosity
Dedicated to continuous improvement.
Grit
Consulting background
DoD and/or DoE Security clearances
Relevant industry certifications such as CISSP, CISM, CISA, CEH,
GICSP, etc.
Bonus points for - ITIL certification, Prosci, or similar people
change management certification.
Knowledge or experience with -
OT asset inventory w/ change detection solutions
Vulnerability Management solutions
Identity and Access Control solutions
Zero Trust Security solutions
OT network & communications monitoring solutions
Security, Orchestration, Automation & Response (SOAR) solutions
Knowledge of the Purdue model for zones/segmentation
Certified Ethical Hacker (CET) certification with previous
experience performing OT-relevant Pen Testing, Threat Hunting, or
similar activities.
Demonstratable name recognition in the OT / ICS / SCADA
cybersecurity industry
EEO/Minorities/Females/Disabled/Veterans
Job Consulting
Primary Location US-HI-Honolulu
Schedule: Full-time
Travel: Yes, 15 % of the Time
About 1898 & Co. 1898 & Co. is a business, technology and security
solutions consultancy where experience and foresight come together
to unlock lasting advancements. We innovate today to fuel our
clients' future growth, catalyzing insights that drive smarter
decisions, improve performance and maximize value. As part of Burns
& McDonnell, we draw on more than 120 years of deep and broad
experience in complex industries as we envision and enable the
future for our clients.
Burns & McDonnell is an Equal Opportunity Employer
Minorities/Females/Disabled/Veterans
Req ID: 240543
Job Hire Type Experienced #LI-MG #E98 N/A
Keywords: Burns & McDonnell, Honolulu , Industrial Cybersecurity Consultant (NIST RMF) - & Co. (Honolulu), Professions , Honolulu, Hawaii
Click
here to apply!
|