About the position
Under general supervision, demonstrated ability to independently perform complex security analysis of classified and unclassified applications, systems and enclaves for compliance with security requirements. Performs ICS (Industrial Control System)/SCADA (Supervisory Control and Data Acquisition) IT (Information Technology) & OT (Operational Technology) cybersecurity vulnerability evaluations. Uses a variety of security techniques, technologies, and tools to evaluate security posture in highly complex computer systems and networks. Ability to perform vulnerability and risk analysis as well as participating in a variety of computer security penetration studies. Analyzes and defines security requirements for ICS & SCADA computer and networking systems, to include mainframes, workstations, and personal computers. Recommends solutions to meet security requirements. Gathers and organizes technical information about an organization's mission goals and needs as well as makes recommendations to improve existing security posture. Demonstrated understanding of ICS/SCADA IT & OT Protocols and Network Interfaces. Competent to work on most phases of information systems auditing. Demonstrated understanding of ICS/SCADA Cyber protections and assessments.
Responsibilities
- Perform complex security analysis of classified and unclassified applications, systems, and enclaves.
- Conduct ICS/SCADA IT & OT cybersecurity vulnerability evaluations.
- Evaluate security posture in complex computer systems and networks using various security techniques and tools.
- Perform vulnerability and risk analysis.
- Participate in computer security penetration studies.
- Analyze and define security requirements for ICS & SCADA systems.
- Recommend solutions to meet security requirements.
- Gather and organize technical information about organizational goals and needs.
- Make recommendations to improve existing security posture.
- Work on phases of information systems auditing.
Requirements
- 3-7 years of experience in OT and IT.
- Experience in OT design, construction, implementation, installation, programming, Factory Acceptance Test (FAT), Site Acceptance Test (SAT), and/or Operations and Maintenance of ICSs.
- Experience in electrical, mechanical, security, and fire alarm systems.
- Cybersecurity defense experience in IT and OT systems.
- Knowledge of IT and OT protocols.
- Experience in IT design, construction, implementation, installation, programming, FAT, SAT, and/or Operations and Maintenance of IT systems.
- Knowledge in IT and OT configuration management, system management, endpoint defense, log management, updates and patching, encryption techniques and procedures, SOPs, security policies, password management, contingency and continuity planning policies, risk assessment, auditing, incident response, and mitigation techniques.
- Cyber analysis experience of IT and OT systems.
- Knowledge of NIST SP 800-53, Revision 4 and NIST SP 800-82, Revision 2.
Nice-to-haves
- Hands-on experience programming ICS vendor Human Machine Interface (HMI) equipment and/or Programmable Logic Controllers (PLCs) and/or Remote Terminal Units (RTUs).
- Knowledge in OT and IT system interaction.
- Hands-on experience loading Windows and Linux/Unix OS, installation of software and hardware on these systems, configuration and maintenance of hardware, software, network systems, and databases.
Benefits
- Training in ICS and SCADA.
- Security and Facilities Operation Center experience.
