Industrial CyberSecurity Consultant - 1898 & Co.

Description

1898 & Co. is a business, technology, and security solutions consultancy where experience and foresight come together to unlock lasting advancements. We innovate today to fuel our clients’ future growth, catalyzing insights that drive more intelligent decisions, improve performance, and maximize value. As part of Burns & McDonnell, we draw on more than 120 years of deep and broad experience in complex industries as we envision and enable the future for our clients.

The Industrial Cybersecurity Consultant will be a treasured member of the 1898 & Co. Security & Risk Consulting practice. The 1898 & Co. Security & Risk Consulting practice is a premier OT/ICS/SCADA cybersecurity consulting practice whose mission is to serve humanity by improving the safety, security, and reliability of the world’s critical infrastructure – improving risk management through resiliency, situational awareness, and preparedness. The Industrial Cybersecurity Consultant will be committed to independently execute significant portions of projects addressing the security of Operational Technology (OT) systems consisting of Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA), Programmable Logic Controllers (PLC), Discrete Process Control (DPC) systems, etc. The Industrial Cybersecurity Consultant supports the execution of projects consisting of a variety of assessments (e.g., GAP/Maturity, Vulnerability, Risk, Threat, Firewall, etc.); secure architecture, design, and implementation of OT networks, solution implementation, and operations, respond and recover related services (incident response planning, disaster recovery planning, business continuity planning). The Industrial Cybersecurity Consultant will support cybersecurity programs at client sites across North America utilizing the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), NIST Risk Management Framework (RMF), Unified Facilities Criteria, NIST 800-53, NIST SP800-82, NIST 800-30, DFARS, CMMC, and other key industry best practices and standards.

Job Duties

• Plan and Execute engagements with Federal Clients in support of the Risk Management Framework and obtaining Authority to Operate Facility-Related Control Systems.
• Generate cybersecurity artifacts in support of the ATO process (Control Listings, Dataflow Diagrams, Plans of Action and Milestones)
• Perform hands-on implementation of cybersecurity controls (hardening) of IT and OT systems to include Workstations, Servers and switches and Programmable Logic Controllers (PLCs).
• Proficient in eMASS or other Government databases in support of accreditation packages.
• Conduct vulnerability assessments of OT networks for cybersecurity, risk management, and/or compliance purposes.
• Execute the planning, design, development, and implementation of technical controls, procedures, and policies associated with cybersecurity compliance and/or regulatory standards.
• Maintain the highest level of integrity, protecting the confidentiality and security of all clients and project information.
• Identify and diagnose operational issues and implement design alterations to address these issues.
• Perform detailed, post-event analysis of unusual events, and direct needed procedure or process changes in response.
• Pursue, obtain, and maintain industry-recognized certifications related to cybersecurity such as ethical hacking, penetration testing, network engineering, Industrial Control System (ICS), Supervisory Control and Data Acquisition (SCADA), risk management, and others, as necessary.
• Resolve technical issues, analyze implications to the client’s business, and be able to communicate them with applicable stakeholders within the business.
• Develop policies & procedures for secure process control network design, technical and design recommendations for implementing firewalls, unidirectional gateways, zero trust design, and other network security controls.
• Work collaboratively with other groups and divisions inside of 1898 & Co. and Burns & McDonnell.
• All other duties as assigned.
  
  

Qualifications

• Bachelor's Degree in Cybersecurity, Computer Science, Computer Engineering, Electrical Engineering, or a related technical field and 3 years experience in cybersecurity. Additional applicable years of experience may be considered in lieu of the degree requirement.
• Advanced knowledge of security principles and a firm knowledge of cybersecurity technologies.
• Certified Information Systems Security Professional (CISSP) is preferred.
• Minimum 3 years of experience with NIST RMF activities associated with obtaining an ATO, including artifact generation, eMASS entry, vulnerability assessment and remediation. Preferable to have experience with Army, Navy, and Air Force ATO packages.
• Experience with security engineering principles, various cybersecurity assessment methodologies, security control implementation and validation, and system life-cycle practices.
• Experience with cybersecurity vulnerability assessments, penetration tests, and the tools/techniques involved in both.
• Experience in the capabilities and/or configuration of cybersecurity controls, specifically those relating to firewalls, access control, authentication, anti-virus/anti-malware, patching, and logging.
• Advanced knowledge of networks and control systems utilized by Federal, Military, Defense; etc., is preferred.
• Strong written and oral communication skills.
• Strong analytical and critical thinking skills.
• Ability to operate under pressure and under tight deadlines, to operate in on-site industrial, corporate, and government work.
• Demonstrate capability to make sound decisions based on good security practices and principles.
• Demonstrate an understanding of business principles and operational security practices specific to engineering and/or security consulting.
• Knowledge and/or experience with corporate policies and procedures.
• Strong technical writing skills.
• Knowledge and experience with modern and legacy computer networking and telecommunications.
• Experience with physical cabling for network communications and control system Input/Output.
• Ability to obtain and maintain access to current and future client sites, including obtaining and maintaining applicable U.S. security clearances.
  
  

The Ideal Candidate will also have the following preferred skills:

• Soft skills:
• Tenacious problem solving
• Unselfish collaborator
• Intellectual curiosity
• Dedicated to continuous improvement
• Grit
• Consulting background
• DoD and/or DoE Security clearances
• Relevant industry certifications such as –
• CISSP (Required), CISM, CISA, CEH, GICSP, etc.
• ITIL certification, Prosci, or similar people change management certification.
• Knowledge or experience with:
• RMF process with all branches of DoD
• OT asset inventory w/ change detection solutions
• Vulnerability Management solutions
• Identity and Access Control solutions
• OT network & communications monitoring solutions
• Knowledge of the Purdue model for zones/segmentation
• Demonstratable name recognition in the OT / ICS / SCADA cybersecurity industry
  
  

EE/Minorities/Females/Disabled/Veterans

Job Consulting

Primary Location US-MD-Baltimore

Schedule: Full-time

Travel: Yes, 25 % of the Time

About 1898 & Co. 1898 & Co. is a business, technology and security solutions consultancy where experience and foresight come together to unlock lasting advancements. We innovate today to fuel our clients’ future growth, catalyzing insights that drive smarter decisions, improve performance and maximize value. As part of Burns & McDonnell, we draw on more than 120 years of deep and broad experience in complex industries as we envision and enable the future for our clients.

Req ID: 250827

Job Hire Type Experienced #E98 N/A