We are information security veterans impassioned in the defense of Corporate America. We're trailblazers, breaking new ground with our unique approach focused on Active Adversary Pursuit and tailored cyber operations. root9B's executive team and advisory board members are the leaders in the areas of cyber security, national security, and risk mitigation. Together, this team guides our company with a combination of security expertise, organizational management, and global perspective that is unmatched in the industry. Manned Cyber Security - we know who's in your network.
root9B is an equal opportunities employer and VEVRAA Federal Contractor. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.
An ICS Security Engineer will have proven experience protecting industrial control systems (ICS) in critical infrastructure and key resource sectors such as electric power, oil & gas, water, chemical, and critical manufacturing. The ideal candidate will possess an understanding of ICS fundamentals, including distributed control system (DCS) and supervisory control & data acquisition (SCADA) architecture; understanding of ICS design considerations with emphasis on human safety and the availability/security of operating environment; knowledge of IT and OT security best practices and understanding of the differences; understanding of protocols common in ICS environments; preparation, review, and maintenance of documents, policies, and standards governing the security operations for ICS equipment and networks.
Perform security architecture reviews for root9B clients, including but not limited to:
- The ICS Security Engineer works with control system SMEs and operational staff to design, implement and support the security of ICS networked systems, which requires familiarity with security technologies such as firewall logs, IDS, endpoint security solutions, access control systems, and other related security technologies within ICS environment.
- Incident response and handling in an ICS environment investigating computer and network intrusions; remediation support; performing comprehensive computer surveillance/monitoring, identifying vulnerabilities; developing secure network designs and protection strategies, and audits of information security infrastructure. -Perform holistic security architecture reviews for both traditional IT environments, as well as for Industrial Control Systems (ICS) environments with IT/OT systems.
- Review client system security measures and overall security posture to provide recommendations for implementing enhancements.
- Design, implement and manage innovative solutions for complex security and ICS infrastructure environments
- Review and analyze client policy and procedures, provide verification of standards, and document any discrepancies.
- Assess client security effectiveness and provide recommendations for improvements.
- Develop or tailor risk models unique to R9B clients based on security control standards.
- Act as a liaison between operations and corporate IT security teams
- Write summary reports concluding client engagements and brief clients on your findings, ranging from technical experts to Executives.
- Relay findings in layman terms to enable prioritization of remediation actions, on-boarding new technologies, and informing budgeting cycles.
Job Posted by ApplicantPro
- 2-3 years of applicable experience with ICS security.
- A degree in Information Technology, Computer Science or related field is highly desirable.
- Experience in security of OT to IT and ICS networks.
- Solid understanding of security protocols, cryptography, authentication, and authorization.
- Current knowledge of current IT/OT risks and experience implementing security solutions.
- Have a solid understanding of National Institute of Standards and Technology (NIST) cybersecurity framework, the Information Systems Audit and Control Association (ISACA) framework, and the Center for Internet Security (CIS) Critical Security Controls.
- Experience with cloud-based (AWS) security architecture.
- Ability to interact with a broad cross-section of personnel to explain and enforce security measures.
- Excellent written and verbal communication skills as well as business acumen and a commercial outlook.
- Security Qualifications/Certificates:
- GICSP, GRID, GCIH, or other industry relevant certifications Other
- Desirable Certifications:
- Other desirable qualifications
- Experience in a professional services organization handling and interacting with clients.
- Experience presenting findings and recommendations to C-level executives.
- Strong leadership skills, including experience managing a team or individuals.
- Experience with leading complicated engagements including scoping, interfacing with the client, and have executed in a technical capacity.
Posting ID: 563435640Posted: 2021-01-22