Fortress Information Security

Cybersecurity Specialist - Operational Technology (OT)

US-FL-Orlando
2 months ago(10/12/2017 3:21 PM)
Job ID
2017-1320
# of Openings
6
Category
Cyber Security
Type
Contract

Overview

Fortress Information Security, LLC is a cybersecurity and risk management company providing various products and services across several of the US declared 16 critical infrastructure sectors and their subsectors such as finance, health, electric, oil, gas, maritime, dams, water, wastewater, rail, aviation, automotive, chemical, nuclear, facilities/buildings (e.g. HVAC, Fire, CCTV etc) and others. Fortress provides third party risk monitoring and reporting services, Information Technology (IT) and Operational Technology (OT) cybersecurity monitoring, analysis, reporting, security engineering, security assessment, and other managed cybersecurity products and services. OT is also known as Industrial Control Systems (ICS), Industrial Internet of Things (IIoT), Internet of Things (IoT), Cyber-Physical Systems (CPS) and Industrial Automation and Control systems (IACS).

Responsibilities

The OT Cybersecurity Specialist will be responsible for collecting, compiling, and analyzing Cybersecurity data and writing reports regarding existing and potential cybersecurity vulnerabilities and possible impact to critical infrastructure sector customers globally. The OT Cybersecurity Specialist will also engage in onsite OT Engineering Assessments as well as support or engage in penetration testing operations focused on OT assets. The cybersecurity specialist will be expected to collaborate with various stakeholders on behalf of customers and Fortress to enable and lead customers in implementing recommended mitigations and cybersecurity controls. This work may include helping customers integrate Fortress products, with their existing products from other vendors and helping customers evolve their current IT and OT environments into more defensible postures.

  • Ability to conduct and tailor active and passive vulnerability scans for OT assets as well as capture and review OT protocol data flows for Cyber issues is necessary.
  • Ability to review, assess, improve and communicate the Cybersecurity posture of OT field devices, systems and control system networks including an understanding of serial networks, their operation, and possible Cybersecurity issues will be required.
  • Ability to combine IT and OT security technologies, controls, practices and mitigation recommendations from multiple sources to enable and lead customers in implementing cybersecurity for OT and integrated or connected IT assets. 
  • Developing realistic and actionable mitigation plans to resolve Cybersecurity vulnerabilities that will allow for the safe and efficient operation of the OT and implementation of Fortress products will be a regular duty of the cybersecurity specialist.
  • Familiarity with both IT and OT protocols, systems, terminology and architecture design and vulnerabilities will be expected to be known and continuously learned by the cybersecurity specialist.
  • Familiarity with Federal, State, Local and International Cybersecurity standards, policies, regulations, frameworks and best practices is desired and will become necessary to be truly successful at maintaining the Fortress brand of expert quality and speed we provide to our customers.
  • Familiarity, experience, desire and or ability to learn SCADA, DCS, PLC, RTU, SIS, IED, and other OT technologies is necessary

Qualifications

REQUIRED SKILLS /​QUALIFICATIONS

  • Desired degrees (minimum associates degree or equivalent cybersecurity or ICS/OT work experiences)
  • Desired certifications (minimum Security+ and or GICSP or ability to obtain within first 6 months on the job)
  • Cybersecurity related experiences, education and or certifications
  • Automation and Control Systems related experiences, education and or certifications/licenses
  • Ability to conduct and review vulnerability alerts and other data produced by various tools
  • Ability to capture and review network data flows and create network diagrams (especially important to have the ability to learn the function code, master-slave, publish-subscribe, polling and other unique behaviors, rules and traits of OT protocols)
  • Ability to implement Cybersecurity controls for ICS to include both technical (security configuration and testing) and non-technical (documentation writing) duties
  • Ability to assess, document and communicate Cybersecurity posture of ICS
  • Ability to work with geographically dispersed teams
  • Excellent command of English written and spoken language (additional language abilities welcomed and encouraged for international customer support onsite and remotely)
  • Knowledge of standard observation, measuring, and analysis techniques, and the ability to consolidate the findings of others, evaluate recommendations and facts
  • Knowledge of Cybersecurity and ICS standards, policies, regulations, frameworks, best practices, tools, issues, threats, vulnerabilities, risks, sectors and technologies

DESIRED SKILLS /​QUALIFICATIONS

  • Familiarity with industry standards, related regulations and policies
  • Experiences with various ICS vendors
  • Experience working with automation and control systems across the 16 critical infrastructure sectors
  • CISSP and or Security+
  • GICSP and or ISA/IEC 62443 Cybersecurity certificates
  • Desired degree (Bachelors or Masters degree)
  • Membership in or familiarity with ICS JWG, InfraGard, ISA, various sector ISACs
  • Ability and desire to grow, travel and work in a fast-paced tech startup.
  • Ability to lead future teams as Fortress continues to grow
  • Passionate family and team player serious about making a difference to improve public safety and security through important work to help critical infrastructure sector and subsector owners and operators improve and maintain the cybersecurity of their OT assets.
  • Requires knowledge of Cybersecurity practices and ability to tailor application to automation and control systems assets, buildings, software, hardware, systems, networks and organizational cultures.
  • Knowledge of Cybersecurity issues, threats, vulnerabilities and risks to the 16 US Critical Infrastructure Sectors and the major ICS/OT vendor products used.
  • Familiarity with Cybersecurity for water, wastewater, oil, gas, LNG, electric (including solar PV, hydropower etc), fuels, buildings, transportation (maritime, rail, aviation, auto), dams, chemical, nuclear, health and other sectors using embedded devices, automation and control systems.

Knowledge of at least one of the following:

  • NERC CIP and FERC regulations
  • ISA/IEC 62443 family
  • ISA 84S/IEC 61508
  • ISO/IEC 2700 family
  • NIST Risk Management Framework (RMF), FIPS 140-2, NIST SP 800-53 rev4 and NIST SP 800-82 rev2
  • UL CAP
  • DOE Cybersecurity Guidelines,
  • DHS ICS-CERT Cybersecurity recommendations and best practices
  • PCI DSS 3.x
  • FDA medical device cybersecurity guidelines
  • HIPAA and HITECH
  • CFATS
  • NRC Cybersecurity regulations
  • AGA 12
  • SANS ICS Cybersecurity best practices
  • CIS Critical Security Controls (formerly SANS top 20)
  • OWASP top 10
  • other cybersecurity and or ICS/OT standards, regulations, guidelines and best practices

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed