Industrial Cybersecurity Analyst - 1898 & Co. (Washington DC) at Burns & McDonnell

The Industrial Cybersecurity Analyst will assist with projects addressing Information Technology (IT) and Industrial Control System security. The 1898 & Co. Security & Risk Consulting practice is a premier OT/ICS/SCADA cybersecurity consulting practice whose mission is to serve humanity by improving the safety, security, and reliability of the world’s critical infrastructure – improving risk management through resiliency, situational awareness, and preparedness. The Industrial Cybersecurity Analyst supports the execution of projects consisting of network penetration testing, web application security testing, cybersecurity vulnerability assessments, secure system design and integration, and/or development of cybersecurity programs at client sites in a wide variety of industries utilizing the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), NIST Risk Management Framework (RMF), and other industry or data-specific compliance frameworks and regulations.

• Assist with the planning, design, development, and implementation of technical controls, procedures, and policy associated with adherence to cybersecurity compliance and/or regulatory standards.
• Maintain the highest level of integrity, protecting the confidentiality and security of client and project information.
• Assist with policies and procedures, secure process control network design, and technical recommendations for implementing firewalls and other network security and compliance controls.
• Assist with the documentation and development of technical artifacts including control listings, dataflow diagrams, and plans of action and milestones (POA&Ms).
• Assist with technical documentation of network traffic as well as firewall services and solutions, including explanations and diagrams.
• Assist in hands-on implementation and hardening of OT/IT systems, including servers, workstations, switches, and Programmable Logic Controllers (PLCs).
• Assist with operational issues and implement design alterations to address these issues.
• Assist in penetration testing and vulnerability assessments of IT and Operational Technology (OT) networks for both compliance and security purposes.
• Assist with post-event analysis of unusual events and assist with directing needed changes to procedures or processes in response.
• Assist in technical issues, identify implications to the business, and be able to communicate any impacts with other operational departments within the business.
• Assist with uploading cybersecurity artifacts into government systems (e.g., eMASS) in support of accreditation packages.
• Assist in the support of engagements with federal clients as part of Risk Management Framework (RMF) compliance efforts.
• Assist with the development of cybersecurity strategies and secure system architecture designs within industrial and critical infrastructure environments.
• Pursue, obtain, and maintain industry-recognized IT certifications related to cybersecurity such as ethical hacking, network engineering, Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA), risk management, and others as necessary.
• Maintain knowledge of the cybersecurity capabilities of operating systems, networking devices, control systems, and vendor offerings.
• Attend industry-specific technical conferences.
• Actively participate in a qualitative and quantitative problem-solving environment.
• Collaborate with other groups and divisions inside Burns & McDonnell to provide cybersecurity services.
• Perform other duties as assigned.
• Comply with all policies and standards.

%3Cul style=%22-webkit-text-stroke-width:0px;background-color:rgb(255, 255, 255);color:rgb(0, 0, 0);font-family:%26quot;Open Sans%26quot;, %26quot;Segoe UI%26quot;, Frutiger, %26quot;Frutiger Linotype%26quot;, %26quot;Dejavu Sans%26quot;, %26quot;Helvetica Neue%26quot;, Arial, sans-serif;font-size:13.02px;font-style:normal;font-variant-caps:normal;font-variant-ligatures:normal;font-weight:400;letter-spacing:normal;margin:12px 0px;orphans:2;padding:0px 0px 0px 20px;text-align:start;text-decoration-color:initial;text-decoration-style:initial;text-decoration-thickness:initial;text-indent:0px;text-transform:none;white-space:normal;widows:2;word-spacing:0px;%22%3E%3Cli style=%22line-height:1.25;%22%3EBachelor’s Degree in Cybersecurity, Computer Science, Computer Engineering, Electrical Engineering, or a related technical field required.%26nbsp;%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EApplicable years of experience may be considered in lieu of degree requirement required.%26nbsp;%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EInternship experience preferred.%26nbsp;%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EBasic understanding of cybersecurity principles and general knowledge of cybersecurity technologies, as well as industry-recognized certifications.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EGeneral knowledge of cybersecurity vulnerability assessments, penetration tests, and the tools/techniques involved in both.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EGeneral knowledge of the capabilities and/or configuration of cybersecurity controls, specifically those relating to firewalls, access control, authentication, anti-virus/anti-malware, patching, and logging.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EMaintain a basic knowledge of current and emerging state-of-the-art computer and network systems technologies, architectures, and products.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EMaintain a working knowledge of applicable cybersecurity standards involving control systems, including those relating to process networks.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EGeneral knowledge of control systems utilized by utilities, manufacturing, oil and gas, transportation, smart buildings, and cities.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EEffective written and oral communication skills.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EStrong analytical and critical thinking skills.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EAbility to operate under pressure and under tight deadlines, and to operate in on-site industrial, corporate, and government work environments.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EDemonstrated capability to make sound decisions based on good security practices and principles.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EDemonstrate an understanding of business principles and operational security practices specific to engineering and/or security consulting.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EKnowledge of modern and legacy computer networking and telecommunications.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EKnowledge of physical cabling for network communications and control system Input/Output.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EAbility to obtain and maintain access to current and future client sites, including ability to obtain and maintain applicable U.S. security clearances.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EMinimum of a 3.0 GPA strongly preferred.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EInvolvement on campus or in the community preferred.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EMinimum one year of experience with NIST RMF activities, including artifact generation and vulnerability assessments preferred.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EExperience with security engineering principles, various assessment methodologies, and system life-cycle practices preferred.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EAbility to develop and maintain strong client relationships and present complex technical issues in a simplified manner preferred.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EKnowledge and experience with NIST Risk Management Framework; NIST 800-53; DFARS; NIST Cybersecurity Framework; NIST SP800-82; CMMC preferred.%3Co:p%3E%3C/o:p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3ETravel for site work may be required; estimated average of 0–10% annually preferred%3C/li%3E%3Cli style=%22line-height:1.25;%22%3ECandidates must be legally authorized to work permanently (i.e., without time limitations, restrictions, or the need for work sponsorship) in the country where this position is located..%3C/li%3E%3C/ul%3E%3Cp%3EEEO/Disabled/Veterans%3C/p%3E
*! Apply Now