Cybersecurity Principal Consultant - 1898 & Co. (North Carolina) presso Burns & McDonnell

1898 & Co. is a business, technology, and security solutions consultancy where experience and foresight come together to unlock lasting advancements. We innovate today to fuel our clients’ future growth, catalyzing insights that drive smarter decisions, improve performance, and maximize value. As part of Burns & McDonnell, we draw on more than 120 years of deep and broad experience in complex industries as we envision and enable the future for our clients.

This Principal Consultant will be a treasured member of the 1898 & Co. Security & Risk Consulting practice.  The 1898 & Co. Security & Risk Consulting practice is a premier OT/ICS/SCADA cybersecurity consulting practice whose mission is to serve humanity by improving the safety, security, and reliability of the world’s critical infrastructure – improving risk management through resiliency, situational awareness, and preparedness.  The Industrial Cybersecurity Consultant will be committed to will independently execute significant portions of projects addressing the security of Operational Technology (OT) systems consisting of Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA), Programmable Logic Controllers (PLC), Discrete Process Control (DPC) systems, etc. 

Industrial Cybersecurity Consultant supports the execution of projects consisting of a variety of assessments (e.g., GAP/Maturity, Vulnerability, Risk, Threat, Firewall, etc.); secure architecture, design, and implementation of OT networks, solution implementation, and operations, respond and recover related services (incident response planning, disaster recovery planning, business continuity planning).   The Industrial Cybersecurity Consultant will support cybersecurity programs at client sites across North America utilizing ISA/IEC 62443, the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), and other key industry best practices and standards. 

Job Duties:

• Execute the planning, design, development, and implementation of technical controls, procedures, and policies associated with cybersecurity compliance and/or regulatory standards.
• Maintain the highest level of integrity, protecting the confidentiality and security of all clients and project information.
• Identify and diagnose operational issues and implement design alterations to address these issues.
• Conduct vulnerability assessments of OT networks for cybersecurity, risk management, and/or compliance purposes.
• Perform detailed, post-event analysis of unusual events, and direct needed procedure or process changes in response.
• Pursue, obtain, and maintain industry-recognized certifications related to cybersecurity such as ethical hacking, penetration testing, network engineering, Industrial Control System (ICS), Supervisory Control and Data Acquisition (SCADA), risk management, and others, as necessary.
• Resolve technical issues, analyze implications to the client’s business, and be able to communicate them with applicable stakeholders within the business.
• Develop policies & procedures for secure process control network design, technical and design recommendations for implementing firewalls, unidirectional gateways, zero trust design, and other network security controls.
• Compiles technical documentation of network traffic as well as firewalls services/solutions, including explanations and diagrams.  
• Work collaboratively with other groups and divisions inside of 1898 & Co. and Burns & McDonnell.
• All other duties as assigned.

%3Cul style=%22-webkit-text-stroke-width:0px;background-color:rgb(255, 255, 255);color:rgb(0, 0, 0);font-family:%26quot;Open Sans%26quot;, %26quot;Segoe UI%26quot;, Frutiger, %26quot;Frutiger Linotype%26quot;, %26quot;Dejavu Sans%26quot;, %26quot;Helvetica Neue%26quot;, Arial, sans-serif;font-size:13.02px;font-style:normal;font-variant-caps:normal;font-variant-ligatures:normal;font-weight:400;letter-spacing:normal;margin:12px 0px;orphans:2;padding:0px 0px 0px 20px;text-align:start;text-decoration-color:initial;text-decoration-style:initial;text-decoration-thickness:initial;text-indent:0px;text-transform:none;white-space:normal;widows:2;word-spacing:0px;%22%3E%3Cli style=%22line-height:1.25;%22%3EBachelor%27s degree in a technical field, e.g., (Cybersecurity, Industrial Cybersecurity, Industrial Cyber Engineering, Cyber-Physical System Security, Computer Science or Information Systems, Computer Engineering, Electrical Engineering, or another related technical field with appropriate experience.%26nbsp;%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EMinimum 8 years of industrial cybersecurity experience.%26nbsp;%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EAdditional applicable years of experience may be considered in place of degree requirements.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EAdvanced knowledge of security principles and firm knowledge of cybersecurity technologies, as well as industry-recognized certifications.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EKnowledge and experience with ISA/IEC 62443, NIST Cybersecurity Framework (NIST CSF), and ideally NIST SP800-82 required.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EExperience with security engineering principles, various cybersecurity assessment methodologies, security control implementation, and validation, and system life-cycle practices.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EExperience in the capabilities and/or configuration of cybersecurity controls, specifically those relating to firewalls, identity, and access control, zero-trust security, authentication and authorization, anti-virus/anti-malware, patch management, network, and system hardening, SIEM implementation, and/or tuning, and logging.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EExperience working with development teams to determine application requirements.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EAdvanced knowledge of control systems utilized by Oil, Gas, and Chemicals; Manufacturing; Utilities (Power and/or Water); Energy; Transportation; etc., is preferred.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EStrong written and oral communication skills.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EStrong analytical and critical thinking skills.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EAbility to operate under pressure and under tight deadlines, to operate onsite within industrial, corporate, and government work settings.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EDemonstrate an understanding of business principles and operational security practices specific to engineering and/or security consulting.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EKnowledge and/or experience with legacy and modern computer networking and telecommunications.%26nbsp;%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EExperience with physical cabling for network communications and control system input/output.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EStrong technical writing skills%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EAbility to develop and maintain strong relationships with clients.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EAbility to present complex technical issues and their impact in an easy-to-understand manner.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EKnowledge and experience with corporate policies and procedures%3C/li%3E%3Cli style=%22line-height:1.25;%22%3ETravel for site work is estimated to average 25-50% annually.%3C/li%3E%3Cli%3E%3Cp style=%22-webkit-text-stroke-width:0px;background-color:rgb(255, 255, 255);color:rgb(0, 0, 0);font-family:Arial;font-size:13.02px;font-style:normal;font-variant-caps:normal;font-variant-ligatures:normal;font-weight:400;letter-spacing:normal;margin-bottom:12px;margin-right:0px;margin-top:0px;orphans:2;text-align:start;text-decoration-color:initial;text-decoration-style:initial;text-decoration-thickness:initial;text-indent:0px;text-transform:none;white-space:normal;widows:2;word-spacing:0px;%22%3EThe Ideal Candidate will also have the following preferred skills:%3C/p%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3ESoft skills –%3Cul style=%22list-style-type:circle;margin:0px;padding:0px 0px 0px 20px;%22%3E%3Cli style=%22line-height:1.25;%22%3ETenacious Problem solving%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EUnselfish collaborator%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EIntellectual curiosity%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EDedicated to continuous improvement.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EGrit%3C/li%3E%3C/ul%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EConsulting background%3C/li%3E%3Cli style=%22line-height:1.25;%22%3ERelevant industry certifications such as –%3Cul style=%22list-style-type:circle;margin:0px;padding:0px 0px 0px 20px;%22%3E%3Cli style=%22line-height:1.25;%22%3ECISSP, CISM, CISA, CEH, GICSP, etc.%3C/li%3E%3C/ul%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EBonus points for - ITIL certification, Prosci, or similar people change management certification.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EKnowledge or experience with –%3Cul style=%22list-style-type:circle;margin:0px;padding:0px 0px 0px 20px;%22%3E%3Cli style=%22line-height:1.25;%22%3EOT asset inventory w/ change detection solutions%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EVulnerability Management solutions%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EIdentity and Access Control solutions%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EZero Trust Security solutions%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EOT network %26amp; communications monitoring solutions%3C/li%3E%3Cli style=%22line-height:1.25;%22%3ESecurity, Orchestration, Automation %26amp; Response (SOAR) solutions%3C/li%3E%3C/ul%3E%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EKnowledge of the Purdue model for zones/segmentation%3C/li%3E%3Cli style=%22line-height:1.25;%22%3ETWIC, HUET, and/or BOSIET certifications%3C/li%3E%3Cli style=%22line-height:1.25;%22%3ECertified Ethical Hacker (CET) certification with previous experience performing OT-relevant Pen Testing, Threat Hunting, or similar activities.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EAbility to integrate multiple data sources into a single system.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EFamiliarity with code testing frameworks.%3C/li%3E%3Cli style=%22line-height:1.25;%22%3EDemonstratable name recognition in the OT / ICS / SCADA cybersecurity industry%3C/li%3E%3C/ul%3E%3Cp%3EEEO/Disabled/Veterans%26nbsp;%3C/p%3E
*! Candidarsi ora