Industrial Automation and Control System Cybersecurity Engineer

About the Job:
We are seeking a highly skilled IACS/OT Cybersecurity Consultant to join our growing team. This candidate will play a crucial role in our mission by providing expert advisory and technical support to help clients design, implement, and maintain robust cybersecurity solutions for Industrial Automation and Control Systems (IACS) and Operational Technology (OT) environments. This role is vital, involving conducting risk assessments, designing secure network architectures, and implementing strategies to ensure the security, safety, and operational continuity of critical industrial processes.

What You’ll Do:

• Conduct cybersecurity risk and vulnerability assessments for IACS/OT environments, including SCADA, DCS, and IIoT systems, ensuring compliance with industry standards (e.g., IEC 62443, NIST SP 800-82).
• Design, implement, and maintain cybersecurity controls and solutions (e.g., firewalls, network segmentation, anti-virus, and application whitelisting) tailored to industrial control systems.
• Develop and execute incident response plans, disaster recovery strategies, and post-event analysis to ensure quick and efficient recovery from cybersecurity breaches.
• Recommend and implement secure OT network designs and protocols, such as zones and conduits, for optimal data transfer, security, and operational efficiency.
• Provide consulting services to clients, enhancing cybersecurity maturity, developing cybersecurity frameworks, and ensuring the secure deployment of IACS/OT systems.
• Ensure all cybersecurity measures meet industry regulations, including NIST, IEC 62443, NERC CIP, and other relevant standards.
• Develop and deliver cybersecurity awareness and training programs tailored to IACS/OT environments, ensuring clients’ personnel understand best practices and risk mitigation strategies.
• Prepare technical and non-technical documentation, including risk assessments, mitigation plans, and cybersecurity policy recommendations for various stakeholders.
• Lead and collaborate with cross-functional teams, helping clients implement cybersecurity best practices while driving team efforts toward project success.

Job Requirements:

• Bachelor's or Master's degree in Automation, Electronics, Computer Science (IT), or related fields, or equivalent experience in IT/OT cybersecurity.
• 5+ years in IACS/OT cybersecurity, IT/OT cybersecurity, preferably in the chemical/process industry or consulting.
• Demonstrated success within a cybersecurity consultancy context, with proven ability to attract, acquire, and develop client relationships.
• Proficient in designing, commissioning, and maintaining IACS systems such as SCADA, EMS, DCS, RTU, BPCS, and PLCs, and in troubleshooting industrial protocols like OPC, Modbus TCP, and HART.
• In-depth knowledge of cybersecurity standards such as IEC 62443/ISA 99, NIST SP 800-82, and NERC CIP.
• Familiar with sensor technologies and characteristics, Safety Instrumented System (SIS) model validation calculations, including SIL, reliability, and availability assessments.
• Experience in the conceptual and detailed design of control and information systems, including developing Cybersecurity Requirements Specifications (CRS) and client work packages.
• Knowledgeable in defining system architecture layouts, zones, conduits, flow models, and vulnerability analysis to reduce cybersecurity risks in IACS environments.
• Capable of recommending communication media, network architecture, protocols, and designing efficient data transfer methodologies to ensure IACS reliability and security.
• Able to provide IACS/OT security consulting services and implement security strategies to mitigate cybersecurity risks and optimize system performance.
• Experienced in IACS/OT cyber-incident response planning, countermeasures, post-event recovery, and CRS documentation.
• Strong written and verbal communication skills, able to produce technical and non-technical documents for diverse audiences. Holding cybersecurity certifications (e.g., CSSA, CACE, CISSP) is an asset.
• Ability/willingness for travel (on average 25-50%) within the US, with occasional international travel for client work and conferences. Valid driver's license required.

Preferred Qualifications:

• Experience in OT/ICS cybersecurity within manufacturing, oil and gas, utilities, hydrogen production, or transportation industries.
• Hands-on experience with incident response and cybersecurity audits in industrial environments.
• Understanding the unique requirements and constraints of IACS/OT environments compared to traditional IT systems.