Industrial Cybersecurity Analyst - 1898 & Co. (Washington DC)

Description

• Collaborate with other groups and divisions inside Burns & McDonnell to provide cybersecurity services.
• Comply with all policies and standards.
• Assist with technical documentation of network traffic as well as firewall services and solutions, including explanations and diagrams.
• Assist with post-event analysis of unusual events and assist with directing needed changes to procedures or processes in response.
• Maintain the highest level of integrity, protecting the confidentiality and security of client and project information.
• Assist with the planning, design, development, and implementation of technical controls, procedures, and policy associated with adherence to cybersecurity compliance and/or regulatory standards.
• Assist in technical issues, identify implications to the business, and be able to communicate any impacts with other operational departments within the business.
• Assist in hands-on implementation and hardening of OT/IT systems, including servers, workstations, switches, and Programmable Logic Controllers (PLCs).
• Maintain knowledge of the cybersecurity capabilities of operating systems, networking devices, control systems, and vendor offerings.
• Assist with the documentation and development of technical artifacts including control listings, dataflow diagrams, and plans of action and milestones (POA&Ms).
• Assist in penetration testing and vulnerability assessments of IT and Operational Technology (OT) networks for both compliance and security purposes.
• Maintain a working knowledge of applicable cybersecurity standards involving control systems, including those relating to process networks.
• Assist with policies and procedures, secure process control network design, and technical recommendations for implementing firewalls and other network security and compliance controls.
• Assist with operational issues and implement design alterations to address these issues.
• Assist in the support of engagements with federal clients as part of Risk Management Framework (RMF) compliance efforts.
• Assist with the development of cybersecurity strategies and secure system architecture designs within industrial and critical infrastructure environments.
• Pursue, obtain, and maintain industry-recognized IT certifications related to cybersecurity such as ethical hacking, network engineering, Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA), risk management, and others as necessary.
• Attend industry-specific technical conferences.
• Assist with uploading cybersecurity artifacts into government systems (e.g., eMASS) in support of accreditation packages.
• Actively participate in a qualitative and quantitative problem-solving environment.

Requirements

• Demonstrated capability to make sound decisions based on good security practices and principles.
• Applicable years of experience may be considered in lieu of degree requirement required.
• Knowledge of physical cabling for network communications and control system Input/Output.
• Knowledge of modern and legacy computer networking and telecommunications.
• Maintain a basic knowledge of current and emerging state-of-the-art computer and network systems technologies, architectures, and products.
• Basic understanding of cybersecurity principles and general knowledge of cybersecurity technologies, as well as industry-recognized certifications.
• General knowledge of control systems utilized by utilities, manufacturing, oil and gas, transportation, smart buildings, and cities.
• Effective written and oral communication skills.
• Knowledge and experience with NIST Risk Management Framework; NIST 800-53; DFARS; NIST Cybersecurity Framework; NIST SP800-82; CMMC preferred.
• Minimum one year of experience with NIST RMF activities, including artifact generation and vulnerability assessments preferred.
• Minimum of a 3.0 GPA strongly preferred.
• Internship experience preferred.
• General knowledge of cybersecurity vulnerability assessments, penetration tests, and the tools/techniques involved in both.
• Bachelor’s Degree in Cybersecurity, Computer Science, Computer Engineering, Electrical Engineering, or a related technical field required.
• Ability to operate under pressure and under tight deadlines, and to operate in on-site industrial, corporate, and government work environments.
• General knowledge of the capabilities and/or configuration of cybersecurity controls, specifically those relating to firewalls, access control, authentication, anti-virus/anti-malware, patching, and logging.
• Strong analytical and critical thinking skills.
• Ability to develop and maintain strong client relationships and present complex technical issues in a simplified manner preferred.
• Demonstrate an understanding of business principles and operational security practices specific to engineering and/or security consulting.
• Travel for site work may be required; estimated average of 0–10% annually preferred
• Experience with security engineering principles, various assessment methodologies, and system life-cycle practices preferred.
• Candidates must be legally authorized to work permanently (i.e., without time limitations, restrictions, or the need for work sponsorship) in the country where this position is located..
• Ability to obtain and maintain access to current and future client sites, including ability to obtain and maintain applicable U.S. security clearances.

Benefits

Training + Development

Interview process

Visa Sponsorship

Security clearance