Industrial Automation and Control System Cybersecurity Engineer

About the Job:We are seeking a highly skilled IACS/OT Cybersecurity Consultant to join our growing team. This candidate will play a crucial role in our mission by providing expert advisory and technical support to help clients design, implement, and maintain robust cybersecurity solutions for Industrial Automation and Control Systems (IACS) and Operational Technology (OT) environments. This role is vital, involving conducting risk assessments, designing secure network architectures, and implementing strategies to ensure the security, safety, and operational continuity of critical industrial processes.

What You’ll Do:

• Conduct cybersecurity risk and vulnerability assessments for IACS/OT environments, including SCADA, DCS, and IIoT systems, ensuring compliance with industry standards (e.g., IEC 62443, ISA-TR84.00.09, NIST SP 800-82).
• Design, implement, and maintain cybersecurity controls and solutions (e.g., firewalls, network segmentation, anti-virus, and application whitelisting) tailored to industrial control systems.
• Develop and execute incident response plans, disaster recovery strategies, and post-event analysis to ensure quick and efficient recovery from cybersecurity breaches.
• Recommend and implement secure OT network designs and protocols, such as zones and conduits, for optimal data transfer, security, and operational efficiency.
• Provide consulting services to clients, enhancing cybersecurity maturity, developing cybersecurity frameworks, and ensuring the secure deployment of IACS/OT systems.
• Ensure all cybersecurity measures meet industry regulations, including NIST, IEC 62443, NERC CIP, and other relevant standards.
• Develop and deliver cybersecurity awareness and training programs tailored to IACS/OT environments, ensuring clients’ personnel understand best practices and risk mitigation strategies.
• Prepare technical and non-technical documentation, including risk assessments, mitigation plans, and cybersecurity policy recommendations for various stakeholders.
• Lead and collaborate with cross-functional teams, helping clients implement cybersecurity best practices while driving team efforts toward project success.

Business Development and Marketing Support:

• Collaborate with the business development team to identify and pursue new ICS/OT cybersecurity opportunities.
• Assist in preparing and delivering client proposals, presentations, and marketing materials that align with our service offerings and industry trends.
• Participate in industry events, conferences, and webinars to promote the company’s expertise and expand its professional network.
• Contribute to developing case studies, white papers, and thought leadership content on ICS/OT cybersecurity topics.
• Support sales efforts by providing technical expertise and assisting with client scoping meetings and discussions.
• Develop and maintain strong client relationships to ensure repeat business and referral opportunities.

Job Requirements:

• Bachelor's or Master's degree in Automation, Electronics, Computer Science (IT), or related fields, or equivalent experience in IT/OT cybersecurity.
• 5+ years in IACS/OT cybersecurity, IT/OT cybersecurity, preferably in the chemical/process industry or consulting.
• Demonstrated success within a cybersecurity consultancy context, with proven ability to attract, acquire, and develop client relationships.
• Proficient in designing, commissioning, and maintaining IACS systems such as SCADA, EMS, DCS, RTU, BPCS, and PLCs, and in troubleshooting industrial protocols like OPC, Modbus TCP, and HART and industrial wireless protocols.
• In-depth knowledge of OT and IT cybersecurity standards such as IEC 62443/ISA 99, NIST SP 800-82, NERC CIP, NIST CSF, and the ISO 27000-series.
• Familiarity with sensor technologies and characteristics, Safety Instrumented System (SIS) model validation calculations, including SIL, reliability, and availability assessments.
• Familiarity with Functional Safety principles and standards, including IEC 61511, Safety Requirement Specification (SRS), and Safety Instrumented System (SIS) model validation calculations, including SIL, reliability, and availability assessments.
• Experience in the conceptual and detailed design of control and information systems, including developing Cybersecurity Requirements Specifications (CRS) and client work packages.
• Knowledgeable in defining system architecture layouts, zones, conduits, flow models, and vulnerability analysis to reduce cybersecurity risks in IACS environments.
• Capable of recommending communication media, network architecture, protocols, and designing efficient data transfer methodologies to ensure IACS reliability and security.
• Able to provide IACS/OT security consulting services and implement security strategies to mitigate cybersecurity risks and optimize system performance.
• Experienced in IACS/OT cyber-incident response planning, countermeasures, post-event recovery, and CRS documentation.
• Strong written and verbal communication skills, able to produce technical and non-technical documents for diverse audiences.
• Ability/willingness for travel (on average 25-50%) within the US, with occasional international travel for client work and conferences. Valid driver's license required.

Preferred Qualifications:

• Familiarity with Process Safety Management principles, including risk assessment methodologies such as PHA, HAZOP, and QRA.
• Experience in OT/IACS cybersecurity within manufacturing, oil and gas, utilities, hydrogen production, or transportation industries.
• Hands-on experience with incident response and cybersecurity audits in industrial environments.
• Understanding the unique requirements and constraints of IACS/OT environments compared to traditional IT systems.
• Involvement in technical committees like ISA and groups like InfraGard is desirable.
• Holding cybersecurity certifications (e.g., CSSA, CACE, CISSP) is an asset.