Performs security assessments, NERC-CIP assessments, the development of security policies and practices, and other customer specific security tasks for Operators of critical infrastructure automation systems.
Developing conceptual knowledge of professional discipline. May include support roles with specialized expertise or technical knowledge in broad area.
Applies general knowledge of business developed through education or past experience. Understands how work of own team contributes to the area.
Resolves issues using established procedures. Consults supervisor or more senior team members for issues outside of defined instructions / parameters.
Collaborates with others to solve issues. For customer facing roles, develops strong customer relationships and serves as the interface between customer and company.
Exchanges technical information, asks questions and checks for understanding.
Education Qualifications, Accreditation, Training :
Bachelor's degree in Information Technology or related field
Minimum 5-10 years of experience in the Cyber security field
Cybersecurity certification (e.g., CEH, CISA, CISM, CCSP, etc.)
Required Skillsets
Recent experience in a cyber-security client-facing position (Consulting, Integration, Solution Management, Security Architect) would be a plus
Reviewing security policies, plans, and procedures; assessing network monitoring capabilities; analyzing system logs, security events, and packet captures to identify security threats;
and providing recommendations to comply with an applicable cybersecurity framework
Extensive experience in cybersecurity-related activities and controls
A broad range of experience in cyber security technology and vendors
Understanding of general cybersecurity frameworks (ISO IEC 27001 / 27002, ISO 15408, NIST Cybersecurity Framework (CSF), NIST SP800-53)
Thorough understanding of OWASP TOP 10 vulnerabilities and their mitigations
Knowledge of Open-Source Security Testing Methodology Manual (OSSTMM)
Working knowledge of industrial control systems (e.g., DCS, PLCs, SCADA, etc.)
Ability to perform vulnerability / penetration testing in IT / ICS / OT environment and threat hunting
Experience in Vulnerability Assessment and Penetration Testing Researchers to do VAPT on ICS systems and development of proof of concepts for submission to National Vulnerability Databases
Conduct Vulnerability Assessments of Network and Security Devices using various open source and commercial tools
Map out a network, discover ports and services running on the different exposed network and security devices
Conduct penetration test and launch exploits using Nessus, Metasploit, Backtrack penetration testing distribution tools sets
Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption.
Analyze scan reports and suggest remediation / mitigation plan
Review software posture and work with operations to plan code version upgrade requirements of supported security and network devices
Advanced technical analysis on intrusions
Audit configuration of Network and Security devices
Good knowledge of Secure SDLC standards
Good knowledge of encryption technologies & MiTM attacks
Good understanding of the MITRE ATT&CK framework and how to leverage it.
Excellent spoken and written communication to explain your methods to a technical and non-technical audience
Attention to detail, to be able to plan and execute tests while considering client requirements
Teamwork skills, to support colleagues and share techniques
Exceptional analytical and problem-solving skills and the persistence to apply different techniques to get the job done
Business skills to understand the implications of any weaknesses you find
Commitment to continuously update your technical knowledge base
Vertical : Technology
Technology
