Control Systems Security Specialist
Freedom
contract
Posted on:
Location Type: Remote
Location: United States
Visit company websiteExplore more
Tech Stack
About the role
- Complete a practitioner-level skills assessment used for validation and standard-setting purposes.
- Complete a short post-assessment survey providing feedback on the assessment experience.
Requirements
- The SME should be a current practitioner with applied, real-world experience related to the following knowledge areas and skills:
- Apply security policies to meet security objectives of control systems
- Apply updates, patches, and security technical implementation while maintaining control system performance and availability
- Establish and maintain security configuration baselines for control systems, including field devices, IT components, interconnections, and interfaces
- Implement Risk Management Framework (RMF) assessment requirements for control systems and document/maintain records
- Maintain knowledge of the function and security of control system and IT technologies
- Maintain network segmentation to isolate control systems from business networks and external connections
- Perform asset management and maintain inventory of control system devices and components
- Support risk assessments by reviewing and documenting security requirements implementation status
- Mitigate/correct security deficiencies identified during security/certification testing
- Act as a liaison between facility operations/engineer teams and IT/network security teams
- Consult on control system security matters (e.g., risk assessment, configuration management)
- Ensure configuration and collection of control system audit logs for monitoring and forensic analysis
- Knowledge of computer networking concepts, protocols, and network security methodologies
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
- Knowledge of cybersecurity principles, cyber threats, and vulnerabilities
- Knowledge of national and international laws, regulations, policies, and ethics related to cybersecurity
- Knowledge of cloud computing service models (SaaS, IaaS, PaaS) and deployment models
- Knowledge of network access, identity, and access management (e.g., PKI)
- Knowledge of remote access technology concepts
- Knowledge of general SCADA system components
- Knowledge of control system technologies (PLCs, SCADA, DCS, OT)
- Knowledge of control system environment risks, threats, and vulnerabilities
- Knowledge of risk management processes specific to control systems
- Skill in applying security and managing risk in resource-constrained systems and networks
- Skill in architecting compensating security controls for control systems without adequate security capabilities
- Skill in securing control system communication protocols (e.g., IP/TCP, SSL/TLS, MODBUS/DNP3/PROFINET SCADA, GOOSE)
- Skill in determining installed patches on various operating systems and identifying patch signatures
- Knowledge of the Risk Management Framework Assessment Methodology
- Knowledge of embedded systems and operating system command line/prompt
- Skill in recognizing vulnerabilities in security systems
Benefits
- This is a flat-fee engagement, paid upon successful completion of the assessment and survey.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
security policiesrisk management framework (RMF)network segmentationasset managementcontrol system audit logsnetwork security methodologiescybersecurity principlescloud computing service modelscontrol system technologies (PLCs, SCADA, DCS, OT)security communication protocols (IP/TCP, SSL/TLS, MODBUS/DNP3/PROFINET SCADA)
Soft Skills
liaisonconsultationdocumentationfeedback provision