Industrial Cybersecurity Specialist

at Black & Veatch in Wilmington, Delaware, United States

Industrial Cybersecurity Specialist

Date: Apr 15, 2024

Location:

US

Company: Black & Veatch Family of Companies

Together, we own our company, our future, and our shared success.

As an employee-owned company, our people are Black & Veatch. We put them at the center of everything we do and empower them to grow, explore new possibilities and use their diverse talents and perspectives to solve humanity’s biggest challenges in an ever-evolving world. With over 100 years of innovation in sustainable infrastructure and our expertise in engineering, procurement, consulting and construction, together we are building a world of difference.

Company : Black & Veatch Corporation

Req Id : 103219

Opportunity Type : Staff

Relocation eligible : No

Full time/Part time : Full-Time

Project Only Hire : No

Visa Sponsorship Available: Yes

Why Black and Veatch

Recognized by Glassdoor as a 2023 Top 100 place to work and winner of the Newsweek’s 2023 America’s Greatest Workplaces for Diversity, Black & Veatch allows you to lend your talent and perspective to humanity’s biggest challenges in a flexible environment where you are empowered to grow and explore new possibilities. We offer competitive compensation; 401K match and benefits that start day 1. Our hybrid environment allows you to balance your work and personal life.

At Black & Veatch, you own your career with purpose and meaning. You are empowered to grow and explore new possibilities at every step of your career journey. Bring your big ideas knowing you are safe to be who you are and speak up with concerns or questions and put your diverse talents and perspectives to use.

The Opportunity

The Industrial Cybersecurity Specialist provides both technical consulting and implementation services for critical infrastructure clients. The Industrial Cybersecurity Specialist leverages their technical and industry knowledge of OT networks and industrial cybersecurity to contribute to the completion of multiple engagement phases. In this role, you will assess clients’ security posture, develop recommendations to enhance their programs and technologies, and implement recommendations outlined in master plans. This is a hands-on role, blending technical capabilities with analysis and customer guidance.

The role requires a wide range of duties, including onsite assessments, customer relationship management, compliance and standards reviews, security architecture analyses, plan development, and technology implementation and integration. The role also involves running effective customer meetings and risk management workshops, as well as the ability to write a customer maturity analysis.

You will need to demonstrate capabilities with a moderate level of oversight and collaboration with more senior level professionals. The ICS might lead a small to medium size effort or project team and you will manage projects from prospect to client deliverable.

Key Responsibilities

+ Technical Consulting and Implementation Capabilities:

+ Assesses people, process, and technical dimensions of client cybersecurity posture

+ Develops and writes master plans that combine analyses, reviews, and recommendations of client industrial cyber programs, technologies, and networks

+ Leads workshops, data collection, tabletop exercises and client interviews

+ Conducts asset and vulnerability scanning of customer networks, including the installation of scanning and monitoring technologies

+ Performs walk-downs of client sites to assess cyber and physical security postures

+ Applies industrial cybersecurity standards and regulatory requirements (e.g., NERC CIP , NIST , IE62443) to customer programs

+ Performs technical (e.g., segmentation, hardening, technology integration) and programmatic (e.g., policies, response plans) implementation of master plans and recommendations

+ Contributes to quality review on own engagements

+ Develops applicable knowledge bases by using best practices to redefine tools and techniques. Outlines specific performance measures, targets, and goals to articulate the business case for realized efficiencies or added value

+ Challenges client’s current strategy and direction through persuasive argument. Defines competitive advantage and achievable value to the client through use of the strategic change components and metrics. Formulates issue-based hypotheses and develops analytical plan for testing. Contributes to analysis of impact of strategic changes by defining linkages and interdependencies.

+ Develops, presents, and defends conclusions, recommendations, and implementation plans

+ Identifies technical issues impacting an engagement and proposes solutions

+ Analyzes and applies best practices knowledge of the industry

+ Project Management Capability (where applicable):

+ Manages client expectations within defined scope of engagement

+ Recommends appropriate resources based on the phases of an assignment

+ Delegates work to assigned team members

+ Uses defined processes and practices in assessing engagement risks

+ Manages engagement issues in less complex projects or escalates issues in more complex projects

Management Responsibilities

Individual Contributor

Acts as a project manager. Among responsibilities is management of a project team. The individual comprising this team may vary by project.

Minimum Qualifications

+ Bachelor’s Degree or relevant work experience

+ 7+ years experience in a business/consulting environment

+ All applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations.

Preferred Qualifications

+ Experience applying common OT standards and regulations (e.g., NIST , IE6433, CMMC , NERC CIP )

+ Experience at customer sites

+ Proven experience with OT penetration testing and/or red teaming

+ Experience with OT Security-by-design and/or new OT in construction

+ Proven ability to install monitoring technologies (e.g., Nozomi, Dragos, Tenable, Claroty)

+ Experience scoping technical projects

+ Proven ability to assess security architectures of OT networks

+ Direct experience in planning and facilitating risk workshops, table-top exercises, and other client-facing work sessions

+ Experience conducting maturity and technical assessments

+ Strong written and verbal skills

Certifications

Other relevant cybersecurity certifications preferred (e.g., Nozomi, Fortinet, Dragos, Tenable) – preferred

Work Environment/Physical Demands

B&V Office Environment and Client Site

Competencies

Action oriented

Customer focus

Business insight

Interpersonal savvy

Salary Plan

CST : Consulting

Job Grade

004

Black & Veatch endeavors to makeaccessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process because of a disability, please contact the Employee Relations Department at or via our. This contact information is for disability accommodation requests only; you may not use this contact information to inquire about the status of applications. General inquiries about the status of applications will not be returned.

Black & Veatch is committed to being an employer of choice by creating a valuable work experience that keeps our people engaged, productive, safe and healthy.

Our comprehensive benefits portfolio is a key component of this commitment and offers an array of health care benefits including but not limited to medical, dental and vision insurances along with disability and a robust wellness program.

To support a heal