28267 – ICS Security Engineer-Houston, TX
Job Type: Direct Hire
Status: Fulltime
Start Date: 08/21/2023
Hours: Day Job
Salary: 95000.00 USD – 130000.00 USD
***EDUCATION REQUIRED – BACHELOR'S DEGREE***
SCHEDULE: MONDAY-FRIDAY, 8:00AM TO 5:00PM – HYBRID SCHEDULE IS AVAILABLE – WORKING 3 DAYS IN OFFICE & 2 DAYS REMOTE
TRAVEL: UP TO 5% WITH MAYBE 1 INTERNATIONAL TRIP
NO RELOCATION OFFERED.
TOP SKILLS REQUIRED:
– INDUSTRIAL CONTROL SYSTEM KNOWLEDGE
– OT CYBERSECRUITY KNOWLEDGE
– PROFICIENT UNDERSTANDING OF NETWORKING DESIGN AND CONFIGURATIONS
– CYBERSECURITY STANDARDS KNOWLEDGE (IEC 62443, NIST FRAMEWORK)
– GOOD ANALYSIS SKILLS
HIRING PROCESS WILL INCLUDE 3 ROUNDS OF INTERVIEWS BEFORE AN OFFER IS EXTENDED:
– 1ST ROUND WILL BE A PHONE SCREEN
– 2ND WILL BE VIRTUAL PANEL INTERVIEW WITH TECHNICAL TEST
– 3RD WILL BE IN-PERSON
JOB SUMMARY: We are currently seeking a self-motivated ICS Security Engineer to join our team. The successful candidate will work directly with technical leaders across the digital products group in the selection, deployment, and validation of cybersecurity controls to reduce exposure and ensure security and compliance requirements are maintained. The position also entails analyzing our product groups' network designs and software implementations as specified for our customers’ requirements. This position will ensure that controls are relevant, properly documented, and maintained for associated products and services.
JOB RESPONSIBILITIES:
– Collaborate internally and externally with business organizations to create solutions meeting our customer needs while minimizing Cyber security risks.
– Guide technical leaders and business functions on OT network architecture, Compliance, and security-related matters.
– Develop, document, and execute cybersecurity execution plans and schedules.
– Triage and address security alerts reported by OT security systems
– Continually develop OT vulnerability and remediation capability to drive faster patching and mitigation cycles
– Evaluate and make recommendations to continuously improve the cybersecurity posture of digital products.
– Analyze network designs and software implementation
– Proactively identify risks and active threats to the OT systems, and applications
– Perform incident response tasks including evidence preservation, forensics, and malware/exploit analysis
– Participate in developing and implementing new products to ensure the design and functionality required to support security and compliance.
– Develop and maintain cyber security technical documentation and guidelines.
– Conduct OT security workshops and awareness training sessions as required.
– Perform other work-related tasks as assigned.
– Comply with all NOV Company and HSE policies and procedures.
QUALIFICATIONS:
– Bachelor’s degree in Information Security (IS) or Information Assurance (IA) or related field. Master's degree a plus.
– Security or OT-related certifications are strongly desired. CISSP, CISA, CISM, CRISC, and/or other information security-related certifications also a plus.
– 3 years of work experience in information security or compliance frameworks.
– Knowledge of design, deployment, and assessment of DCS/SCADA systems.
– Experience with PLCs (Allen Bradley, Siemens, Wago), Embedded Windows, Embedded Linux, and RTOS control systems.
– Experience with industrial network protocols such as Modbus, PROFINET, OPC, EtherCAT.
– Experience with Windows Servers, Linux/UNIX, enterprise anti-virus, endpoint security, application whitelisting technologies, SIEM, logging configurations, IDS/IPS, authentication methods, TCP/IP, packet capture, and analysis
– Familiar with OT/ICS cybersecurity relevant accreditation such as ISA/IEC 62443, NIST
– Familiar with IT-related ISO/IEC 27000, OWASP top 10, CSA, and DoD Risk Frameworks.
– Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.
– Experience in organizing or leading the security and risk assessment will be preferred
– Demonstrated ability to apply IT-related knowledge and experience in product compliance issues.
– Ability to communicate effectively with various levels of technical expertise or non-expertise (written, verbal, presentation skills).
– Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.