OT Cybersecurity Engineer

OT Cybersecurity Engineer Location Ashburn, VA : À PROPOS DE VANTAGE DATA CENTERS Vantage s'engage à être un lieu de travail d'inclusion, d'équité, de respect et d'acceptation. Nous célébrons la diversité et cherchons intentionnellement des occasions d'apprendre des expériences de chacun. Vantage Data Centers alimente, refroidit, protège et connecte la technologie des plus grands joueurs hyperscale, des fournisseurs de solutions infonuagiques et des grandes entreprises. Présente dans six marchés en Amérique du Nord et six en Europe, Vantage innove dans la conception des centres de données pour offrir des gains spectaculaires en termes de fiabilité, d'efficacité et de durabilité ainsi que des environnements flexibles qui peuvent évoluer aussi vite que le marché l'exige. Vantage connaît une croissance exponentielle grâce à ses installations nouvelles jumelées à ses acquisitions à travers l'Amérique du Nord et l'Europe. Security Department The Vantage Global Security (VGS) Department for Vantage Data Centers is very hands on. In most cases, we specify, purchase, configure and maintain all networking and server hardware. We also work closely with partner Value Added Resellers (VARs) to learn about the latest technological changes so that we can make informed purchase decisions. We are always looking for ways to strike the best balance between technology, performance, and cost. Vantage Security Department also participates in designing each of our new data center building's security infrastructure. If you like getting your hands dirty and helping to design, build and maintain Security infrastructure in a modern data center, then come work at Vantage. We're expanding with many new builds! Position Description The ICS/OT (Industrial Control Systems/Operational Technology) Cybersecurity Analyst will be part of a team responsible for protecting a rapidly expanding global enterprise. The Cybersecurity Analyst will audit the Industrial Control System / Operational Technology (ICS/OT) environment and perform risk/vulnerability assessments leading to the development of an enterprise strategy/design plan. The Cybersecurity Analyst will lead implementation (hands-on configuration) of the enterprise ICS/OT systems Additional responsibilities include research, classification, and root cause analysis of security events that occur within the environment. The ideal candidate will have security industry knowledge that evolves with current and emerging vulnerabilities and threats, as well as an ongoing understanding of key business and technological processes. Essential Job Functions

• Utilize the tools to take inventory of the environment's hardware and software assets and assessing those assets for security vulnerabilities, obsolescence, and other risks.
• Work with the different departments to remediate and validate remediation of the vulnerabilities or identified issues
• Partner with other groups to review network architectures and determine if security best practices are being utilized.
• Work with vendors to ensure detailed diagrams, procedures, and plans are created and maintained for each deployment.
• Maintain and create documentation as needed
• Perform assessments against best practices and industry benchmarks
• Participate in the audit process
• Review enterprise controls to ensure the ICS/OT environment remains compliant and work with the Security team to track/remediate deficiencies.
• Partner with the Global Security Operations Center (GSOC) to ensure OT monitoring is conducted optimally.
• Represent the Cybersecurity team in meetings with the client's vendors and stakeholders.
• Maintain awareness of industry trends, threats, and tools used to support enterprise security.
• Perform other ad hoc duties to support the client's security goals.
Job Requirements
• Ability to come into the office at least once a week.
• Bachelor's degree in Cybersecurity, Computer Science, Engineering, or related focused technical training or 4 additional years of engineering experience that may have been acquired in the military or public sectors.
• 3 years of experience performing security assessments in an OT environment.
• Strong understanding of cybersecurity frameworks for ICS/OT environments
• Good understanding of OT network communication protocols and industrial networking topologies.
• Familiarity with NIST (National Institute of Standards and Technology) Special Publication 800-61 Revision 2, Computer Security Incident Handling Guide.
• Familiarity with NIST (National Institute of Standards and Technology) Special Publication 800-82
• Extensive knowledge of internet protocols, firewalls, proxies, and intrusion detection/prevention systems.
• Familiarity/Knowledge of the Perdue Enterprise Reference Architecture (PERA)
• Certifications for SANS (SysAdmin, Audit, Network and Security) GIAC (Global Information Assurance Certification) Global Industrial Cyber Security Professional (GICSP), GIAC Response and Industrial Defense (GRID), Critical Infrastructure Protection are preferable.
• Certified SCADA Security Architect (CSSA) preferable
• Understanding of MITRE ATT&CKS for ICS or NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Plan) frameworks
• Understanding of general cybersecurity frameworks (ISO IEC 27001/27002, ISO 15408, NIST Cybersecurity Framework (CSF), NIST SP800-53), and Guide to Industrial Control Systems (ICS) Security (NIST SP800-82)
• A solid understanding of industrial control systems (e.g., Distributed Control System (DCS), Programmable Logic Controller (PLCs), Supervisory Control and Data Acquisition (SCADA), etc.)
• Demonstrable understanding of project/program management techniques and methods
• Strong Microsoft Excel skills required
• Excellent written and verbal communication skills with transparent and timely communication
• Expected travel is less than 20% but may be higher during construction projects. May grow and evolve over time
• Provide 24/7 support. Ability to work a non-traditional schedule, including evenings, weekends, and holidays.
• Fluent in English (oral and written)
Preferred Requirements
• Security Certifications such as ISC2 Certified Information Systems Security Professional (CISSP), CompTIA Security+, CompTIA Network + or ISACA Certified Information Security Manager (CISM)
• ISA/IEC 62443 Cybersecurity Certificates preferable
• EC Council Certified Ethical Hacker (CEH), or Formal IT Security/Network Certification such as SANS GIAC Certified Intrusion Analyst (GCIA), SANS GIAC Network Forensic Analyst (GNFA),
• Data Center experience is strongly preferred, but not required
• Experience with one or more of the following:
• Building Management Systems (BMS)
• Mobile
• Architectures including Windows or Linux server software and technologies
• HA and redundancy configurations
• Cloud and virtualization software and services
• Hyper scaling
Vous ne remplissez pas toutes les exigences ? Veuillez tout de même poser votre candidature si vous pensez être la bonne personne pour le poste. Nous sommes toujours prêts à discuter avec des gens qui adhèrent à notre mission et à nos valeurs. Nous travaillons dans un environnement sans orgueil et sans arrogance. Nous mettons tout en œuvre pour nous construire et nous soutenir l'un l'autre, en appréciant les forces de chacun et en respectant les faiblesses d'autrui. Travailler ensemble est un plaisir, et nous cherchons toujours le moyen de rendre le travail encore plus agréable. Notre dur labeur et notre efficacité sont récompensés par une rémunération globale supérieure à ce qu'offre le marché. Nous proposons un régime de soins médicaux et d'assistance, un régime de retraite et des congés payés au-delà des attentes du marché. La sécurité est toujours une priorité. Pendant la COVID, tout le personnel qui le peut, travaille à distance et des mesures appropriées ont été prises pour assurer la sécurité des employés occupant un poste essentiel sur place. Peu importe votre lieu de travail, nous vous fournissons la technologie nécessaire avant ou le jour même de votre entrée en poste. Les avantages qu'il y a à faire partie de l'équipe de Vantage s'expriment clairement tout au long de l'année par l'entremise d'un éventail d'avantages sociaux, de marques de reconnaissance, de formations et de développement, sans oublier que vous saurez combien votre contribution rehausse la valeur de l'entreprise et de notre communauté. Vantage Data Centers does not accept unsolicited resumes from search firm agencies. Fees will not be paid in the event a candidate submitted by a recruiter without an agreement in place is hired; such resumes will be deemed the sole property of Vantage Data Centers.