Posted on
1. OBJECTIVE
Our client is looking to hire two on-contract Industrial Control System Consultants - Specialist Il working with the Cyber Security Unit.
2. DESCRIPTION OF WORK (SCOPE OF WORK)
The ICS Consultant - Specialist II shall work with the Cyber Security group of the Port Authority's Technology Department (TEC), which is responsible for managing the Cyber Security for the agency. These individuals will provide program leadership and work closely with a variety of stakeholders throughout the Port Authority of NY and NJ to reduce the risk profile of the vast Operational Technology, Industrial Control System (ICS), and SCADA resources found throughout the Authority's operating and information environments.
A. JOB RESPONSIBILITIES:
The successful candidates may work independently as well as with both consultants and Agency staff resources of different Units and Departments throughout the Agency to deliver work products including but not limited to:
• Evaluate Port Authority OT/ICS/SCADA cyber security policies, processes, and technical controls. Apply leading cyber security frameworks in an asset management system program.
• Ensure that business line departments can maximize the functionality of OT/ICSSCADA systems and devices in a wide variety of operating technology environments that include operations, health, safety, and resiliency.
• Discover, manage, monitor, and remediate asset inventory of Port Authority (PA) ICS the OT/ICS/SCADA systems and devices, categories of criticality, system attributes and crucial information for the purpose of applying risk management controls.
• Work with business line units, support vendors, Security Operations Center and PANYNJ IT network staff to conduct a thorough and effective assessments and remediation strategies.
• Assess the robustness of cybersecurity architectures, technologies, and procedures being implemented within organizational facilities, especially oriented toward host-based and network-based environments.
• Plan and execute security assessments, utilizing network monitoring systems to collect network traffic log data and security analytics methodologies to identify potential cyber threats and system gaps.
• Develop detailed risk assessment reports, which explain identified gaps in policies, describe potential business risks, and create prioritized recommendations with estimated costs and effort levels for remediation.
• Develop strategic and tactical objectives to include new ICS product and service offerings, identify additional business line unit needs, and generate program and project management plans.
• Assist with converting standalone ICS systems to interconnected devices where assessments have determined that functionality and security dictate regular and/or remote access.
• Assist with disconnecting ICS systems or devices where assessments have determined that functionality and security dictate isolation from external connections.
• Maintain knowledge of current security areas such as Auditing, Policy, Database Security, Firewall Design and Implementation, Threat Assessments, Risk Analysis, Identity Management, Access Management, and data storage Services.
• Solve complex digital and operational security problems facing Industrial Control Systems (ICS) used throughout the PA business line unit technology environment(s).
• Design comprehensive technical solutions that meet client requirements and implement the appropriate software to mitigate critical security risks (e.g., system and mobile antivirus software, encryption modules, patch management programs, insider threat protection, incident response plans, forensic capabilities, and regulation compliance).
• Securing cross-domain IT/OT communications and pathways by injecting the ICS team in ICS project development processes from planning through engineering, procurement, implementation, operations, and maintenance.
B. MINIMAL EXPERIENCE AND QUALIFICATIONS
Experience
• Minimum of 5 years of hands-on experience as an ICS and SCADA security leader and/or manager across multiple industrial critical infrastructure sectors.
• Minimum of 4 years' experience providing same or similar services to the Port Authority of New York and New Jersey.
• Minimum of S+years' experience with security frameworks such as: IEC 62443, NIST SP 800-82, NIST-CSF, NERC-CIP, NEI 08-09, or other industrial control framework(s).
• Solid understanding of OT/ICS/SCADA infrastructure and industrial network monitoring solutions.
• Experience creating ICS Functional Design Specifications and Detailed Design Specifications.
• Demonstrated Claroty expertise with specific focus on advanced tuning techniques, dashboards, and reporting metrics.
• Technical writing ability to draft security assessment report, concepts of operation, standard operating procedures, standards & guidelines.
HIGHLY DESIRABLE: PORT AUTHORITY OF NY & NJ EXPERIENCE
Qualifications
• Verifiable proof of two or more of the following certifications:
o Certified SCADA Security Architect (CSSA)*
o Certified Information Systems Security Professional (CISSP)*
o SCADAHacker™- Critical Infrastructure Security*
o Certified Information Systems Auditor (CISA)*
o CompTIA Security+ CE Certification (SEc+cE)
o Certified Information Law Specialist (GLEG)
* Designates preferred certification
JOB REQUIREMENTS:
• Must currently possess The Secure Worker Access Consortium (SWAC) credential.
• Must sign PA Non-Disclosure Agreement.
3. WORK HOURS
The normal workday for the ICS Consultant-Specialist II will be 9 AM to 6:00 PM, Monday through Friday, except for observed holidays. The Consultant shall work an 8-hour workday, with a mandatory 1-hour Lunch Break. Total billable hours per week shall not exceed 40 hours. All overtime must be pre approved by the designated Program Manager before performing any work.
4. TIME FRAME
The project is anticipated to start on or about 12/18/2023 and expire on or about 12/18/2024.
We are a Minority and Women Owned Certified Agency; Pacetas Agency is an integrated management consulting firm providing professional services to Prime Vendors and other companies in staffing, recruitment, project management, and Event and Marketing Communications.