Job Details

Senior Cybersecurity Specialist (CORPORATION)

Washington, DC, United States
  • Employment Type: Direct Hire

Our client, a leading provider of energy efficiency and renewable energy solutions, is seeking a Senior Cybersecurity Specialist to join their team. This individual will be responsible for developing, designing, and rolling out an internal cybersecurity risk program. The ideal candidate must have extensive experience and knowledge on security posture and risk advisory. The Cybersecurity Specialist will be responsible for determining cybersecurity standards and procedures that apply to various client projects, specifically in the area of Risk Management Frameworks. This individual should have extensive experience assessing levels of cyber risk security, identifying, qualifying, and maintaining relationships with third-party consultants and vendors and performing risk assessments in-house. The Senior Cybersecurity Specialist will be responsible for providing reports and reviews, training internal operations teams on identifying weaknesses and ensuring the organization is meeting necessary requirements as it relates to risk. Strong written and verbal skills are required.  Interest and experience working within the energy and federal verticals is preferred! Send resumes to [email protected].

RESPONSIBILITIES:

  • Determines the cyber security standards and procedures that apply to each client and project (e.g. Risk Management Framework (RMF)
  • Defines the applicable standards and procedures requires review of project contractual requirements, reviews and negotiates with host site personnel regarding site-specific standards, procedures and practices, and understands guidelines from NIST, DHS, and other industry sources as they apply to the project proposed for each site
  • Assesses the level of cyber security risk posed to the site by the proposed project 
  • Develops a written cyber security plan that meets the contract requirements for mitigating such risk 
  • Identifies, qualifies, and maintains relationships with outside cyber security consultants 
  • Develops site- and contract-specific external scopes of work and administer value-based solicitations, ultimately resulting in procurement of such consultant services through Professional Service Agreements (PSAs)
  • Administers and provides quality control of consultant deliverables and services
  • Manages periodic risk assessments of cyber security plans using third-party reviewers as well as self-perform risk assessments in-house 
  • Monitors and periodically inventory system configuration integrity, software and firmware updates and patches, accesses credentials and use, predicts and plans mitigation of end-of-life software and hardware platforms and similar tasks to sustain or improve the security of installed systems
  • Prepares written annual reports and review (or write) risk assessments for each project 
  • Provides training to company management and operations staff as necessary to educate staff in the procedures that must be followed to meet and sustain cyber security requirements 
  • Develops and maintains company standard procedures to support cyber security requirements at all project-sites; updates and revises such procedures on an ongoing basis as needed
  • Develops and maintains cyber security sustainment plans that provide a sequence of notifications, procedures, and definitive actions for breaches and identified weaknesses, as well as periodic maintenance, and system integrity and vulnerability evaluations 
  • Assures that systems receive software, firmware, and operating system updates and patches as appropriate, and maintain proper documentation of same
  • Provides commissioning support of new plant systems, including participation in the development of commissioning documents, witness and participation in commissioning activities, and appropriate contribution to documented commissioning results to assure compliance with cyber security requirements
  • Monitors and preserves contractual performance requirements to client in all actions
  • Cultivates and maintains effective business relationships with existing vendors and service providers, and with on-site customer and corporate staff
  • Maintains compliance with company, industry, trade, and jurisdictional safety standards, practices, codes
  • Performs other duties as required

MINIMUM QUALIFICATIONS:

  • Bachelor’s Degree in Computer Engineering, Engineering or Computer Science from a four-year technical engineering ABET accredited institution
  • Substantial experience with HVAC and industrial control systems, common control system software, hardware platforms and communications protocols, serial and packet networks

PREFERRED QUALIFICATIONS:

  • Current Certified Information Systems Security Professional (CISSP) and/or Global Industrial Cyber Security Professional (GICSP) certification strongly preferred
  • Solid understanding of network concepts surrounding VLANs, various access control methods, local and centralized authentication, VPNs, and encryption
  • Coursework and/or experience related to electrical power systems, engineering design, with exposure to facility operations and projects involving co-generation, engine-generators, heating & cooling plants & systems, building and industrial controls and instrumentation, and automation technologies
  • Excellent verbal, written, computer, technical data, spreadsheet, and communication and organizational skills
  • MS Office proficiency required with advanced Excel and Word experience preferred
  • Proven ability to manage and complete multiple tasks in a timely, cost-effective manner
  • Valid Drivers’ License issued by state of residence and in good standing
  • Will be required to pass security clearance investigation
  • Occasional regional travel may be required
  • Day shift hours, with occasional after-hours / on-call duties required

Interested in this job? Get in touch.

(Accepted file formats are PDF, DOC, DOCX, TXT, RTF and ZIP. File size maximum is 2 MB.)