View all jobs

Sr. Associate IS Security Engineer (JP8001)

Tampa, Florida · Biotech/Pharmaceutical
Job Title: Sr. Associate IS Security Engineer (JP8001)
Location: Tampa Florida 33607
Employment Type: Contract
Duration: 12 months with likely extensions
Job posting date: 15 December 2020
Note: Remote until COVID-19 restrictions are lifted.
3 Key Consulting is hiring a Sr. Associate IS Security Engineer for a consulting engagement with our direct client, a leading global bio-pharmaceutical company.
Job Summary:
  • Candidate will be remote until the site re opens then required to be on site.
  • 2+ years’ experience with ICS systems - any industry will do, pharma/biotech ideal
  • Bachelor’s degree Minimum, any field
  • Qualys, Siem, Antivirus, Fire Wall, ideal not mandatory.
  • The Senior Associate IS Security Engineer plays an integral role in information security for the client.
  • The main responsibility is to support various capabilities within OT security like vulnerability management, cyber threat intelligence, and others.
  • The Sr. Associate IS Security Engineer will work with various partners at the client in a manner aligned to the client’s values to define and implement information security services strategies, standards, tools and processes covering the areas of Operational Technology (OT)
  • This Sr. Associate IS Security Engineer will work with other client n teams like Security Operations on architecting, designing, and implementing technologies, processes, and other improvements in OT security management. This will also include participation in on-call activities.
  • The Sr. Associate IS Security Engineer will be a part of the client’s Threat & Vulnerability Management team and will be expected to contribute to and help deliver services and projects in other areas of information security.
  • The role will be part of the Threat & Vulnerability Management team responsible for delivering security services across the client globally. This position will focus on OT security services and technologies but will support Threat & Vulnerability Management.
Areas of responsibility include:
  • Identify and evaluate gaps in ICS systems. Drive implementation to mitigate security exposure.
  • Integrate, configure and conduct vulnerability management technologies for OT networks.
  • Configure, conduct, understand, review vulnerability assessments and provide false positive validation focused on the OT/ICS/Manufacturing space.
  • Coordinate with internal and external partners to remediate or mitigate security vulnerabilities.
  • Use strong social skills to articulate vulnerabilities to technical and non-technical audiences.
  • Assist in recommending and prioritizing remediation efforts within infrastructure and application teams.
  • Handle tracking and remediation of vulnerabilities by using agreed-upon action plans and timelines with support teams.
  • Developing automated and ad hoc reports of security metrics.
  • Serve as an escalation point for all technical issues regarding vulnerabilities.
  • Provide support and for the organization’s day-to-day counterintelligence program.
  • Support Cyber Security Operations Center on security incidents including contributing to mock security incident exercises.
  • Build upon existing capability, recommending cutting-edge tools and procedures to detect threats and protect the firm’s intellectual property and assets.
  • Maintain current workflows and develop new ones as needed.
  • Implement and maintain API integrations between internal systems to provide enrichment and support workflows.
  • Advise incident responders as they develop and coordinate response, containment and remediation capabilities as appropriate.
  • Management of technologies and processes relating to assigned OT Security capabilities including issue identification and resolution, integration with other tools, documentation, gap assessment, gap resolution and continuous improvement of the service.
  • Define, provide, and improve metrics on the assigned services including the use of appropriate applications and tools for reporting.
  • Develop or participate in the development of business cases and presentations on information security technologies of interest to the client.
  • Participate in proactive research and provide recommendations for continuous improvement on information security technologies, processes and services.
  • Develops, implements, and sustains operational scripts, data structures, libraries and programming code that optimize security in emergent compute patterns with diverse applications throughout the global environment.
  • Analyzes, designs, develops and operates programs, shell scripts, tests, and infrastructure automation capabilities in an advanced security context.
  • Collaborates multi-functionally with analysts, engineers, data scientists to deliver continuous improvement in cyber defense/resilience.
  • The Sr. Associate IS Security Engineer will also present project status reports to senior management, adhere to policies and practices relative to technical guidelines and change management processes, and may contribute to the development of new policies and practices by suggesting innovative ideas.

Minimum Qualifications:
  • Bachelor’s degree or higher-level education or work experience equivalent.
  • 1 year experience in Information Security and over 4 years of experience in Information Systems.
  • 2 years exp with ICS systems and ICS security industry practices along with exposure to OT.
  • 2 years exp supporting PLC, DCS, HMI, or SCADA systems.
  • Excellent written and verbal communication skills.
  • Passionate, collaborative and results oriented.
  • Clear understanding of and ability to manage cognitive biases.
  • Ability to relate same to development of information and intelligence reports.
  • Detailed knowledge of Windows and/or Linux systems and associated scripting languages.
  • Entry level security certification (CompTIA Security+, Microsoft MTA Security, ISACA CSX, GISF, SSCP).
Demonstrated experience working with any of the following:
  • Security Information and Event Management
  • Vulnerability Management
  • Endpoint Security
  • Web Security
  • Incident Response
  • Detailed knowledge of Firewalls, Enterprise E-mail Systems and / or Incident Management.
  • Log analysis capabilities for various security systems or infrastructure devices.
  • Attention to detail and focus on providing vetted information.
Desired Qualifications:
  • Experience with industrial protocols such as OPC, Modbus, and BACNET, EthernetIP, Profinet, S7, Factorytalk, etc.
  • Experience with OT Security management solutions.
  • Understanding of IEC 62443/ISA 99, GMP, Purdue Model.
  • Experience in supporting solutions, a/v, firewall, iDS, alerting and monitoring in ICS environments.
  • Experience with systems security engineering for SCADA, ICS, and IT-level systems.
  • Experience with embedded systems.
  • Working knowledge of global threats to international cyber security, and conversant in the tactics, techniques and procedures used by cyber adversaries.
  • Experience with analytical problem solving and familiar with conducting operations relating to insider threat, counterintelligence investigations, and counterespionage.
  • Microsoft`s MCSA / MCSE certifications
Preferred Certifications (Any):
  • GICSP, CCSA (SCADA certified)

Top Must have Skill Sets:
  • Experience in OT security
  • Vulnerability management
  • General IS skills
  • IT system admin skills
Employee Value Proposition:
Opportunity to be apart of a new initiative, new division.
Red Flags:
Jumpy job history, unexplained gaps of employment.
Interview Process: Phone & Video.
We invite qualified candidates to send your resume to resumes@3keyconsulting.com. If you decide that you’re not interested in pursuing this position, please feel free to look at other positions on our website www.3keyconsulting.com. You are welcome to also share this posting with anyone you think might be interested in applying for this role.
3KC Talent Acquisition Team

Share This Job

Powered by