MAR Division of Oasis Systems has an exciting opportunity for a Senior Cyber Security Engineer with 20+ years’ experience. The Cyber Security Engineer acts as a subject matter expert for our federal customer within the energy sector as they implement and mature regulatory cyber security programs. The Cyber Security Engineer will actively support the agency as it establishes cyber security policy and assesses the extent to which these policies are implemented to promote safety and security at regulated commercial power plants, nuclear fuel facilities, and research and test reactors.
LOCATION: Rockville, MD
EXPERIENCE LEVEL: Minimum of 10 years combined cyber security and Industrial Control Systems experience. Within each area the candidate must have a minimum of 2 years working with Industrial Control Systems, and at least 8 years working in cyber security.
EDUCATION: BA/BS degree in engineering, computer science, cyber security, or related fields.
SECURITY CLEARANCE: Ability to obtain a Security Clearance
JOB STATUS: Full-Time
RESPONSIBILITIES: Functionally, the candidate should have experience with:
- Communication Skills:
- Ability to facilitate/participate in public meetings with the Nuclear industry where the press and other high visibility entities may be present
- Ability to appropriately communicate both in writing and orally based on audience and political tone of a given situation
- Strong writing skills and the ability to author highly visible original documents that are relied upon by the Nuclear Industry
- Penetration testing to include foot printing, creating attack trees and identifying attack vectors
- Various standard and non-standard (hacker community) security tools including strengths, weaknesses, and identifying marks/signatures.
- Types of firewalls, rules, complexity and risks associated with different vendors (i.e. Cisco vs McAfee Sidewinder)
- Defense in Depth and how it is applied to both IT and ICS environments
- Must have experience with treats tied to APT and the risk and challenges associated with both infiltration and exfiltration and how they differ in methodology and intent
- Experience with IT Security Audits
- Multi-level networks and classifications and how data leakage can be prevented and/or accomplished as an attacked
- Knowledge of digital components comprising Industrial Control Systems (ICS)
- Cyber Security Engineer principles as they apply to the protection of components within:
- Supervisory Control and Data Acquisition (SCADA) Systems,
- Distributed Control Systems (DCS), and
- Safety Instrumented Systems (SIS)
- Will be working with ICS standards and certifications, such as: o ISA/IEC-62443 (Formerly ISA-99)
- IEEE 802.3
- NERC Critical Infrastructure Protection (CIP) Standards
- NRC Regulatory Guide 5.71
- NEI 08-09, Revision 6
- NIST Special Publications
- ISASecure Certifications
MAR Division of Oasis Systems is an equal opportunity employer and does not discriminate in hiring or employment on the basis of any legally protected characteristic including, but not limited to, race, color, religion, national origin, marital status, gender, sexual orientation, ancestry, age, medical condition, military veteran status or on the basis of physical handicap which, with reasonable accommodation, render the application to satisfactorily perform the job available.