TPC Group
Engineer - OT Cybersecurity Network
TPC Group, Houston, Texas, United States, 77246
The Operational Technology (OT) Cybersecurity/Network Engineer is an integral member of the Process Automation Department in the Corporate Technology and Engineering Group who designs cybersecurity roadmap and implements policy in a highly complex industrial control system (ICS) that will drive the successful execution of TPC Group’s strategic process control projects. This role drives cybersecurity engineering solutions, framework, roadmap, risk remediation, and mitigation of operational risk in OT environment. The role includes reviewing all major technology projects to ensure compliance with OT cybersecurity policies, guidelines, and standards. This position requires the need to understand how to apply industry standard assessment methodologies, establish governance policies, determine and establish OT cybersecurity design requirements, and develop OT cybersecurity design documentation. This position supports several OT areas such as DCS system and network security, administration and network troubleshooting, system performance and evaluation, performance analysis, and capacity planning. Additional responsibilities include implementing, managing, and troubleshooting the existing network, security, and system while providing support for a variety of hardware.Job Duties and Responsibilities:Responsible for the development of TPC OT cybersecurity policies, standards, and procedures. Work with corporate IT security team, data custodians, and governance groups in the development of such policies. Ensure that TPC policies support compliance with DCS OEM and other control systems such as Emerson DeltaV, Bently Nevada, Triconex, etc.Develop system design and specification documentation deliverables that address OT cybersecurity vulnerabilities, including identifying physical controls to mitigate vulnerabilities and attack vectorsParticipate in project meetings and coordinate deliverables with multi-discipline engineering teams and system integratorsMaintain a working knowledge of cybersecurity standards and frameworks to include specifically ISA-62443, NIST CSF, and others as requiredDevelop and provide internal training/mentorship on cybersecurity topics for OT personnelProvide post project design validation reviews to confirm conformance with the established OT cybersecurity needsLead, manage, and review TPC OT cybersecurity/engineering deliverables in all TPC projects in OT environmentWork with OEM and 3 rd
party vendors to develop and implement an Incident Reporting and Response System to address TPC OT cybersecurity incidents (breaches), investigate and respond to alleged policy violations or complaints from TPC management and external parties, and develop improvement plansDevelop and implement an ongoing risk and threat assessment program targeting information security; recommend methods for vulnerability detection and remediation and oversee vulnerability testingEvaluate annually the level of access granted users within TPC PCN systems to ensure that access is limited to level required for job dutiesResponsible for configuring and maintaining PCN and DMZ systems, network switches, and firewallsRequired QualificationsBachelor’s degree in Information Technology or Computer Science3+ years of relevant work experienceExperience with COTS technologies used in a Cybersecurity Engineering environmentFamiliarity with the implementation of OT cybersecurity and the needs of enterprise business management, as it pertains to OT data accessIndustrial Control System (ICS) network segmentation design experience and familiarity with the Purdue ModelFamiliarity with multiple SCADA equipment manufacturers and OT network communications protocolsPreferred QualificationsCISSP or GICSP certification or willingness to obtain certificationExperience and ability to correctly apply common OT systems including DeltaV DCS, wireless network systems, fiber optic networks, Layer 2 and Layer 3 switches/methodologies, firewalls, and related systemsKnowledge of common cybersecurity threats such as a Denial of Service, Ransomware, etc. and knowledge of approaches to mitigate threatsCapability of applying cybersecurity standards and framework (ISA 62443, NIST CSF, etc.)Experience in ICS design, development, deployment, and evaluation of virtual hosting in both Hyper-V and VMware vSphere environmentsFamiliarity with various SCADA system platform architectures, PLC programming and architectures, and HMI programming and architecturesExperience working within a Cybersecurity Operations Center environment desiredEqual Opportunity Employer/Protected Veterans/Individuals with DisabilitiesThe contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)
#J-18808-Ljbffr
party vendors to develop and implement an Incident Reporting and Response System to address TPC OT cybersecurity incidents (breaches), investigate and respond to alleged policy violations or complaints from TPC management and external parties, and develop improvement plansDevelop and implement an ongoing risk and threat assessment program targeting information security; recommend methods for vulnerability detection and remediation and oversee vulnerability testingEvaluate annually the level of access granted users within TPC PCN systems to ensure that access is limited to level required for job dutiesResponsible for configuring and maintaining PCN and DMZ systems, network switches, and firewallsRequired QualificationsBachelor’s degree in Information Technology or Computer Science3+ years of relevant work experienceExperience with COTS technologies used in a Cybersecurity Engineering environmentFamiliarity with the implementation of OT cybersecurity and the needs of enterprise business management, as it pertains to OT data accessIndustrial Control System (ICS) network segmentation design experience and familiarity with the Purdue ModelFamiliarity with multiple SCADA equipment manufacturers and OT network communications protocolsPreferred QualificationsCISSP or GICSP certification or willingness to obtain certificationExperience and ability to correctly apply common OT systems including DeltaV DCS, wireless network systems, fiber optic networks, Layer 2 and Layer 3 switches/methodologies, firewalls, and related systemsKnowledge of common cybersecurity threats such as a Denial of Service, Ransomware, etc. and knowledge of approaches to mitigate threatsCapability of applying cybersecurity standards and framework (ISA 62443, NIST CSF, etc.)Experience in ICS design, development, deployment, and evaluation of virtual hosting in both Hyper-V and VMware vSphere environmentsFamiliarity with various SCADA system platform architectures, PLC programming and architectures, and HMI programming and architecturesExperience working within a Cybersecurity Operations Center environment desiredEqual Opportunity Employer/Protected Veterans/Individuals with DisabilitiesThe contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)
#J-18808-Ljbffr