Parsons Corporation Cyber Engineer (Risk & Compliance)Energy and Utilities Specialist in Centreville, Virginia
Cyber Engineer (Risk & Compliance)
Energy and Utilities Specialist
Parsons is seeking a Cyber Engineer (Risk & Compliance) with specific expertise in the energy sector and NERC-CIP regulations to support the Vice President, Cyber Infrastructure Sector in developing and completing processes and procedures for risk and vulnerability assessments for internal and external customers, testing new cybersecurity products (hardware and software), and designing and implementing mitigations for vulnerabilities discovered during assessments. The primary focus will be assessing, planning, design, development and implementation of technical controls, procedures and policy associated with compliance to the NERC-CIP and NIST cyber security regulatory standards. The security assessments undertaken by the Cyber Risk and Compliance and Security Assessment Team (SAT) range in complexity and duration
SPECIFIC RESPONSIBILITIES :
Applies related technical experience and knowledge as well as business experience in analyzing and proposing Information Technology (IT) and Industrial Control System (ICS) Security solutions for assigned initiatives that serve Parsons’ clients with specific focus on the energy production, transmission, and distribution sectors.
Works with Management and end users to gather information and requirements needed to assess potential IT and ICS Security solutions that meet current and projected business needs.
Performs Vulnerability Assessments and Penetration Tests on IT or ICS networks using a combination of automated tools and manual inspection; performs gap analysis between current and recommended cybersecurity posture; combines information with industry research and cost-benefit-analysis to develop a recommendation for an IT or ICS security solution. Must be able to design appropriate security architectures and solutions to protect critical assets and mitigate vulnerabilities.
Team member that researches, analyzes and provides cybersecurity solutions, which may include key hardware and/or software.
4-year degree in Computer Science or Engineering degree (or related curriculum) and at least 5 to 8 years of progressive technical experience analyzing system cybersecurity posture and analyzing, developing and implementing mitigation plans. Has knowledge of NIST, ISO/IEC, or DoD security directives with detailed knowledge in NERC-CIP, smart grid, energy productions, and utilities regulatory policies and procedures.
Power utilities knowledge and experience is desired.
Certifications desired : Certified Information Security Professionals (CISSP), Certified Ethical Hacker (CEH), SANS GIAC Certified Industrial Cyber Security Professional (GICSP), or SANS GIAC Certified Penetration Tester (GPEN).
Ability to perform Vulnerability Assessments on Information Technology (IT) and Industrial Control System (ICS) systems and research, design and implement appropriate mitigations to protect customers' critical assets. Familiarity with Certification and Accreditation (C&A) processes such as NERC-CIP, NIST RMF, DIACAP or similar and be able to complete processes and procedures for security assessments is highly desired. Possess a thorough working knowledge of common commercial and/or open source vulnerability assessment tools and techniques used for evaluating operating systems, networking devices, databases and web applications. Solid understanding of NIST - especially 800-53 Rev4 and ISA 62443 is a requirement. Working knowledge in configuring and securing Microsoft and UNIX operating systems is a requirement.
Broad knowledge of cyber security threats and techniques used by adversaries to compromise systems – both technical and non-technical techniques. Familiarity with security risk and vulnerability assessment methodologies, latest technology trends and vulnerabilities including social engineering and other common techniques utilized by adversaries. Broad knowledge of security best practices, security solutions, and methodologies for conducting advanced security assessments, to include manual assessments and malicious user testing. Advanced understanding of security tool strengths and weaknesses and ability to select, configure, troubleshoot and use the best “tool for the job”.
Knowledge of ICS/ SCADA hardware, operating systems, networking, and security best practices is highly desirable.
Written and oral communication skills appropriate for the position, including the ability to present technical data in a logical manner that is easy to understand (may include communication via telephone, in person, or presenting to small groups). Ability to write moderately complex documents (may include emails, memos, procedures, presentations, and reports). Communicates with a wide variety of individuals (employees and managers) throughout the organization and outside of the organization (i.e. clients, vendors).
Ready for action? We’re looking for the kind of people who see this opportunity and don’t hesitate to act. Parsons is a leader in the world of technical services. We hire people with a broad set of technical skills who have proven experience tackling some of the greatest challenges. Take your next step and apply today.
Parsons Referral Plan
Maybe this opportunity isn’t the right fit for you, but you know someone who is? Why not join our Parsons external referral program? When you refer other top professionals and they are hired, you are rewarded with an incredible financial incentive. Help us find top talent!
Parsons is an equal-opportunity, drug-free employer committed to diversity in the workplace. Minority/Female/Disabled/Protected Veteran/LGBT.
Parsons is proud of our 70 years in delivering engineering, technical, and construction services to our legacy markets: -infrastructure, industrial, federal, and construction. As markets have evolved, so have we. Parsons is a provider of choice for cybersecurity and alternative project delivery services. We believe talent, passion, and commitment generate success. Parsons employees go the distance for our customers and give back to the communities in which we live and work. We welcome self-starters who have the ability to solve problems elegantly-and who believe in our core values of integrity, safety, quality, innovation, sustainability, and diversity. If this describes you, join us! Parsons delivers a better world.-
Job Cyber Technology
Title Cyber Engineer (Risk & Compliance)Energy and Utilities Specialist
Primary Location US-VA-Centreville
Requisition ID 39648