Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ICS Penetration Tester
Company Dominion Energy
Location Richmond, VA
Preferred GIAC Certifications GICSP, GRID, GCIP
Travel 10%
Salary Not provided
URL https://careers.dominionenergy.com/job/RICHMOND-ICS-Penetration-Tester-VA-23219/606175100/
Contact Name Mark Shalowitz
Contact Email mark.c.shalowitz/at/dominionenergy.com
Expires 2020-06-04

Job Description

ob Summary
This role performs more complex cyber security activities, working closely with critical infrastructure business area partners to enhance and validate the cyber security posture of Industrial Control System (ICS) environments through the assessment of vulnerabilities, validation of monitoring and detection capabilities, and the development of recommendations.


Performs reconnaissance and research activities to determine internally and externally available information that can be used to facilitate unauthorized access to ICS environments. Performs product and technology research to understand application and network topologies, communication requirements, documented and undisclosed susceptibilities, and potential exploit mechanisms.


Utilizes a variety of software and hardware tools and techniques to discover available information, access paths into environments, evaluate the effectiveness of security controls and defenses, and determine optimum defenses against such activities.


Works closely with the Cyber Security Operations Center (CSOC) to facilitate the creation of use cases to detect adversarial and reconnaissance activities and enhance monitoring capabilities.


Provides written summaries of findings and documents recommended actions in both executive summaries as well as detailed technical reports for system owners and operators.


Applies considerable understanding of IT technologies, evaluation of cyber security risks and attack vectors, and develops an evolving knowledge of mitigation options to assess the current threat landscape and improve ICS environment security. Consults with ICS subject matter experts and business representatives to provide input on cyber security decisions, the establishment of cyber security policies, and to foster security awareness.


Perform other duties as requested or assigned.

23261

Required Knowledge, Skills, Abilities & Experience
Must possess at minimum of 5-7 years of work experience in cyber security, and/or extensive operational experience deploying and managing technologies and performing system hardening to protect environments from cyber threats. (Note: A Master's degree will count towards one year of experience; A partial year of experience of six months or more will count as one year of experience). Candidate with GICSP, GRID, or GCIP strongly encouraged to apply.


Demonstrated working knowledge in the identification, gathering and analysis of information, threats, etc. to investigate and mitigate security risks desirable but not required. Considerable knowledge of cyber security best practices and frameworks (ex. NIST 800-82, ANSI/ISA-62443-1-1, CIS 20, NIST Cyber Security Framework, NIST 800-53, etc.) and security controls.


Previous experience performing red team or other vulnerability assessment activities highly desirable.


Working knowledge of ICS cyber security standards or general ICS knowledge desirable. Demonstrated organization and planning skills, including time management, project coordination, and project management. Demonstrates excellent analytical, troubleshooting, and problem solving skills, with a questioning attitude.


Demonstrated competency in verbal and written communication, with good presentation skills. An in-depth experience in security aspects of multiple platforms, operating systems, software, communications, and network protocols is strongly desired.


Highly motivated, with the ability to work effectively under minimal supervision in a fast paced environment. Excellent analytical, troubleshooting, organizational, and problem solving skills, to include time management, project coordination, and project management. Must be team-oriented, placing priority on quality and the successful completion of team goals.


Demonstrated competency in developing effective solutions to business problems, with the ability to understand customer’s business needs, analyze problems and make decisions. Demonstrated leadership of work teams or groups, with the ability to work with all levels of employees. Ability to handle multiple deadlines and associated pressures, is a self-starter, and to work independently.


Travel: 15-25%, including some overnight travel.

Education Requirements
Education Level: Degree or an equivalent combination of education and demonstrated related experience may be accepted in lieu of preferred level of education: Bachelor


Preferred Disciplines: Computer Science; Engineering; Information Systems; Information Systems Security


Other disciplines may be substituted for the preferred discipline(s) listed above.

Working Conditions
Office Work Environment 76 -100%
Test Description
No Testing Required



Export Control


Certain positions at Dominion Energy may involve access to information and technology subject to export controls under U.S. law. Compliance with these export controls may result in Dominion Energy limiting its consideration of certain applicants.



Other Information


We offer excellent plans and programs for employees. Employees are rewarded with a competitive salary and comprehensive benefits package which may include: health benefits with coverage for families and domestic partners, vacation, retirement plans, paid holidays, tuition reimbursement, and much more. To learn more about our benefits, click here dombenefits.com.



Dominion Energy is an equal opportunity employer and is committed to a diverse workforce. Qualified applicants will receive consideration for employment without regard to their protected veteran or disabled status.



You can experience the excitement of our company – it's the difference between taking a job and starting a career.