Cybersecurity OT Engineer
3B Staffing LLC, Arlington, VA, United States
Cybersecurity OT Engineer
Experience:
8+ years securing industrial control systems in energy sector.
In-depth hands-on experience with:
SCADA/DCS systems (GE, ABB, Siemens, Schneider, Emerson)
Field devices (IEDs, RTUs, protective relays, telemetry units)
Secure remote access solutions (e.g., jump hosts, unidirectional gateways)
Preferred Certifications: GICSP, GRID, ISA/IEC 62443, NERC CIP Certification, CISSP, or SANS ICS410/515
Responsibilities:
Design and implement layered security controls for OT environments such as Power Generation, Substation Automation, Transmission & Distribution Networks
Harden field-deployed OT assets (PLCs, RTUs, IEDs, HMIs) per NERC CIP, ISA/IEC 62443, and NIST 800-82
Deploy & manage industrial firewalls, network access control (NAC), and micro-segmentation using L2/L3/VLAN zoning and DMZ architectures.
Implement & tune OT-specific IDS/IPS solutions (e.g., Dragos, Nozomi Networks, Claroty, Tenable.ot).
Integrate OT telemetry into centralized SIEM (Splunk, Sentinel, etc.) with asset tagging and alert enrichment.
Perform protocol-aware traffic analysis (Modbus, DNP3, IEC 61850, OPC UA, GOOSE) to detect anomalies and APT activities.
Maintain a security-focused patch management lifecycle for ICS firmware, SCADA software, and Windows/Linux operator consoles.
Implement whitelisting & application control for locked-down HMI/engineering workstations.
Ensure alignment with NERC CIP, NIST CSF, ISO 27001, and local regulatory frameworks for critical infrastructure protection.
Experience:
8+ years securing industrial control systems in energy sector.
In-depth hands-on experience with:
SCADA/DCS systems (GE, ABB, Siemens, Schneider, Emerson)
Field devices (IEDs, RTUs, protective relays, telemetry units)
Secure remote access solutions (e.g., jump hosts, unidirectional gateways)
Preferred Certifications: GICSP, GRID, ISA/IEC 62443, NERC CIP Certification, CISSP, or SANS ICS410/515
Responsibilities:
Design and implement layered security controls for OT environments such as Power Generation, Substation Automation, Transmission & Distribution Networks
Harden field-deployed OT assets (PLCs, RTUs, IEDs, HMIs) per NERC CIP, ISA/IEC 62443, and NIST 800-82
Deploy & manage industrial firewalls, network access control (NAC), and micro-segmentation using L2/L3/VLAN zoning and DMZ architectures.
Implement & tune OT-specific IDS/IPS solutions (e.g., Dragos, Nozomi Networks, Claroty, Tenable.ot).
Integrate OT telemetry into centralized SIEM (Splunk, Sentinel, etc.) with asset tagging and alert enrichment.
Perform protocol-aware traffic analysis (Modbus, DNP3, IEC 61850, OPC UA, GOOSE) to detect anomalies and APT activities.
Maintain a security-focused patch management lifecycle for ICS firmware, SCADA software, and Windows/Linux operator consoles.
Implement whitelisting & application control for locked-down HMI/engineering workstations.
Ensure alignment with NERC CIP, NIST CSF, ISO 27001, and local regulatory frameworks for critical infrastructure protection.