CONSULTANT
HCLTech
- Bangalore, Karnataka
- Permanent
- Full-time
Reviewing ICS network architectures and determining if good practices are being followed (e.g., the zones & conduits concept, proper network segmentation, use of Industrial DMZ, etc.); and providing recommendations to comply with cybersecurity framework like NIST/ IEC etc
Reviewing security products utilized (e.g., firewalls, IDS, IPS) and determining if they are configured properly as per the architecture data flow.
Reviewing and suggesting configuration changes for the network infrastructure devices (e.g., switches, routers, etc.), security appliances (e.g., firewalls, IDS, etc.), and virtualization solutions
Reviewing & configuring security policies, security events, assessing network monitoring capabilities and packet captures to identify security threats for the Cyber-X tool
Reviewing security policies, plans, and procedures and providing recommendations to comply with applicable cybersecurity framework.
Reviewing technical, administrative, and physical security controls and providing recommendations to mitigate the identified security risks.
Performing vulnerability and risk assessments using the Cyber-X & Sentinel tool for manufacturing and critical infrastructure environments to identify security risks and threats (e.g., unsecure remote access points, suspicious remote connections, unauthorized devices on the network, etc.) and providing recommendation to remediate the identified issues.
Creating detailed diagrams (e.g., network, cabling, server, rack, logical architecture, etc.), procedures, and plans (e.g., implementation, SAT, mitigation, etc.) as needed to support projects
Required Experience
A minimum of five (5) years hands on experience in designing and implementing ICS/OT network architectures and ICS process controls.
Degree in Engineering (Electrical, Mechanical, Chemical, Computer Science, or similar scientific / technical field.
Strong understanding of cybersecurity frameworks for ICS/OT environments (ISA-99/IEC 62443, NIST SP 800-82, CIS, etc.)
Understanding of the ICS/OT network communication protocols (e.g., Ethernet/IP, CIP, Modbus, OPC, etc.) and industrial networking topologies (e.g., ring, star, etc.)
Demonstrated technical skills to analyze, design, and deploy complex Ethernet/IP architectures and communication technologies.
Ability to perform vulnerability / penetration testing in ICS/OT environment, and/or threat hunting.
Prior experience Control System Engineer or SCADA Engineer working in manufacturing environments or power generation facilities.
Industry experience in Food and Beverage, Chemical, Pharma, Semiconductor, Water & Wastewater, Refining, Pulp and Paper, Oil/Gas Pipeline, Power Generation, Electrical Transmission & Distribution, Material Handling, and/or Packaging
Strong understanding of the ICS Network architecture and data flows in the OT environment.
Understanding of MITRE ATT&CKS for ICS or NERC CIP frameworks
Understanding of general cybersecurity frameworks (ISO IEC 27001/27002, ISO 15408, NIST Cybersecurity Framework (CSF), NIST SP800-53)
Networking certifications (e.g., CCNA, CCNP, JNCIP-ENT, etc.) , Cybersecurity certification (e.g., CEH, CISA, CISM, CCSP, etc.) or OT/ ICS security certification (e.g. GICSP, IEC-62443 etc.) will give an edge to the candidate.
(1.) Depending on the work environment, the subject matter expert may lead or be an active participant of a work-group with the need for specialized knowledge. (2.) Meet all agreed-upon turnaround times for deliverables, deliverable reviews, or deliverable sign-off (3.) Understands, articulates and implements best practices related