Location: Remote Canada, Canada
Dans des marchés en rapide évolution, les clients à travers le monde font confiance à Thales. Thales est une entreprise où les personnes les plus brillantes du monde entier se regroupent pour mettre en commun leurs idées et ainsi s'inspirer mutuellement. Dans tous les secteurs où œuvre Thales, notamment l'aérospatiale, le transport, la défense, la sécurité et l'espace, nos équipes d'architectes conçoivent des solutions innovantes qui rendent demain possible dès aujourd'hui.
In fast changing markets, customers worldwide rely on Thales. Thales is a business where brilliant people from all over the world come together to share ideas and inspire each other. In aerospace, transportation, defence, security and space, our architects design innovative solutions that make our tomorrow's possible.Position Summary
The Cybersecurity Consultant must have a proven experience working with Enterprise, Industrial, Critical Infrastructure, and Operational Technology (OT) environment. Possess a good understanding of industrial control systems (ICS) fundamentals. Equip with hands-on experience in assessing, troubleshooting and securing control systems, working with various vendors, knowledgeable with communication protocols such as TCP/IP, MODBUS, ICCP, DNP3, RTU, OPC, HMI, PLC, distributed control system (DCS) and supervisory control & data acquisition (SCADA). Must be able to evaluate the network architecture, distinguish the Enterprise (IT) and Operational Technology environment (OT) and identify cyber risks each Purdue level.
In addition, the Cybersecurity Operations Centre (CSOC) team will rely on your contribution to perform an in-depth analysis of digital artifacts, identify the malicious operations and evaluate the real impact in order to solve in a quick and efficient manner. This is a key role when it comes to responding to customer's security incidents. In-depth knowledge and technical skills in Security Operation Centre (SOC), SIEM and SOAR, Incident Response, log and network analysis, Network security (Firewall, WAF, IDS/IPS), Enterprise and OT infrastructure. This includes using troubleshooting tools to analyze and respond to cyber threats, writing scripts to aid in quick analysis and response, and responding to security events. Previous work experience in ICS/OT and Cybersecurity consulting is vital for this role.Key Areas of Responsibility
The Cybersecurity Consultant is responsible to provide business-driven, cost-effective advice on the management of risk and security vulnerabilities for Enterprise (IT) and Operational Technology (OT) customers. You will support the development of Cybersecurity practices including but not limited to:
- Deliver IT and OT assets discovery including logical and physical site assessments
- Recommends implementation of new OT controls across provide more cost effective risk mitigation.
- Deliver Cyber Risk assessment for IT or OT environment including Security Architecture review
- Deliver reports with pragmatic solutions and provide actionable recommendations.
- Lead technical workshops to support the risk assessments activities
- Coordinate and support customer's project team, site engineers, and management with project deliverables.
- Proficient in designing, implementing and maintaining, monitoring platform, log management systems, and correlation engine.
- Support the architecture design and recommend enhancement of Cybersecurity capabilities in OT environment.
- Proficient in vulnerability assessment, penetration testing, incident management in IT and OT environment.
- Carry out first responder actions, triaging and containing breaches. Document incidents from initial detection through final resolution.
- Lead incidents response, deployment of IR tools and sensors, advance forensic analysis, and incident response advisor.
- Point of escalation in support of cybersecurity investigations for the industrial environment. Provide guidance on incident resolution and containment techniques.
- Must be capable of advance analysis in respond to security incidents. Securely collect artifacts, analyze for malicious behavior and carry out analysis to determine the root cause of events.
- Lead threat-hunting activities, looking foranomalies. Ingest, analyze and contextualize data and turn that intointelligence for threat assessment and risk management.
- Contribute to the creation, update and distribution of incident response best practices to include response capabilities and recommendations to senior leadership when dealing with incidents that affect the business.
- Must be analytical with detail-oriented analysis and great documentation skills.
- Must have expertise supporting one or various Cloud infrastructure (Azure, AWS, GCP or IBM Cloud)
- Up-to-date with the latest Cybersecurity trends, news and threat landscapes, with OT, IoT, Big Data, Cloud Security, and Digital Transformation.
- Bachelor degree in engineering, computer science, cybersecurity or related IT fields or job experience equivalent with a minimum of eight (8) years of experience
- Candidate must have a strong background in System/Network Architecture, Cybersecurity consulting and fundamentals with Industrial Control Systems (ICS), Operational Technology (OT).
- Experience in building and assessing an OT infrastructure, Security Operation Centre, and Cloud infrastructure.
- Currently holding one or more Cybersecurity industry recognized certifications: (ISACA, ISC2, GIAC SANS, CompTIA, Offensive-Security)
- Vendor specific training and certifications: IBM QRadar, Splunk, Palo Alto, FireEye, Cisco, Microsoft, Amazon (AWS)
- Over 5 years of related experience working in ICS and Operation Technology (OT) environment.
- Knowledgeable with NIST Cybersecurity Framework (CSF), ISA 62443, NIST800-82, MITRE ATT&CK and d3fend
- Over 5 years of related experience on a Computer Incident Response Team (CIRT) or a Security Operations Center (SOC)
- Experience in building SOC processes, Playbooks, Correlation rules, and Incident report.
- Experienced in Cloud infrastructure and Cloud security monitoring is a plus.
- Ability to develop and manage professional relationships with clients.
- Excellent in creating reports, presentations, architecture and workflow diagrams, and documentation.
- Communicate effectively (team spirit) with customers, colleagues, and management.
- Expertise in OT equipment from a variety of manufacturers and industrial protocols.
- Expertise and working experience in designing, implementing and monitoring OT sensors from various vendor such as Microsoft, Cisco, Forescout, Nozomi, Claroty, and others)
- Experience working in a SOC environment (Internal or MSSP)
- Experience monitoring enterprise environment. Operation Technology (OT) or ICS.
- Knowledge of numerous of operating systems, from the latest to legacy Windows, UNIX. Embedded OS, platforms is a plus.
- Strong understanding of security incident management, malware management and vulnerability management processes.
- Experience building, integrating, and maintaining SOAR platform: xSOAR, IBM Resilient, TheHive and Cortex
- Willingness to keep skills up to date, supported by training and mentoring.
- Strong written communication skills and presentation skills.
- Self-starter, work independently and adjust to changing priorities, critical and strategic thinker, negotiator and consensus builder.
- Ability to install servers and network hardware in server rack if required.
- Comfortable visiting customer sites and wearing Personal Protective Equipment (PPE) hardhat, steel toe boots, mask and others as required by the site)
Thales est un employeur offrant l'égalité des chances qui valorise la diversité et l'inclusion sur le lieu de travail. Thales s'engage à mettre en place des mesures d'adaptation tout au long du processus de recrutement. Les candidats sélectionnés pour une entrevue et ayant besoin de mesures d'adaptation sont priés de le faire savoir lors de l'invitation à l'entrevue; notre équipe travaillera volontiers avec chaque candidat pour répondre à ses besoins particuliers. Tous les renseignements relatifs aux mesures d'adaptation seront traités d'une manière confidentielle et utilisés uniquement dans le but d'offrir une expérience candidat adaptée.
Thales is an equal opportunity employer which values diversity and inclusivity in the workplace. Thales is committed to providing accommodations in all parts of the interview process. Applicants selected for an interview who require accommodation are asked to advise accordingly upon the invitation for an interview. We will work with you to meet your needs. All accommodation information provided will be treated as confidential and used only for the purpose of providing an accessible candidate experience.
Banking, Finance and Insurance