Applied Risk is an established leader in Industrial Control Systems security. We help businesses to protect assets and reduce security risk, providing organisations ranging from Fortune 500 enterprises to small-to-medium sized businesses with the services and solutions they need to transform the way they procure, build, integrate and manage their critical infrastructures. Established in 2012, we have quickly grown to become a major cybersecurity player within the Industrial Automation and Control Systems (IACS).
We are expanding our Industrial Control Systems (ICS) and Industrial Internet (IIoT) security capability globally in order to support growing clients needs in this area. We are looking for Industrial Control Systems Security Consultant with strong experience in critical infrastructure sectors (Power, Oil&Gas, Transportation, Water, Manufacturing etc.) and a variety of cyber security disciplines.
- Leveraging triage skills and a variety of Digital Forensic and Threat Analysis tools when responding to client incidents
- Providing our clients with ongoing support post-incident and providing detailed briefings and reports to executive leadership
- Assessing intrusion signatures, tactics, techniques, and procedures associated with sophisticated cyber breaches
- Perform host and/or network-based forensics across ICS/SCADA systems
- Conduct red-team, penetration testing activities by leveraging actual adversary TTPs
- Assess and develop information security and incident response programs in a proactive fashion to help mature the security posture of organizations prior to an incident
- Lead incident response and proactive engagements
- Produce high-quality written and verbal reports, presentations, recommendations, and findings to customer management
- Demonstrate industry thought leadership through blog posts, conferences, and other public speaking events
- Manage internal programs or teams.
Desired Skills & Experience
- Experience conducting or managing incident response investigations for organizations, investigating targeted threats such as the Advanced Persistent Threat, Organized Crime, and Hactivists
- Experience leading client engagements and investigations
- Experience with operational technologies such as Remote Terminal Units (RTUs),
- Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS) and SIS
- Fundamental understanding of IT and OT network communication protocols (For example: TCP/IP, UDP, OPC, IEC 101/104, Modbus, IEC 61850, WirelessHART, ISA100 etc.)
- Background in a CNI domain, eg transport, energy, utilities, defence or other heavy industry.
Degrees & Qualifications
- 5-10 years of Digital Forensics or Host-based Forensic Analysis Experience
- Excellent consulting and communication skills
- Good interpersonal skills and a professional image
- Contributing thought leader within the incident response industry
- Ability to foster a positive work environment and attitude.
- Ability and willingness to travel, up to 50%
- OSCP/OSCE, or GCFA, GREM certification
- Bachelor’s or Master’s degree in Computer Engineering, Electrical Engineering, Computer Science or a related technical field
- Fluent in Dutch and English.