Your Role:

The Senior Security Consultant is responsible for architecting a Vulnerability Management solution leveraging Tenable solutions based on established industry standards and Tenable best practices. Senior Security Consultants should be able to assess and advise clients on best practices for reducing Cyber Exposure risks across their entire attack surface.

In addition, the Sr. Security Consultant will lead and execute on engagements in mission critical operational environments (Industrial Control System (ICS) / Operational Technology (OT)), often having a direct impact on improving security across multiple critical infrastructure industries. The consultant will design and architect secure control system environments and technologies across some of the world's leading organizations in oil & gas, and utilities, as well as chemical, technology & communications, manufacturing, transportation, health & life sciences.

Your Opportunity:

• Executing client engagements that exceed expectations based on strong understanding of the client’s business and their unique needs by:

  • Providing recommendations on architecture, deployment, and configuration of Tenable solutions

  • Providing best practices regarding usage of ICS/OT, SecurityCenter, Nessus and Tenable.io in client environments

  • Advising clients on process best practices enabled by Tenable solutions

  • Advising on integration scenarios to clarify desired workflows and outcomes

  • Research client needs/requirements and identify areas where changes can make maximum impact

  • Review, assess and recommend security controls associated with client environments (i.e., IT Assets, infrastructure, network, SCADA, ICS/OT systems, etc.)

  • Creating additional value for clients through continual insights and consultative advice based on experience with the Tenable products, the client, their industry, established standards, and industry/company best practices

  • Assist clients with installing, configuring, and operating Tenable solutions

  • Develop scan policies, assets, scans, dashboards and reports to meet client needs

  • Assist client with upgrades and migration to new hardware or software versions

  • Training client staff on implementation, configuration and best practices usage of Tenable solutions as needed

• Industrial Control System (ICS) / Operational Technology (OT)

  • Develop effective processes, procedures and tools that aid in the design and support of ICS/OT architecture and solutions; and review existing controls for additional improvement and/or enhancement

  • Provide subject matter expertise and support solution shaping in the field of IT Network and ICS/OT Security

  • Assist in building and diversifying the larger PS team to help deliver ICS/OT design services, consulting and managed services to internal and external clients

• Develop and maintaining positive partnerships with clients

• Support the Professional Services Engagement manager in pre- and post-sale business development activities to include:

  • Conduct in-depth needs analysis with technical staff to determine requirements and specifications of post-sales engagements in line with Tenable best practices

  • Support and or write the development of Statements of Work

  • Help identify further revenue opportunities by promoting deeper and broader deployment of Tenable solutions and services

• Liaise with Tenable Technical Support when dealing with an onsite client escalation

• Enable Tenable partners by training, mentoring, certifying, and validating

• Documentation of methods and best practices for use internally and with clients

• Contribute to the development and maintenance of internal delivery methods and tools

• Mentor fellow consultants on best practices, lessons learned, tactics and strategies for improving client experiences

• Travel: Willing and able to travel to client sites up to 50%

What You'll Need:

• Bachelor's degree OR 8+ years experience in Networking, IT, security, risk management or professional services

• Recent in-depth experience performing vulnerability analysis, configuration audits, security monitoring within ICS environments

• Deep understanding of Cyber Exposure to include the lifecycle states, as well as network / ICS/OT asset classes

• In depth knowledge of, ICS environments including Programmable Logic Controls (PLCs), Human Machine Interfaces (HMIs), and other field devices such as smart sensors

• In Depth knowledge of ICS technologies and how they are deployed in different industry verticals

• Understanding of ISA 95 / Purdue Model

• In depth knowledge of networks, Linux/Unix and Windows administration, patch deployment and system configuration

• Advanced networking skills from architecture, segmentation, packet captures, protocols, VLANs, WLANs, Firewalls and troubleshooting

• Understanding of Distributed control systems (DCS) and supervisory control & data acquisition (SCADA) architecture

• Strong analytical, interpersonal, communication and writing skills

• Understanding of security principles, policies and industry best practices

• Knowledge of auditing / compliance frameworks (e.g., ISO, PCI, GLBA, NIST, HIPAA, NEI 13-10 etc.)

• Understanding common network monitoring tools such as IDS/IPS

• Knowledge of Cyber Threat Landscape, common breach techniques and associated vulnerabilities

• Consulting skills with an emphasis on client management, objection handling and a commitment to client success

• Security Clearance Preferred

And Ideally:

• Certifications - GIAC Global Industrial Cyber Security Professional (GICSP), Practical Network Penetration Tester Certification (PNPT), Offensive Security Certified Professional (OSCP), GIAC Critical Infrastructure Protection (GCIP), GIAC Response and Industrial Defense (GRID).