ICS Cybersecurity Expert

ICS Cybersecurity Expert

We are looking for Subject Matter Experts (SMEs) to assist our client with information assurance and cybersecurity activities for Industrial Control Systems (ICS). Activities will be focused on maintaining compliance with the Federal Information Security Management Act (FISMA). Resources will be responsible for ensuring that appropriate security controls are in place, documented, monitored and changed or updated, as necessary.

Work will be based in the Denver, Colorado, area; however, travel to other sites located within the 17 Western states is possible. Resources will be expected to work on site in Denver and full time (40 hours per week) for a period of at least one year and up to five years.


  • Performing risk and security assessments of ICS to support the Security Assessment and Authorization (A&A) process.
  • Developing security documentation, including Asset Inventories, System Security Plans, Contingency and Disaster Recovery Plans, Incident Response Plans, Configuration Management Plans, Continuous Monitoring Plans, Security Impact Analyses, Privacy Impact Analyses, Security Assessment Reports, and Plans of Action and Milestones.
  • Establishing baseline configurations and conducting security impact analyses of configuration changes to ICS.
  • Evaluating the effectiveness of ICS contingency and recovery plans, exercises and training, and developing recommendations for improvement.
  • Developing continuous monitoring plans and metrics for ICS security controls.
  • Supporting the customer’s cybersecurity process improvement initiatives, including asset inventory, asset categorization, task automation and the development of cybersecurity dashboards.
  • Supporting the development of a cybersecurity strategy, framework and implementation plan.
  • Supporting ICS cybersecurity training initiatives.


  • A minimum of 10 years’ experience in IT security, with at least 5 years’ experience in data security and/or security auditing in support of federal A&A processes.
  • A minimum of 2 years’ specific experience in ICS security.
  • Bachelor’s degree in computer science, information security, information systems, information resource management, or related field, or equivalent work experience.
  • Certified Information Systems Security Professional (CISSP) or equivalent certification.
  • Extensive knowledge of government security programs and standards, including FISMA, the NIST Special Publications 800 series, and the Office of Management and Budget Circular A-130.
  • Expert-level knowledge of and experience with FISMA compliance activities, including the development of security documentation and the performance of NIST 800-53 control assessments.
  • Expert-level knowledge of and experience applying the NIST Risk Management Framework principles.
  • Experience conducting security assessments and FISMA compliance activities at federal and/or Department of Defense agencies.
  • Experience conducting and analyzing the results of technical security assessments, including vulnerability scans and configuration audits, using a variety of security tools.
  • Extensive knowledge of cybersecurity threats and vulnerabilities, mitigation techniques and best practices that are specific to ICS.
  • Extensive knowledge of federal privacy requirements and experience conducting Privacy Impact Analyses.
  • Ability to write policies, procedures, guidance, standards and training materials.
  • Excellent written and oral communication skills. Ability to communicate technical findings, associated risks and mitigation recommendations to customer stakeholders.

Apply for this job now