ICS Cybersecurity Engineer/Segmentation/RA

We are seeking a highly skilled and innovative ICS Cybersecurity Engineer/Segmentation/RA to join our team in the greater DMV area, supporting the Army National Guard.

Responsibilities

• Design secure segmentation architectures for ICS/OT environments using zoning, conduits, and access‑control strategies aligned with IEC 62443 and NIST SP 800‑82.
• Conduct risk assessments evaluating exposure, safety impacts, threat vectors, and potential operational consequences for industrial control systems.
• Develop mitigation strategies, firewall/ACL policies, network isolation controls, and secure remote access designs to reduce lateral movement and operational disruption.
• Create and validate segmentation diagrams, data‑flow models, and conduit definitions to support secure integration of ICS/OT with enterprise networks.
• Produce remediation roadmaps, technical risk reports, and prioritized POA&Ms that support resilience and regulatory/compliance requirements.
• Coordinate with control system engineers, network teams, SOC/CIRT, and safety stakeholders to validate designs and minimize safety/availability impacts.
• Oversee testing and validation of segmentation controls (risk acceptance tests, functional verification, failover behavior) in lab and production staging environments.
• Maintain configuration/change records, evidence for audits, and documentation supporting accreditation and continuous monitoring.
• Mentor engineering teams on ICS security best practices and integration of segmentation into lifecycle processes.

#ENOCS

Qualifications

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Clearance: Active TS/SCI clearance.

• Candidate must meet ONE of the following:

  • Bachelor’s degree in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR
  • Relevant DoD/military training (examples: F07DZZ1; M03385G; M10395B; M223854; A‑531‑0021; W‑250‑0750; A‑150‑1980; A‑102‑8484; A‑150‑1250; A‑150‑1940A; A‑150‑1941; A‑150‑1903; A‑102‑3131; A‑150‑1855; A‑150‑1940; A‑113‑0205; A‑113‑0175; A‑113‑0018; A‑113‑0382; A‑113‑0027; A‑113‑0383; A‑113‑0202; A‑113‑0233; DISA (451) Training (Linux/Windows); System Administrator (Intermediate) Playlist); OR
  • Relevant professional certification or equivalent experience (examples: CompTIA Cloud+; GICSP; GSEC; Security+; SSCP).

• Required experience and skills:

  • Cybersecurity, network, or ICS/OT engineering experience with at least 3 years designing/implementing segmentation or network security for industrial/control environments.
  • Deep knowledge of IEC 62443, NIST SP 800‑82, ICS protocols, safety considerations, and impact of security controls on availability and safety.
  • Hands‑on experience authoring firewall/ACL policies, conduit definitions, zone architecture, and secure remote access designs for OT/ICS.
  • Proven ability to perform technical risk assessments, produce remediation roadmaps, and coordinate cross‑functional mitigation efforts.
  • Experience validating segmentation through testing (packet traces, functional tests) and integrating telemetry into SOC/CIRT detection workflows.
  • Strong documentation skills for architecture diagrams, change records, and audit/evidence artifacts.

• Desired:

  • Prior DoD/industrial control/utility or ARNG ICS/OT security experience.
  • Experience with industrial network devices, protocol analyzers, and secure gateway/DMZ implementations for ICS.
  • Familiarity with safe failover testing, control‑system vendor constraints, and coordinating security with safety engineers.

#ENOCS