Job Description

About ITnova:  

• ITnova is an IT and engineering consulting company dedicated to supporting government agencies with innovative and flexible IT solutions. With our advanced technology, we are committed to supporting the Federal and State government’s mission and goals while providing seamless customer service.   

• At our company nothing is more important than our people. Supporting and protecting our employees, families, and community has been, and continues to be, our focus.  

Location 

• Hybrid with onsite work at 2 Montgomery Street, Jersey City NJ with possible meetings at other Port Authority Facilities in the NY/NJ area 

Scope of work 

The ICS Consultant – Specialist II shall work with the Cyber Security group of the Port Authority’s Technology Department (TEC), which is responsible for managing the Cyber Security for the agency. These individuals will provide program leadership and work closely with a variety of stakeholders throughout the Port Authority of NY and NJ to reduce the risk profile of the vast Operational Technology, Industrial Control System (ICS) and SCADA resources found throughout the Authority’s operating and information environments. 

JOB RESPONSIBILITIES: 

The successful candidates may work independently as well as with both consultants and Agency staff resources of different Units and Departments throughout the Agency to deliver work products including but not limited to: 

• Evaluate Port Authority OT/ICS/SCADA cyber security policies, processes, and technical controls. Apply leading cyber security frameworks in an asset management system program. 
• Ensure that business line departments can maximize the functionality of OT/ICSSCADA systems and devices in a wide variety of operating technology environments that include operations, health, safety, and resiliency. 
• Discover, manage, monitor, and remediate asset inventory of Port Authority (PA) ICS the OT/ICS/SCADA systems and devices, categories of criticality, system attributes and crucial information for the purpose of applying risk management controls. 
• Work with business line units, support vendors, Security Operations Center and PANYNJ IT network staff to conduct a thorough and effective assessments and remediation strategies. 
• Assess the robustness of cybersecurity architectures, technologies, and procedures being implemented within organizational facilities, especially oriented toward host-based and network-based environments. 
• Plan and execute security assessments, utilizing network monitoring systems to collect network traffic log data and security analytics methodologies to identify potential cyber threats and system gaps. 
• Develop detailed risk assessment reports, which explain identified gaps in policies, describe potential business risks, and create prioritized recommendations with estimated costs and effort levels for remediation. 
• Develop strategic and tactical objectives to include new ICS product and service offerings, identify additional business line unit needs, and generate program and project management plans. 
• Assist with converting standalone ICS systems to interconnected devices where assessments have determined that functionality and security dictate regular and/or remote access. 
• Assist with disconnecting ICS systems or devices where assessments have determined that functionality and security dictate isolation from external connections. 
• Maintain knowledge of current security areas such as Auditing, Policy, Database Security, Firewall Design and Implementation, Threat Assessments, Risk Analysis, Identity Management, Access Management, and data storage Services. 
• Solve complex digital and operational security problems facing Industrial Control Systems (ICS) used throughout the PA business line unit technology environment(s). 
• Design comprehensive technical solutions that meet client requirements and implement the appropriate software to mitigate critical security risks (e.g., system and mobile antivirus software, encryption modules, patch management programs, insider threat protection, incident response plans, forensic capabilities, and regulation compliance). 
• Securing cross-domain IT/OT communications and pathways by injecting the ICS team in ICS project development processes from planning through engineering, procurement, implementation, operations, and maintenance. 

 MINIMAL EXPERIENCE AND QUALIFICATIONS 

• Minimum of 5 years of hands-on experience as an ICS and SCADA security leader and/or manager across multiple industrial critical infrastructure sectors. 
• Minimum of 4 years’ experience providing same or similar services to the Port Authority of NewYork and New Jersey. 
• Minimum of 5+years’ experience with security frameworks such as: IEC 62443, NIST SP 800-82, NIST-CSF, NERC-CIP, NEI 08-09, or other industrial control framework(s). 
• Solid understanding of OT/ICS/SCADA infrastructure and industrial network monitoring solutions. 
• Experience creating ICS Functional Design Specifications and Detailed Design Specifications. 
• Demonstrated Claroty expertise with specific focus on advanced tuning techniques, dashboards, and reporting metrics. 
• Technical writing ability to draft security assessment report, concepts of operation, standard operating procedures, standards & guidelines. 

Desirable Qualifications 

Verifiable proof of two or more of the following certifications: 

• Certified SCADA Security Architect (CSSA) 
• Certified Information Systems Security Professional (CISSP) 
• SCADAHacker™- Critical Infrastructure Security 
• Certified Information Systems Auditor (CISA) 
• CompTIA Security + CE Certification (SEC+CE) 
• Certified Information Law Specialist (GLEG) 

JOB REQUIREMENTS: 

• Must currently possess The Secure Worker Access Consortium (SWAC) credential. 
• Must sign PA Non-Disclosure Agreement.