Operation Technology Security Engineer (DLA VM Support)
United States of America
Full Time
3 weeks ago
No H1B
Key skills
AnalyticsBIPower BILeadershipChange ManagementCommunication
About this role
Horizon Industries Limited is a dynamic IT and Management Consulting firm based in the Washington, DC area. They are currently seeking an Operation Technology Security Engineer for a full-time, remote position supporting the Defense Logistics Agency (DLA), responsible for ensuring the security of operational technology systems and addressing cybersecurity requirements.
Responsibilities:
- Performs a variety of routine project tasks applied to specialized information assurance problems with operational technology (OT) systems
- Tasks involve integration of OT processes or methodologies with information systems to resolve total system problems, or technology problems as they relate to Cybersecurity requirements
- Analyzes information security requirements
- Applies analytical and systematic approaches in the resolution of problems of workflow, organization, and planning
- Provides security engineering support for planning, design, development, testing, demonstration, integration of OT systems
- Updates and tracks POA&M entries by documenting findings, logging remediation actions, and keeping milestone dates current to ensure issues move toward closure
- Experience performing OT-specific risk assessments, identifying threats, vulnerabilities, and operational impacts
- Ability to recommend risk-based mitigation strategies tailored to OT constraints
- Familiarity with secure configuration baselines, hardening procedures, and compliance enforcement
- Experience deploying and tuning security monitoring solutions for OT environments, including anomaly detection and threat intelligence integration
- Ability to develop and implement OT-specific incident response plans
- Knowledge of forensic techniques and tools appropriate for OT systems
- Understanding of patch management workflows and enterprise change management processes
- Ability to build automated workflows for vulnerability remediation, compliance checks, or reporting
- Proficiency with analytical tools such as Microsoft Excel, Access, Power BI, and Power Platform
- Ability to generate clear, accurate, and audit-ready cybersecurity reports for technical and leadership audiences
- Experience producing analytics and trend reports using data from scanners, configuration tools, and monitoring platforms
- Understanding of vendor and supply chain security practices for OT equipment and services
- Experience bridging IT and OT cybersecurity requirements to ensure aligned policies and protections
- Ability to translate technical findings into actionable recommendations for engineers, operators, and leadership
- Strong research, analytical, and problem-solving abilities
- Excellent written and verbal communication skills, including briefing senior leaders
- Proven ability to work independently and collaboratively with minimal oversight
- Commitment to staying current on emerging OT threats, vulnerabilities, and best practices
Requirements:
- Seven (7) years of relevant OT Cybersecurity experience
- Experience with OT communication protocols such as Modbus/TCP, EtherNet/IP, IEC 61850, ICCP, DNP3, BACnet, and similar industrial protocols
- Strong understanding of OT systems including SCADA, ICS, DCS, PLCs, HMIs, RTUs, and field devices
- Knowledge of secure OT network architectures, including segmentation, firewalls, IDS/IPS, and network monitoring solutions
- Understanding of secure remote access technologies and best practices for OT maintenance and monitoring
- Experience managing software and firmware updates for OT devices while minimizing operational disruption
- Proficiency with OT‑relevant cybersecurity frameworks such as NIST CSF, ISA/IEC 62443, and NERC CIP
- Familiarity with DoD cybersecurity requirements including STIGs, TCG configuration guides, IAVMs, and Task Orders
- Experience preparing environments for DoD cybersecurity inspections
- Ability to develop, maintain, and validate cybersecurity artifacts and documentation
- Understanding of compliance requirements for OT environments and industry‑specific regulatory obligations
- Proficiency in conducting vulnerability assessments across networks, databases, applications, and OT/IT systems
- Knowledge of vulnerability scanning and asset visibility tools (ACAS, Nessus, Qualys, Forescout, EyeInspect)
- Updates and tracks POA&M entries by documenting findings, logging remediation actions, and keeping milestone dates current to ensure issues move toward closure
- Experience performing OT‑specific risk assessments, identifying threats, vulnerabilities, and operational impacts
- Ability to recommend risk‑based mitigation strategies tailored to OT constraints
- Familiarity with secure configuration baselines, hardening procedures, and compliance enforcement
- Experience deploying and tuning security monitoring solutions for OT environments, including anomaly detection and threat intelligence integration
- Ability to develop and implement OT‑specific incident response plans
- Knowledge of forensic techniques and tools appropriate for OT systems
- Understanding of patch management workflows and enterprise change management processes
- Ability to build automated workflows for vulnerability remediation, compliance checks, or reporting
- Proficiency with analytical tools such as Microsoft Excel, Access, Power BI, and Power Platform
- Ability to generate clear, accurate, and audit‑ready cybersecurity reports for technical and leadership audiences
- Experience producing analytics and trend reports using data from scanners, configuration tools, and monitoring platforms
- Understanding of vendor and supply chain security practices for OT equipment and services
- Experience bridging IT and OT cybersecurity requirements to ensure aligned policies and protections
- Ability to translate technical findings into actionable recommendations for engineers, operators, and leadership
- Strong research, analytical, and problem‑solving abilities
- Excellent written and verbal communication skills, including briefing senior leaders
- Proven ability to work independently and collaboratively with minimal oversight
- Commitment to staying current on emerging OT threats, vulnerabilities, and best practices
- Required to possess a DOD SECRET Clearance
- Required Training Certifications In: ICS300 or relevant Operational Technology “OT” or Industrial Control System “ICS” Cybersecurity Certifications
- Forescout
- DLA approved CE (M Account Access)
- Current Requirement: DOD 8570 - IAT 2
- Future Requirement: DOD 8140
- Primary Cyber Work Role: • Work Element: Cybersecurity (CS) • Work Role: 722 - Information Systems Security Manager • Proficiency Level: Intermediate