Industrial Cybersecurity Consultant

Industrial Cybersecurity Consultant

STSI is looking for a Cyber Security Consultant who is detail oriented, has an investigative mind, and can dig into remediation issues. The candidate will conduct security audits, implement change plans in IT & OT environments, and assess security and PLC controls. Experience with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) guidance, Allen‑Bradley PLC, and Modbus PLC universal communication protocol is required.

Type: Full‑time Contract – W2 ONLY, candidate must be a U.S. Citizen (non‑negotiable)

Compensation: $50.00 – $60.00 USD per hour

# of Positions: 3–5

Location: Richmond, VA and Glen Allen, VA

Travel: 80% – 100% (only local candidates in the state of Virginia are accepted; candidates must be able to drive to different locations/offices in VA, use their own vehicle, and possess a valid driver’s license)

Expense: Miles, hotel (when required), and food are reimbursed

Schedule: Daylight, Monday through Friday

Reports to: Director of Network & Endpoint Security, Project Manager & Delivery Lead

Position Summary
The Cybersecurity Consultant will independently execute significant portions of projects addressing Information Technology (IT) and Industrial Control System security. The role supports projects such as network penetration testing, web application security testing, cybersecurity vulnerability assessments, secure system design and integration, and development of cybersecurity programs at client sites across the U.S. and Canada. The consultant will employ the NIST Cybersecurity Framework (CSF), NIST Risk Management Framework (RMF), and other relevant compliance frameworks to plan, design, develop, and implement technical controls, procedures, and policies.

• Maintain the highest level of integrity, protecting the confidentiality and security of all clients and project information.
• Identify and diagnose operational issues and implement design alterations to address these issues.
• Conduct network penetration tests and vulnerability assessments of IT and OT networks for compliance and security purposes.
• Perform detailed post‑event analysis of unusual events and direct needed procedure or process changes.
• Pursue, obtain, and maintain industry‑recognized IT certifications related to cybersecurity (e.g., ethical hacking, network engineering, Industrial Control System (ICS), Supervisory Control and Data Acquisition (SCADA), risk management).
• Resolve technical issues, analyze implications to the client’s business, and communicate them to applicable stakeholders.
• Develop policies & procedures for secure control‑network design, provide technical and design recommendations for firewalls and other security controls.
• Compile technical documentation of network traffic, firewall services, and solutions, including explanations and diagrams.
• Work collaboratively with other groups and divisions inside the company.
• Comply with all policies and standards.

• Bachelor’s degree in Cybersecurity, Computer Science, Computer Engineering, Electrical Engineering, or related technical field with a minimum of 3 years of relevant experience.
• Advanced knowledge of security principles and cybersecurity technologies, and industry‑recognized certifications.
• Experience with vulnerability assessments, penetration tests, and associated tools/techniques.
• Experience with cybersecurity controls such as firewalls, access control, authentication, anti‑virus/anti‑malware, patching, and logging.
• Advanced knowledge of control systems used by utilities, manufacturing, oil and gas, transportation, smart buildings, and cities.
• Strong written and oral communication skills.
• Strong analytical and critical thinking skills.
• Ability to operate under pressure and tight deadlines, in on‑site industrial, corporate, and government environments.
• Demonstrated ability to make sound decisions based on good security practices and principles.
• Understanding of business principles and operational security practices specific to engineering/security consulting.
• Knowledge and/or experience with corporate policies and procedures.
• Strong technical writing skills; knowledge of modern and legacy computer networking and telecommunications.
• Experience with physical cabling for network communications and control‑system input/output.
• Ability to obtain and maintain access to current and future client sites.

We are an Equal Opportunity Employer and do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other legally protected status. All qualified applicants will receive consideration for employment without regard to any of these characteristics.