Consultant Industrial Cybersecurity

Industrial Cybersecurity Consultant

STSI is looking for a Cyber Security Consultant who is detail oriented and willing to utilize their investigative mind to dig into remediation issues, conduct security audits, and implement change plans in IT & OT environments. Ideal candidates have experience assessing security and PLC controls, maintaining up‑to‑date understanding of guidance from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and a firm understanding and experience with Allen Bradley PLC and Modbus PLC universal communication protocol.

Full‑time Contract – W2 ONLY. US Citizen (non‑negotiable).

$50.00 USD to $60.00 USD per hour.

3–5 vacancies.

Richmond, VA and Glen Allen, VA.

80% – 100% local travel within Virginia. Must have a valid driver’s license.

Miles, hotel (when required), and food are reimbursed.

Daylight, Monday through Friday.

Director of Network & Endpoint Security, Project Manager & Delivery Lead.

The Cybersecurity Consultant will independently execute significant portions of projects addressing IT and Industrial Control System security. Responsibilities include network penetration testing, web application security testing, vulnerability assessments, secure system design, and development of cybersecurity programs at client sites across the U.S. and Canada, utilizing the NIST Cybersecurity Framework (CSF), NIST Risk Management Framework (RMF), and other compliance frameworks.

• Maintain highest level of integrity, protecting confidentiality and security of all clients and project information.
• Identify and diagnose operational issues and implement design alterations.
• Conduct network penetration tests and vulnerability assessments of IT and OT networks.
• Perform detailed post‑event analysis of unusual events and direct needed procedure or process changes.
• Pursue, obtain, and maintain industry‑recognized IT certifications related to cybersecurity such as ethical hacking, network engineering, Industrial Control System (ICS), SCADA, risk management, and others.
• Resolve technical issues, analyze implications to the client’s business, and communicate them with applicable stakeholders.
• Develop policies and procedures for secure process control network design and implementation of firewalls and other security controls.
• Compile technical documentation of network traffic and firewall services, including explanations and diagrams.
• Collaborate with other groups and divisions within the company.
• Comply with all policies and standards.

• Bachelor’s degree in Cybersecurity, Computer Science, Computer Engineering, Electrical Engineering, or a related technical field and a minimum of 3 years of relevant experience.
• Advanced knowledge of security principles and cybersecurity technologies, and industry‑recognized certifications.
• Experience with vulnerability assessments, penetration tests, and the associated tools and techniques.
• Experience configuring cybersecurity controls such as firewalls, access control, authentication, anti‑virus/anti‑malware, patching, and logging.
• Advanced knowledge of control systems utilized by utilities, manufacturing, oil and gas, transportation, smart buildings, and cities.
• Strong written and oral communication skills.
• Strong analytical and critical thinking skills.
• Ability to operate under pressure and tight deadlines on site.
• Demonstrate sound decision‑making based on good security practices and principles.
• Understanding of business principles and operational security practices specific to engineering and security consulting.
• Knowledge of corporate policies and procedures.
• Strong technical writing skills; experience with modern and legacy computer networking and telecommunications.
• Experience with physical cabling for network communications and control system I/O.
• Ability to obtain and maintain access to current and future client sites.

We are an Equal Opportunity Employer and do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other legally protected status. All qualified applicants will receive consideration for employment without regard to any of these characteristics.