Cybersecurity Consultant (OT) at Thales Canada Inc., Defence and Security in Orlando, Florida

Job Description:

Location: Florida, United States of America

In fast changing markets, customers worldwide rely on Thales. Thales is a business where brilliant people from all over the world come together to share ideas and inspire each other. In aerospace, transportation, defence, security and space, our architects design innovative solutions that make our tomorrow's possible.

Position Summary

The Cybersecurity Consultant must have a proven experience working with Enterprise, Industrial, Critical Infrastructure, and Operational Technology (OT) environment. Possess a good understanding of industrial control systems (ICS) fundamentals. Equip with hands-on experience in assessing, troubleshooting and securing control systems, working with various vendors, knowledgeable with communication protocols such as TCP/IP, MODBUS, ICCP, DNP3, RTU, OPC, HMI, PLC, distributed control system (DCS) and supervisory control & data acquisition (SCADA). Must be able to evaluate the network architecture, distinguish the Enterprise (IT) and Operational Technology environment (OT) and identify cyber risks each Purdue level.

In addition, the Cybersecurity Operations Centre (CSOC) team will rely on your contribution to perform an in-depth analysis of digital artifacts, identify the malicious operations and evaluate the real impact in order to solve in a quick and efficient manner. This is a key role when it comes to responding to customer’s security incidents. In-depth knowledge and technical skills in Security Operation Centre (SOC), SIEM and SOAR, Incident Response, log and network analysis, Network security (Firewall, WAF, IDS/IPS), Enterprise and OT infrastructure. This includes using troubleshooting tools to analyze and respond to cyber threats, writing scripts to aid in quick analysis and response, and responding to security events. Previous work experience in ICS/OT and Cybersecurity consulting is vital for this role.

Key Responsibilities

The Cybersecurity Consultant is responsible to provide business-driven, cost-effective advice on the management of risk and security vulnerabilities for Enterprise (IT) and Operational Technology (OT) customers. You will support the development of Cybersecurity practices including but not limited to:

• Deliver IT and OT assets discovery including logical and physical site assessments


• Recommends implementation of new OT controls across provide more cost effective risk mitigation.


• Deliver Cyber Risk assessment for IT or OT environment including Security Architecture review


• Deliver reports with pragmatic solutions and provide actionable recommendations.


• Lead technical workshops to support the risk assessments activities


• Coordinate and support customer’s project team, site engineers, and management with project deliverables.


• Proficient in designing, implementing and maintaining, monitoring platform, log management systems, and correlation engine.


• Support the architecture design and recommend enhancement of Cybersecurity capabilities in OT environment.


• Proficient in vulnerability assessment, penetration testing, incident management in IT and OT environment.


• Carry out first responder actions, triaging and containing breaches. Document incidents from initial detection through final resolution.


• Lead incidents response, deployment of IR tools and sensors, advance forensic analysis, and incident response advisor.


• Point of escalation in support of cybersecurity investigations for the industrial environment. Provide guidance on incident resolution and containment techniques.


• Must be capable of advance analysis in respond to security incidents. Securely collect artifacts, analyze for malicious behavior and carry out analysis to determine the root cause of events.


• Lead threat-hunting activities, looking for anomalies. Ingest, analyze and contextualize data and turn that into intelligence for threat assessment and risk management.


• Contribute to the creation, update and distribution of incident response best practices to include response capabilities and recommendations to senior leadership when dealing with incidents that affect the business.

• Must be analytical with detail-oriented analysis and great documentation skills.


• Must have expertise supporting one or various Cloud infrastructure (Azure, AWS, GCP or IBM Cloud)


• Up-to-date with the latest Cybersecurity trends, news and threat landscapes, with OT, IoT, Big Data, Cloud Security, and Digital Transformation.

Key Requirements

• Bachelor degree in engineering, computer science, cybersecurity or related IT fields or job experience equivalent with a minimum of eight (8) years of experience


• Candidate must have a strong background in System/Network Architecture, Cybersecurity consulting and fundamentals with Industrial Control Systems (ICS), Operational Technology (OT).


• Experience in building and assessing an OT infrastructure, Security Operation Centre, and Cloud infrastructure.


• Currently holding one or more Cybersecurity industry recognized certifications: (ISACA, ISC2, GIAC SANS, CompTIA, Offensive-Security)


• Vendor specific training and certifications: IBM QRadar, Splunk, Palo Alto, FireEye, Cisco, Microsoft, Amazon (AWS)


• Over 5 years of related experience working in ICS and Operation Technology (OT) environment.


• Knowledgeable with NIST Cybersecurity Framework (CSF), ISA 62443, NIST800-82, MITRE ATT&CK and d3fend


• Over 5 years of related experience on a Computer Incident Response Team (CIRT) or a Security Operations Center (SOC)


• Experience in building SOC processes, Playbooks, Correlation rules, and Incident report.


• Experienced in Cloud infrastructure and Cloud security monitoring is a plus.


• Ability to develop and manage professional relationships with clients.


• Excellent in creating reports, presentations, architecture and workflow diagrams, and documentation.


• Communicate effectively (team spirit) with customers, colleagues, and management.

Key Qualifications

• Expertise in OT equipment from a variety of manufacturers and industrial protocols.


• Expertise and working experience in designing, implementing and monitoring OT sensors from various vendor such as Microsoft, Cisco, Forescout, Nozomi, Claroty, and others)


• Experience working in a SOC environment (Internal or MSSP)


• Experience monitoring enterprise environment. Operation Technology (OT) or ICS.


• Knowledge of numerous of operating systems, from the latest to legacy Windows, UNIX. Embedded OS, platforms is a plus.


• Strong understanding of security incident management, malware management and vulnerability management processes.


• Experience building, integrating, and maintaining SOAR platform: xSOAR, IBM Resilient, TheHive and Cortex


• Willingness to keep skills up to date, supported by training and mentoring.


• Strong written communication skills and presentation skills.


• Self-starter, work independently and adjust to changing priorities, critical and strategic thinker, negotiator and consensus builder.

Physical Demands

• Ability to install servers and network hardware in server rack if required.

This position will require successfully completing a post-offer background check. Qualified candidates with (a) criminal history will be considered and are not automatically disqualified, consistent with federal law, state law, and local ordinances.

Successful applicant must comply with federal contractor vaccine mandate requirements.

Thales champions inclusion and we believe diversity strengthens the fabric of our culture. We are an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law

If you need an accommodation or assistance in order to apply for a position with Thales, please contact us at talentacquisition@us.thalesgroup.com.

Salary: