Job Description

Location: Canada_Remote, CanadaDans des march\xc3\xa9s en rapide \xc3\xa9volution, les clients \xc3\xa0 travers le monde font confiance \xc3\xa0 Thales. Thales est une entreprise o\xc3\xb9 les personnes les plus brillantes du monde entier se regroupent pour mettre en commun leurs id\xc3\xa9es et ainsi s\'inspirer mutuellement. Dans tous les secteurs o\xc3\xb9 \xc5\x93uvre Thales, notamment l\xe2\x80\x99a\xc3\xa9rospatiale, le transport, la d\xc3\xa9fense, la s\xc3\xa9curit\xc3\xa9 et l\'espace, nos \xc3\xa9quipes d\xe2\x80\x99architectes con\xc3\xa7oivent des solutions innovantes qui rendent demain possible d\xc3\xa8s aujourd\xe2\x80\x99hui.In fast changing markets, customers worldwide rely on Thales. Thales is a business where brilliant people from all over the world come together to share ideas and inspire each other. In aerospace, transportation, defence, security and space, our architects design innovative solutions that make our tomorrow\'s possible.Position SummaryThis is a remote position within Ontario Canada.Thales is looking for a Cybersecurity Consultant with proven experience working with Enterprise, Industrial, Critical Infrastructure, and Operational Technology (OT) environment. Possess a good understanding of industrial control systems (ICS) fundamentals. Equip with hands-on experience in assessing, troubleshooting and securing control systems, working with various vendors, knowledgeable with communication protocols such as TCP/IP, MODBUS, ICCP, DNP3, RTU, OPC, HMI, PLC, distributed control system (DCS) and supervisory control & data acquisition (SCADA). Must be able to evaluate the network architecture, distinguish the Enterprise (IT) and Operational Technology environment (OT) and identify cyber risks each Purdue level.In addition, the Cybersecurity Operations Centre (CSOC) team will rely on your contribution to perform an in-depth analysis of digital artifacts, identify the malicious operations and evaluate the real impact in order to solve in a quick and efficient manner. This is a key role when it comes to responding to customer\xe2\x80\x99s security incidents. In-depth knowledge and technical skills in Security Operation Centre (SOC), SIEM and SOAR, Incident Response, log and network analysis, Network security (Firewall, WAF, IDS/IPS), Enterprise and OT infrastructure. This includes using troubleshooting tools to analyze and respond to cyber threats, writing scripts to aid in quick analysis and response, and responding to security events. Previous work experience in ICS/OT and Cybersecurity consulting is vital for this role.Key Areas of ResponsibilityThe Cybersecurity Consultant is responsible to provide business-driven, cost-effective advice on the management of risk and security vulnerabilities for Enterprise (IT) and Operational Technology (OT) customers. You will support the development of Cybersecurity practices including but not limited to:

• Deliver IT and OT assets discovery including logical and physical site assessments.
• Recommends implementation of new OT controls across provide more cost effective risk mitigation.
• Deliver Cyber Risk assessment for IT or OT environment including Security Architecture review.
• Deliver reports with pragmatic solutions and provide actionable recommendations.
• Lead technical workshops to support the risk assessments activities.
• Coordinate and support customer\xe2\x80\x99s project team, site engineers, and management with project deliverables.
• Proficient in designing, implementing and maintaining, monitoring platform, log management systems, and correlation engine.
• Support the architecture design and recommend enhancement of Cybersecurity capabilities in OT environment.
• Proficient in vulnerability assessment, penetration testing, incident management in IT and OT environment.
• Carry out first responder actions, triaging and containing breaches. Document incidents from initial detection through final resolution.
• Lead incidents response, deployment of IR tools and sensors, advance forensic analysis, and incident response advisor.
• Point of escalation in support of cybersecurity investigations for the industrial environment. Provide guidance on incident resolution and containment techniques.
• Must be capable of advance analysis in respond to security incidents. Securely collect artifacts, analyze for malicious behavior and carry out analysis to determine the root cause of events.
• Lead threat-hunting activities, looking for anomalies. Ingest, analyze and contextualize data and turn that into intelligence for threat assessment and risk management.
• Contribute to the creation, update and distribution of incident response best practices to include response capabilities and recommendations to senior leadership when dealing with incidents that affect the business.

• Must be analytical with detail-oriented analysis and great documentation skills.
• Must have expertise supporting one or various Cloud infrastructure (Azure, AWS, GCP or IBM Cloud).
• Up-to-date with the latest Cybersecurity trends, news and threat landscapes, with OT, IoT, Big Data, Cloud Security, and Digital Transformation.

Key Requirements

• Bachelor degree in engineering, computer science, cybersecurity or related IT fields or job experience equivalent with a minimum of eight (8) years of experience.
• Candidate must have a strong background in System/Network Architecture, Cybersecurity consulting and fundamentals with Industrial Control Systems (ICS), Operational Technology (OT).
• Experience in building and assessing an OT infrastructure, Security Operation Centre, and Cloud infrastructure.
• Currently holding one or more Cybersecurity industry recognized certifications: (ISACA, ISC2, GIAC SANS, CompTIA, Offensive-Security)
• Vendor specific training and certifications: IBM QRadar, Splunk, Palo Alto, FireEye, Cisco, Microsoft, Amazon (AWS).
• Over 5 years of related experience working in ICS and Operation Technology (OT) environment.
• Knowledgeable with NIST Cybersecurity Framework (CSF), ISA 62443, NIST800-82, MITRE ATT&CK and d3fend.
• Over 5 years of related experience on a Computer Incident Response Team (CIRT) or a Security Operations Center (SOC).
• Experience in building SOC processes, Playbooks, Correlation rules, and Incident report.
• Experienced in Cloud infrastructure and Cloud security monitoring is a plus.
• Ability to develop and manage professional relationships with clients.
• Excellent in creating reports, presentations, architecture and workflow diagrams, and documentation.
• Communicate effectively (team spirit) with customers, colleagues, and management.

Key Qualifications

• Expertise in OT equipment from a variety of manufacturers and industrial protocols.
• Expertise and working experience in designing, implementing and monitoring OT sensors from various vendor such as Microsoft, Cisco, Forescout, Nozomi, Claroty, and others).
• Experience working in a SOC environment (Internal or MSSP).
• Experience monitoring enterprise environment. Operation Technology (OT) or ICS.
• Knowledge of numerous of operating systems, from the latest to legacy Windows, UNIX. Embedded OS, platforms is a plus.
• Strong understanding of security incident management, malware management and vulnerability management processes.
• Experience building, integrating, and maintaining SOAR platform: xSOAR, IBM Resilient, TheHive and Cortex.
• Willingness to keep skills up to date, supported by training and mentoring.
• Strong written communication skills and presentation skills.
• Self-starter, work independently and adjust to changing priorities, critical and strategic thinker, negotiator and consensus builder.

Physical Demands

• Ability to install servers and network hardware in server rack if required.
• Comfortable visiting customer sites and wearing Personal Protective Equipment (PPE) hardhat, steel toe boots, mask and others as required by the site).

#LI-RemoteThales est un employeur offrant l\xe2\x80\x99\xc3\xa9galit\xc3\xa9 des chances qui valorise la diversit\xc3\xa9 et l\xe2\x80\x99inclusion sur le lieu de travail. Thales s\xe2\x80\x99engage \xc3\xa0 mettre en place des mesures d\xe2\x80\x99adaptation tout au long du processus de recrutement. Les candidats s\xc3\xa9lectionn\xc3\xa9s pour une entrevue et ayant besoin de mesures d\xe2\x80\x99adaptation sont pri\xc3\xa9s de le faire savoir lors de l\xe2\x80\x99invitation \xc3\xa0 l\xe2\x80\x99entrevue; notre \xc3\xa9quipe travaillera volontiers avec chaque candidat pour r\xc3\xa9pondre \xc3\xa0 ses besoins particuliers. Tous les renseignements relatifs aux mesures d\xe2\x80\x99adaptation seront trait\xc3\xa9s d\xe2\x80\x99une mani\xc3\xa8re confidentielle et utilis\xc3\xa9s uniquement dans le but d\xe2\x80\x99offrir une exp\xc3\xa9rience candidat adapt\xc3\xa9e.Thales is an equal opportunity employer which values diversity and inclusivity in the workplace. Thales is committed to providing accommodations in all parts of the interview process. Applicants selected for an interview who require accommodation are asked to advise accordingly upon the invitation for an interview. We will work with you to meet your needs. All accommodation information provided will be treated as confidential and used only for the purpose of providing an accessible candidate experience.

Thales