At HDR, our transportation specialist focus on providing clients infrastructure solutions. We believe that mobility today should improve overall community well-being and quality of life. Each mode of transportation, each location and each agency is unique. In communities big and small, our approach is to understand each client’s vision and design customized mobility solutions that create strong, vibrant communities.
Throughout the life of a transportation project, we emphasize the importance of data-driven decisions to identify the best solution. Our full-service teams offer complete project life cycle management, from initial capital planning and economic analyses to design and construction management to geospatial data integration and asset management. We also manage large, complex infrastructure programs such as public-private partnerships and design-build projects to help our clients mitigate risks and achieve successful outcomes.
Transportation is experiencing significant mobility advancements with a focus on multimodal transportation systems and road users; and visible economic development achievements with a focus on industry partnerships and technology deployments. OT infrastructure is vital to the operation of U.S. critical infrastructures and is often highly interconnected, containing mutually dependent systems. OT Cybersecurity considerations are now being integrated into our client’s systems and there is significant need to provide support as they secure their systems and networks for reliable and safe operations. HDR’s clients are requesting a variety of services to help make their OT systems more resilient to cyber related issues.
This position will be an integral part of the Cybersecurity Services Group to provide support for our transportation services. The initial focus for this position will to support our clients in defining the scope of cybersecurity assessment needs including OT systems, devices and applications, the industry standard assessment methodologies to be followed and performance metrics including minimum requirements for key topics such as risk categories. Additionally, we assist clients with reviewing vendor qualifications and required deliverables for critical infrastructure.
- HDR Transportation group representative for Cybersecurity Services Group Steering committee
- Actively participate in scope development, project risk reviews and development of project approaches for risk mitigation
- Maintain a working knowledge of secure networking standards to include NIST-800, ISA-62443, ISO 27001, and others as required by client.
- Assisting client in identifying the types and nature of potential, high-level OT cybersecurity risks and threats as defined by ISA 62443 standards through literature reviews and industry practices to establish a minimum basis of topics to be addressed through risk assessment activities performed by others.
- Develop and provide internal/external training/mentorship on cybersecurity/network topics.
- Provide network and system specification documentation deliverables to address cybersecurity vulnerabilities and the security controls necessary to mitigate the vulnerabilities to an acceptable level of risk.
- For multiple facility design or design-build projects, serve as the project team’s cybersecurity consultant to facilitate reliable, safe, and secure network and system designs satisficed by the various project constraints (cost, schedule, resources, risk, capability, regulations, industry cybersecurity standards, etc.).
- Participate in project meetings and coordinate deliverables with clients and other HDR team designers, programmers, implementers, architects, and engineers.
- Provide post project QC design validation reviews to insure conformance with specifications
- Provide client consulting assistance to include master planning in conformance with standards, policies, procedures, and directives relevant to the owner/client industry.
- Lead, manage, or QC review other HDR Cybersecurity/Engineering deliverables in the project delivery of cross-sector cybersecurity services.
Keywords: #158753; Operational Technologies Cybersecurity Director; Cybersecurity, ICS, OT, RMF, Industrial Control Systems, Networking, Firewalls, VM, IDS, Intrusion Detection System, PLC, BMS, BAS, BCS, UCS, UMCS, HMI, SCADA, Modbus, CIP, TCP/IP
This position requires the following skills, attributes and experience:
- Bachelors Degree in technical field similar to the following: Electrical Engineer, Automation Engineer, Computer Engineering, and Computer Science
- CISSP or GICSP
- Control systems expertise.
- IT experience / certification in working, encryption, programming, scripting, database design.
- Expected to have knowledge of TCP/IP, UDP, and other communications protocols
- Experience with C, C#, Java, Python, and other software programming languages and tools such as PCAP files, network sniffers, etc.
- Expected to have a high degree of familiarity with the integration of cyber security and enterprise business management, especially as it pertains to critical infrastructure networks deployed by State DOT’s, municipalities, and others.
- Working knowledge of the Department of Homeland Security’s Cyber Security Assessment Tool (CSET), the NIST Cyber Security Framework, and other similar evaluation tools.
- Experience with common IT systems employed for roadway networks including; wireless transfer, fiber optic networks, Layer 2 and Layer 3 switches, firewalls, cellular and other types of similar devices.
- Knowledge of and experience with common cyber-security threats such as a Denial-of-Service, Ransomware, etc. attacks and approaches to mitigate those threats.
- Project Management experience
- Security experience
- Cybersecurity Standards experience (ISA 62443, NIST 800 Series, ISO, NERC/FERC, etc.)
- 10+ years of experience in ICS solutions design, development, deployment, and commissioning in a virtual and/or cloud based hosting environment
- ICS network design experience and familiarity with the Purdue Model
- Multiple equipment manufacturers and OT protocols
- SCADA, PLC Programming, HMI, Operator Interface Terminals
- 3+ years of experience working in critical infrastructure (Transportation, Federal/DoD, Oil & Gas, Chemical, Water/Wastewater, Power Generation, etc.)
- MS Word / Visio skills for project documentation and detailed network design (example work may be requested subject to confidentiality)
- Strong team player with excellent communication and documentation skills
- Ambition to learn and willingness to improvise/compromise based on client/project resources, limitations, and capabilities
- US Citizenship
- Travel (~15-25%): North America
- Demonstrated commitment to HDR values. An attitude and commitment to being an active participant of our employee-owned culture is a must.