Director of Offensive Security | Industrial Cybersecurity Consulting – 1898 & Co. (Multiple Loc[…]

at Burns & McDonnell
Published February 12, 2024
Location Washington, DC
Category Default  
Job Type Full-time  

Description

Director of Offensive Security | Industrial Cybersecurity Consulting - 1898 & Co. (Multiple Locations) Washington , District Of Columbia

  • Job: Consulting
  • Primary Location: Washington, DC
  • Schedule: Full-time
  • Travel: Yes, 50 % of the Time

Description

1898 & Co. is looking for its next leader within the Security & Risk Consulting group focused on helping our clients secure their operational technology and assets. The Director of Offensive Security within the Industrial Cybersecurity Consulting group will lead the group of project managers that provide consulting service offerings from 1898 & Co.’s Security & Risk Consulting group, reporting to the Security & Risk, Consulting Business Line Leader.

1898 & Co. is a global business, technology and security consultancy serving critical infrastructure industries. We partner with clients to plan, secure, and optimize their business. As part of Burns & McDonnell and our 120 years of industry experience, we understand the complexity of the asset-intensive business model, the trends impacting the industry, and the need to ground big ideas in operational realities.

We have a group specifically focused on industrial cybersecurity. When it comes to industrial cybersecurity, critical infrastructure industries face unprecedented challenges. The risk of cyber sabotage is on the rise. And evolving technologies create complexities that are increasingly difficult to manage. Our team is among the small pool of professionals who can operate at the intersection of critical infrastructure and cybersecurity.

We’re looking for someone ready to take the lead of the Offensive Security team with an entrepreneurial spirit and to implement our core values into their work. 1898 & Co. has the feel of a start-up, with the support of Burns & McDonnell’s vast resources. It’s what makes us unselfish collaborators. We proactively walk the talk to create bigger opportunities through sharing, communicating, and candidness. We are energy-givers who maintain a broader view of success, prioritizing others’ needs and goals in addition to our own.

1898 & Co.’s Business Lines facilitate a strategic approach to selling services, developing staff, and maintaining client relationships. The Director of Offensive Security primary responsibility is to help lead the Security Consulting Offensive Security Delivery team to meet the near-term goals and long-term vision for the Business Line that supports the growth of 1898 & Co. The Director of Security Consulting Offensive Security displays grit in their leadership role and the work they deliver. They are confident and willing to take it to the next level.

The Director of Offensive Security will be required to lead a team of penetration testers that work with numerous entities within a variety of industries, including energy, utilities, manufacturing, and government.

What You’ll Do:

As a Director of Offensive Security, you will be responsible for and manage the Offensive Security group within the Business Line of Industrial Cybersecurity Consulting service offerings. You’ll work with the Consulting Business Line Leader to support overall business planning, while being responsible for the Offensive Security group’s Profit and Loss. You’ll lead the group of penetration testers responsible for project execution, and team leadership. Key responsibilities will include:

You’ll support the Consulting Business Line to help create, develop, manage, and communicate the strategic direction of the Consulting Business Line. In collaboration with the Business Line Leader, you’ll help set financial targets for the Offensive Security team, such as sales, revenue, profitability, and chargeability, as well as budgets for overhead expenses, such as marketing trips, conferences, software, certifications, etc. You’ll help prepare and manage a business plan for the strategic growth of the Consulting Business Line, including expansion of current and new service offerings, marketing activities, client retention and acquisition, and staff growth plan.

You’ll support a team of penetration testers to facilitate timely, quality, and profitable execution of projects within the Business Line and serve as quality control leader for deliverables. You’re accountable for key financial performance metrics within the Business Line and the execution of projects.

You’ll serve as a Offering Leader on all aspects of project execution, including scope, schedule, and budget, and ensure quality control of deliverables. You’ll analyze and communicate project status, risks, schedule, and costs to all internal and external stakeholders. You’ll lead multi-discipline teams of engineers and analysts. Your communication and planning skills are vital to keeping everyone on the same page with personnel needs to department management.

You will mentor, train, and support the career development of penetration testers within the business line.

Specific responsibilities include:

Overall management of Security Consulting Offensive Security team

Develop and lead a global Security Consulting Offensive Security Strategy supporting the successful delivery of security outcomes across Security Risk & Consulting Delivery.

Serve as the Business Owner of Security Consulting Offensive Security processes, tools and governance, including documentation of all processes (sales engagement and delivery), the training of penetration testing team and assessment of new processes and tools when required.

Create a repository for all delivery documentation; keeping the repository updated

Align Offensive Security team with 1898 CX Principals

Review utilization and assignment of projects -ensuring proper utilization for team members

Monitor and proactively address project risks

Manage penetration testing projects for industrial control systems (ICS), ensuring timely, on budget completion and adherence to established methodologies and guidelines.

Advise on the pursuit and proposal process for client engagements, contributing technical expertise to craft compelling proposals that showcase value of our penetration testing services.

Lead the estimation and resource allocation process for penetration testing engagements, providing insights into project requirements, complexities, and potential challenges, ensuring efficient project planning and execution.

Achieve client-specific cybersecurity goals by identifying vulnerabilities and potential attack vectors in ICS environments and recommending appropriate remediation measures.

Develop comprehensive penetration testing reports that clearly outline findings, risks, and recommendations for improving the security posture of industrial control systems.

Advise clients on best practices for securing their industrial networks and control systems, including network segmentation, authentication, and encryption.

Assign tasks and responsibilities to junior penetration testing engineers, providing guidance and mentorship to develop their skills and expertise in ICS security.

Decide on the scope and objectives of penetration tests, based on client requirements and industry-specific regulations and standards.

Oversee the continuous improvement of internal processes and procedures, promoting a culture of excellence and innovation within the penetration testing team.

Approve and reviews penetration testing methodologies and tools, ensuring their suitability for assessing the security posture of various ICS architectures and technologies.

Authorize using specialized testing techniques, such as social engineering and red teaming exercises, to simulate real-world cyberattacks and evaluate client defenses.

Initiate client communication, establishing a collaborative relationship and maintaining transparency throughout the penetration testing process.

Delegate responsibilities to team members, ensuring a balanced workload and optimal use of resources during penetration testing engagements.

Determine training needs for the team and participates in developing ICS cybersecurity training materials and programs, by level, by role and by specific consultant.

Supervise the assessment of emerging cybersecurity threats and vulnerabilities specific to industrial control systems, incorporating this knowledge into testing methodologies and strategies.

Monitor and ensure CSAT responses on Offensive Security Projects and ensure all engagements are at or above satisfactory for all projects

Enforce strict adherence to legal and ethical guidelines during penetration testing engagements, ensuring that all activities comply with applicable laws, regulations, and industry standards.

Collaborate with other cybersecurity professionals, staying current on industry trends and advancements in ICS security, and contributing to the broader knowledge base of the organization.

Conduct quarterly reviews and provide feedback to Offensive Security team members on progress

Develop and maintain relationships with internal clients (Offering Leaders) to ensure escalation paths are clearly defined

Develop, manage, and update all Offensive Security sales documentation – required for sales, internal training, internal reference, website content, etc.

Other duties as assigned

Qualifications

Bachelor’s degree in a technical field, e.g., (Cybersecurity, Computer Science or Information Systems, Computer Engineering, Electrical Engineering, or another related technical field with appropriate experience).

Minimum 13 years of relevant consulting experience. Preferred: 6-10 years of experience in cybersecurity with at least 3-5 years specifically in penetration testing or vulnerability assessment roles.

Additional applicable years of experience may be considered in lieu of degree requirements.

Advanced knowledge of security principles and firm knowledge of cybersecurity technologies, as well as industry-recognized certifications. At least one industry-recognized certifications is preferred: Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), or Certified Penetration Testing Engineer (CPTE).

Cloud Security experience, such as AWS, Azure, GCP.

Threat Modeling Experience

Strong knowledge of various IT protocols, Industrial protocols, ICS/OT security standards (e.g., IEC 62443), and risk assessment methodologies.

Proficiency in using standard penetration testing tools, such as Metasploit, Burp Suite, Nmap, Cobalt Strike and Wireshark.

Proficiency with programming and scripting languages (e.g., Python, Ruby, Java, or C/C ).

Proven leadership experience.

Excellent analytical, problem-solving, and communication skills.

Ability to work independently and collaboratively within a team environment.

Strong attention to detail, facilitation, team building, and collaboration skills

EEO/Minorities/Females/Disabled/Veterans

1898 & Co. is a business, technology and security solutions consultancy where experience and foresight come together to unlock lasting advancements. We innovate today to fuel your future growth, catalyzing insights that drive smarter decisions, improve performance and maximize value. As part of Burns & McDonnell, we draw on more than 120 years of deep and broad experience in complex industries as we envision and enable the future for our clients.

J-18808-Ljbffr