We have been assigned by Canadian Nuclear Laboratories (CNL) to look for an experienced Cyber Security Engineer.
CNL’s cyber security research team conducts leading edge research in cyber security of instrumentation and control systems in the nuclear industry and for critical infrastructure. Digital security concerns and evolving standards and regulations are driving demand for safe and secure solutions by both business and industrial consumers. Unlike IT systems, industrial control systems are often bound by strict regulatory requirements and rigorous change controls that introduce complexities, risks and costs that are substantially higher for any modernization or modification and therefore requires specialists in Instrumentation & Control (I&C) systems with cyber security expertise.
This is a permanent role or a contract role, ideally fulle-time based in Fredericton (New Brunswick, Canada).
The Cyber Security Engineer must haveexperience in cyber security as applied to instrumentation and control systems in order to pursue R&D projects.
- Utilize advanced methods to develop cyber security assessment and penetration testing methodologies for industrial control applications.
- Serve as a core member of the cyber security research group, with particular emphasis on cyber security of instrumentation and control (I&C) systems.
- Propose, develop, and lead technical projects to evaluate cyber security solutions using a combination of electrical, I&C, and computer engineering.
- Support product development of cyber security products and services for critical infrastructure.
- Conduct security assessments of I&C equipment using recognized standards and guidelines.
- Develop methodologies to mitigate vulnerabilities in I&C equipment and applications (e.g., penetration testing, change management, vendor management);
- Propose new cyber security techniques and technologies and design, develop, test and validate these new capabilities with the goal of developing practical and innovative cyber security solutions for industrial control applications.
- Responsible for guiding the work of junior scientists/engineers or technicians assigned to a common project.
- We are currently recruiting applicants that are legally entitled to work in Canada.
- Undergraduate degree in Computer Science, Engineering, or Applied Mathematics10 years of relevant experience in I&C systems technology, or information security/cyber security technology
- Significant practical knowledge and hands-on experience with:
- I&C domain protocols and standards such as MODBUS and OPC
- Design and implementation of control system network architectures
- Programming PLCs, HMI SCADA systems such as Siemens, Allen Bradley and Triconex
- Specifying field instrumentation, PLC and SCADA hardware, and wiring design
- Recognized industry standards and guidelines
- Knowledge and/or experience with cyber security technologies a strong asset (e.g., intrusion detection systems, forensic analysis tools, next generation firewalls, application control, whitelisting, AV, encryption, automated auditing, analytics), and advanced persistence threats, zero day exploits, malware attack vectors and threat intelligence
- Ability to handle software and hardware problems.
- Higher education (MSc, and/or PhD) is an asset.
- Specialized knowledge/expertise in a particular area of cyber security would be an asset (e.g., machine learning, secure system design, vulnerability assessments, wireless security).
- Since it is recognized that applying cyber security solutions to I&C systems is experience that candidates may lack, a demonstrated interest in the area combined with an ability to learn quickly will be considered.
Depending on the experience and the type of contract (permanent or freelance)