Senior Cybersecurity Professional
Many of the world’s top engineers and scientists come together in our Water business because they view a community’s interaction with water a bit differently—as a single holistic system, rather than unconnected networks divided by jurisdictional boundaries. Working throughout the hydrologic cycle, we are delivering sustainable solutions to make sure water is where it should be and available when needed. Our experts guide our work with scientific rigor, an innovative spirit, and a vision for growth. Every day, we help communities improve, reuse, and protect this precious resource for future generations. By 2025 we’re hiring 2,000 people (like you) to join our team. Grow with us, H2O+U.
Your Opportunity
We are looking for a talented Water/Wastewater Senior-Level Cybersecurity professional who will lead teams that protect water OT (Operational Technology) systems from cyber threats by designing, implementing, and monitoring security measures and can create and follow disaster recovery plans in case of emergencies. This Water/Wastewater Senior-Level Cybersecurity professional should have a long and proven track record in protecting and securing large and complicated infrastructure projects and wants to be a leader within our purpose-driven organization that is focused on helping our clients, colleagues and communities thrive.
Our people are Stantec’s most valuable resource, and in joining our team you will be able to leverage your career experiences and expertise in Cybersecurity applied to pumping stations, water treatment and wastewater treatment infrastructure within a culture that values inclusion, celebrates shared success, and applauds ambition.
Your Key Responsibilities
DO: Project Delivery
· In cooperation with the North American I&C Engineering Leads:
o Develop and maintain network design standards and typical cybersecurity solution profiles representative of Stantec clientele across various industries
o For use by design professionals: Establish guidelines for evaluation of client security needs, and conveyance of recommendations and execution strategies to technical and non-technical client representatives
o Develop formal procedures to conduct client authorized network penetration testing to simulate cyberattacks and test the effectiveness of existing security measures
o Develop inventory of network testing and analysis tools, monitoring and management software, penetration testing tools, representative network hardware, and programming tools as necessary to support practical training of department professionals and execution of project specific work tasks.
· Stay continuously educated on new threats or attack vectors and update security policies and tools accordingly. Maintain key cybersecurity and network certifications. Maintain working knowledge of the latest methods for ethical hacking and testing, and support evaluation of new penetration testing tools
· Maintain active engagement in key manufacturer and industry sponsored user-groups
· Project Specific Responsibilities:
o Conduct network and system security reliability and vulnerability audits to evaluate how well an organization’s system conforms to a set of established criteria
o Manage the execution and performance of routine security assessments/audits on networks, systems, code, controls, and applications to assess compliance with security standards and protocols
o Conduct analysis of existing security policies that identify procedures and protocols for accessing and using client IT resources. Recommend written policy improvements, tracking and enforcement mechanism improvements, and any required infrastructure improvements to support
o Use prescribed testing methods to identify means by which network security system and/or application weaknesses may be exploited by bad actors. Record field observation and test results and develop preliminary corrective action recommendations
o Development and execution oversight of security tests on networks, web-based applications, and computer systems. Custom designed tests and tools may be necessary to break into protected applications and networks to probe for vulnerabilities
o Develop summary and detailed field findings and recommendations reports; chair technical development workshops and management level meetings; develop formal execution strategy with prioritized work tasks that represent measurable return on fiscal and labor investment
o Provide oversight of project execution to ensure quality of final product and compliance with engineering intent
o Coordinate and be responsible for the security of project-specific water-related infrastructure
· Work with North American I&C Engineering Leads to establish a team of cybersecurity and network design professionals:
o Manage, lead, and mentor established team
o Mentor developing professionals to guide career development objectives
o Conduct quality reviews of work output and provide technical guidance on design approach and challenges
o Establish training programs for key subject matter topics as well as broad cybersecurity best practices and procedures
o Assist with workload distribution and assignment
o Active engagement in technically complex projects and serve as a technical resource for other team members
o Recognize when technical problems develop and initiate guidance for corrective actions.
· Provide technical support to the Business Center Practice Leader to further the growth of Stantec’s North American business
· Conduct work in a safe manner and promote health and safety within the office and outside of the office while visiting clients and job sites
WIN: Support Business Development Activities
· Assist the Business Center Practice Leader and other Client Account Managers with developing new work in North America specifically related to Cybersecurity for OT projects. Lead and assist with proposals and with preparing the technical aspects for project interviews conducted by clients
· Develop positive relationships with clients in North America; earn confidence and become a trusted adviser
· Participate in regional or national level symposiums and, where possible, seek association leadership roles to improve company profile
Your Capabilities and Credentials
Leadership:
· Skilled leader and team player capable of building relationships both internally and externally
· Skilled communicator in both oral and written communications
· Skilled at building consensus and cooperation with staff at all skill levels
· Skilled at inspiring, motivating, and holding team accountable for delivery of innovative design solutions.
Technical Expertise:
· Experienced in the design of computer-based OT Systems specifically for water treatment plants and wastewater treatment plants or related industry
· Experienced in the maintenance of OT System security for large local government and municipal agencies or related industry
· Solid understanding of networking and system administration
· Understanding of cryptography, reverse engineering, web applications, databases, and wireless technologies
· Understanding of scripting and programming associated with the following software and standards is preferred:
o Programming languages (such as SQL, C ++, JavaScript, Ruby, and Python)
o Security assessment tools (such as Aircrack-ng, Burp Suite, SQLmap, Nessus)
o Security frameworks (such as NIST, SOX, HIPAA, ISO)
o Operating systems (such as Linux, Unix, Windows)
· Strong oral and written communication skills
· Excellent problem-solving skills to determine the most effective way to correct issues that arise
· Ability to review data and analyze the processes needed to correct security issues
· Working knowledge of regulatory guidelines and standards, compliance standards and policies, audit techniques, regulatory issues, operations, and procedures as they relate to the organization is preferred
· Experience working in a large organization.
Education and Experience
· Bachelor's degree in computer science or equivalent from an accredited institution required
· Master of Science in Computer Science, Information Technology, Cybersecurity or equivalent from an accredited institution preferred
· Certified Information Systems Security Professional (CISSP) required (or evidence to support ability to gain certification within the first 6 months of employment)
· Certified Information System Auditor (CISA) or Certified Information Security Manager (CISM) required if CISSP credentials currently pending
· Cisco CCNA preferred
· Certified Ethical Hacker (CEH) or equivalent experience would be an asset
· Minimum of 15 years of experience in the IT / Cybersecurity industry required; minimum 5 years in water OT related infrastructure design projects desirable
· Must have good driving record and valid driver's license.