Principal Consultant - Cyber/Physical Security

Role Overview

The Principal Consultant, Cyber-Physical Security serves as the technical practice leadand senior seller-doer responsible for delivering high-quality consulting services whilehelping expand the organization’s cyber-physical security practice across industrialsectors including Oil & Gas, Electric Utilities, and Manufacturing.

This role combines deep industrial control systems expertise, consulting management,and practice capability development. The individual will support client acquisition, leadcomplex technical engagements, build internal laboratory environments, establishtechnical delivery standards, work with marketing and sales to maintain servicecollateral and mentor junior consultants.

The role acts as the technical authority and delivery arm of the engagements, ensuringtechnical rigor, structured methodologies, and high-quality deliverables while workingclosely with practice leadership to grow services and client relationships.

Key Responsibilities

Technical Practice Leadership

• Serve as the technical authority for cyber-physical security services withinthe practice.

• Define and maintain technical methodologies, architecture frameworks,and delivery standards for client engagements.

• Establish technical quality assurance processes for client deliverables.

• Translate cybersecurity risk findings into engineering-level designimprovements and operational outcomes.

• Maintain structured documentation to be used across engagements.Client Engagement & Business Development

Client Engagement & Business Development

• Act as a trusted technical advisor to industrial clients across sectors oneor more sectors such as Oil & Gas, utilities, and manufacturing.

• Support business development activities including:

o Discovery workshops

o Solutioning discussions

o Business Development

o Technical Presentations

• Contribute to the development of repeatable Cyber Physical service offerings.

• Support growth of strategic accounts through technical credibility anddelivery excellence.

Technical Delivery Leadership

• Lead complex Cyber Physical security consulting engagements, includingbut not limited to:

o Regulatory Assessments

o Cyber Risk and Capability Assessments

o Product Security Assessments

o Architecture and Control Design

o Security Validation and Assurance

o Security Operations Design and Operationalization

• Ensure engagements maintain engineering rigor, operational awareness,and safety considerations.Industrial Control Systems Expertise

Industrial Control Systems Expertise

• Apply deep understanding of industrial automation and control systemenvironments and architectures, including:

o PLC-based control

o Distributed Control Systems (DCS)

o SCADA systems

o Safety Instrumented Systems (SIS)

o Industrial networks and field devices

• Understand and assess security implications of networking services andprotocols

• Evaluate cybersecurity risks within real operational environments andsafety-critical systems.Lab Development & Technical Innovation

Lab Development & Technical Innovation

• Design and lead development of internal laboratory environments to support:

o Research and development

o Tool validation and testing

o Cyber-physical attack simulation

o Client demonstrationso Internal training

• Identify and manage emerging technologies relevant to industrial cybersecurity.

Capability Development & Team Mentorship

• Mentor and train junior consultants and engineers.

• Develop structured technical training materials and knowledgerepositories.

• Promote strong engineering discipline, safety awareness, and structuredproblem solving within the team.

• Establish consistent documentation and reporting standards acrossprojects.

Required Experience

• 10+ years of experience in industrial or operational technologyenvironments such as:

o Oil & Gaso Electric Utilities

o Manufacturingo Industrial automation or critical infrastructure

• Of which, Minimum 3 years of consulting-type experience

• Hands-on experience with industrial control systems, buildingmanagement systems or security design and implementation

• Experience delivering complex technical programs in industrialenvironments.

• Familiarity with industrial cybersecurity frameworks and regulatoryenvironments including:

o North American experience in NERC CIP, TSA security directives

o Standards such as ISA/IEC 62443, NIST SP 800-82

• Certifications are not required but may be beneficial:

o ISA/IEC 62443 certifications

o GIAC ICS certifications

o CISSP

o Industrial automation or vendor certifications