Overview A leader in cutting-edge research and technology in the cyber arena, CPMG focuses on using business drivers to guide cybersecurity activities and manage risk. CPMG offers flexible, integrative solutions for Department of Defense (DoD) contractors, among others, and specializes in cybersecurity, information and operational technology, electronic security surveillance, and support services. Summary: The Cybersecurity Engineer/Firewall SME will provide support at Marine Corps Base Camp Lejeune, NC. This position will to support the ongoing operation, maintenance, and administration of Industrial Control Systems (ICS) and Operational Technology (OT) solutions at the FRCS Cyber Operations Group. This position focuses on ensuring network security, configuring firewalls, and maintaining compliance with Risk Management Framework (RMF) requirements within a mission-critical environment. Responsibilities Essential Job Functions: Manage and maintain ICS/OT systems, including BAS, W&WW, HVSCADA, Metering, Lighting, and other systems as specified by CLNC PWD and FRCS Cyber Operations Group Conduct inspections of new and existing sites (e.g., buildings and other physical locations) to evaluate the deployment of ICS/OT Supervisory Controllers Provide survey results to CLNC PWD to facilitate the integration of new systems into existing infrastructure Assess Supervisory Controllers to ensure proper installation and configuration in accordance with DoD, DoN, and USMC cybersecurity standards Establish and maintain a representative Testbed model of correct Supervisory Controller installations Configure firewalls in compliance with RMF "Type" ATO/ATC standards Design, deploy, and maintain firewall rules and configurations to secure ICS/OT traffic Assist in the architecture and administration of Nutanix Hyperconverged Virtual environments Support the administration of ICS/OT-related servers and applications in Testbed, Preproduction, and Production environments Perform other duties as assigned Qualifications Necessary Skills and Knowledge: Knowledgeable in securing multiple operating systems and other networked devices using appropriate DISA STIG’s and SRG’s Minimum Qualifications: Experience with creating and maintaining PKI (Public Key Infrastructure) to be used for secure IPsec VPN connections Experience with Palo Alto firewalls in an ICS/OT environment Expert in Raspberry PI security and configuration or equivalent device Knowledgeable of FIPS 140-2 IPSec configurations including encryption types, key generation/storage, and configuring tunnels in a Hub-and-Spoke architecture Experience with building, securing, and accrediting Linux servers and devices Expert in writing policies and procedures for the secure configuration, installation, and management of firewalls and Encrypt/Decrypt devices on the MCEN in support of the ICS/OT “Type” ATO/ATC Professional Certifications (Required) CompTIA Security+ or CompTIA CASP or Certified Information System Security Professional (CISSP) ICS-VLP Certificate 100W Preferred Qualifications: Professional Certifications (Desired): ITILv4 Foundations ICS-VLP Certificate 210W-01 – 10 RMF Training (USMC specific) Pay and Benefits At Goldbelt, we value and reward our team's dedication and hard work. We provide a competitive base salary commensurate with your qualifications and experience. As an employee, you'll enjoy a comprehensive benefits package, including medical, dental, and vision insurance, a 401(k) plan with company matching, tax-deferred savings options, supplementary benefits, paid time off, and professional development opportunities.