7135 - Senior Information Security Consultant Critical Infrastructure (Must Reside in the Sacramento area to be considered)

7135 - Senior Information Security Consultant Critical Infrastructure (Must Reside in the Sacramento area to be considered)

Position Overview

We are seeking an experienced Information Systems Security Contractor to provide advanced cybersecurity expertise and risk management support across a complex enterprise environment. The ideal candidate will bring a strong technical foundation, analytical acumen, and proven interpersonal skills to collaborate with technical teams, management, and stakeholders. This is a long-term contract opportunity with onsite requirements between multiple locations, serving as a critical resource in ensuring the security and compliance of information systems and control systems.

Key Responsibilities

• Risk & Security Assessments
• Evaluate and review new and upgraded technologies for potential security risks.
• Perform risk and vulnerability assessments for proposed applications, infrastructure, and control systems.
• Review and approve risk acceptance requests, offering mitigation strategies when needed.
• Incident Response & Coordination
• Develop and maintain Incident Response Plans (IRPs) for both business and control systems.
• Lead tabletop exercises, simulations, and playbook updates.
• Coordinate incident response efforts using the Incident Command Structure when appropriate.
• Monitoring & Threat Management
• Continuously monitor servers, endpoints, applications, and networks for vulnerabilities and security threats.
• Utilize SIEM, firewalls, endpoint security, patch management, PKI, and cloud security solutions for defense and monitoring.
• Track vulnerabilities through resolution or risk acceptance.
• Policy & Compliance Management
• Develop, deploy, and enforce security policies, standards, guidelines, and procedures.
• Support compliance with security frameworks such as NIST, CIS Benchmarks, and regulatory standards (EPA for wastewater/water).
• Configure enterprise security platforms and ensure alignment with best practices.
• Training & Awareness
• Deploy security awareness training platforms and phishing simulations.
• Ensure timely completion of training and follow up with repeat offenders.
• Deliver engaging security workshops and presentations (both technical and non-technical).
• Technical Contributions
• Automate security tasks through scripting (Python, PowerShell).
• Develop and review System Security Plans (SSPs).
• Support change management processes for secure system integration.

Required Qualifications

• Bachelor s degree in Computer Science, Information Security, or a related field (or equivalent experience).
• 8+ years of professional experience in multiple areas of information security, including:
• Network security
• SOC analysis
• Endpoint management
• Vulnerability management
• Cloud security
• Incident response
• Scripting/programming (Python, PowerShell)
• Hands-on experience with SIEM tools, firewalls, DLP, PAM, MFA, and SOC applications.
• Proficiency in Windows domain administration, networking, and cloud security across major platforms.
• Strong background in risk assessments, security frameworks, and compliance standards.

Desired Qualifications

• Experience with industrial control systems, wastewater/water systems, or electrical systems.
• Knowledge of EPA regulations as applied to wastewater and water systems.
• Relevant security certifications (e.g., CISSP, CISM, CEH, Security+).
• Familiarity with CIS Benchmarks/CIS-CAT.
• Strong presentation and communication skills, with ability to engage both technical and non-technical audiences.

Role Details

• Location: Onsite across multiple locations.
• Contract Type: Long-term contract.
• Travel: May be required between sites.
• Reporting: Works collaboratively with IT and security teams; minimal supervision expected.