OnSite Cybersecurity Custodian

About The Position

Requirements

• Bachelor’s Degree or relevant work experience.
• 4+ years experience in a business/consulting environment.
• All applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations.

Nice To Haves

• 3+ years supporting industrial/power generation control systems or OT environments.
• Cybersecurity training or certifications (e.g., Security+, GIAC, ISA/IEC 62443, CISSP).
• Practical knowledge of OT networking fundamentals such as: IP addressing, VLANs, firewall concepts, routing basics.
• Familiarity with NERC CIP concepts, OT segmentation, MFA, jump hosts, and least-privilege design.
• Ability to work on-site in Beech Island, SC for 12+ months (typical 5x8 with occasional off-hours during cutovers).
• Willingness to travel to vendor facilities for CFAT support. Occasional travel for planning/working sessions may be requested.
• Eligible to meet badging/background/site access requirements.
• Experience with Splunk/SIEM, antivirus/whitelisting, vulnerability scanning, or backup tooling.
• Experience supporting FAT/commissioning on large capital projects (power generation or similar).
• Strong documentation discipline—ability to produce clear procedures, logs, checklists, and evidence packages.
• Experience working with vendors and multi-discipline teams in construction/commissioning environments.

Responsibilities

• Manage day-to-day execution of the on-site OT cybersecurity program, including tracking requirements, planned actions, and completion status.
• Report status of activities to BV Senior Cybersecurity Consultants for review and approvals.
• Build and maintain an organized evidence repository (audit-ready), ensuring deliverables are properly dated, labeled, and attributable.
• Maintain logs, checklists, procedures, forms, test results, scan outputs, approvals, and sign-offs as required.
• Support pre-CFAT readiness and participate in vendor CFAT activities as required (travel required).
• Validate cybersecurity controls prior to shipment (where applicable), including accounts, logging, backups, malware controls, and baseline configurations.
• Track and close cyber-related FAT punch items; ensure retests and final evidence are captured and filed.
• Verify and document required access controls including MFA for remote access, least privilege, and role-based access models.
• Support account management documentation: default credential changes, service account controls, privilege verification, termination/role-change access actions, and secure credential handover processes.
• Maintain support for hardware/software inventory requirements (including OS/firmware versions, asset tags, locations, network references).
• Track configuration baselines, redlines, and as-built updates throughout construction and commissioning.
• Coordinate change documentation and evidence, including post-change backup capture and validation.
• Enforce and document removable media and transient device controls in line with Owner policies and site procedures.
• Oversee malware scanning workflows, authorization forms, encrypted media handling, quarantine steps, and scanning evidence retention.
• Coordinate vendor site visit preparations (e.g., ensuring vendor laptop/TCA scanning expectations are met).
• Coordinate and document OT log onboarding to Splunk/SIEM, including log sources, retention requirements, and forwarding architecture.
• Support readiness for NIDS/span port configuration and event forwarding requirements.
• Validate and document that logging is enabled, time-synchronized, and functioning without impacting system performance.
• Verify backup procedures are in place for OT assets and that backups are created after major changes (patching, configuration updates).
• Support restoration testing where required; ensure offline backup handling meets custody and storage requirements.
• Track encrypted portable hard drives / backup media custody and handover documentation where applicable.
• Maintain cyber escalation contacts and on-site reporting procedures.
• Support documentation of cybersecurity events, policy violations, corrective actions, and evidence of remediation steps.
• Coordinate with ICS Cybersecurity and Owner stakeholders for incident-related communications and records.
• Track and maintain evidence for required cybersecurity awareness training completion.
• Support workforce security evidence collection (e.g., authorization logs, background check logs, access revocations).
• Conduct periodic verification that access authorizations remain current and justified.
• Maintain a complete, well-organized cyber evidence repository that maps activities to requirements and stands up to Owner and compliance scrutiny.
• Enable smooth FAT/CFAT/commissioning progress by identifying cybersecurity gaps early and driving closure without schedule disruption.
• Demonstrate strong coordination across vendors, EPC, site teams, and the back-office cyber team.
• Establish consistent cyber processes on-site that improve repeatability and reduce risk.

Benefits

• Competitive compensation
• 401k match
• Benefits that start day one
• Medical insurance
• Dental insurance
• Vision insurance
• Disability insurance
• Wellness program
• Flexible work schedules
• Paid vacation
• Paid holiday time
• Sick time
• Dependent sick time
• Company-matched 401k plan
• Adoption reimbursement
• Tuition reimbursement
• Vendor discounts
• Employment referral program
• AD&D insurance
• Pre-taxed accounts
• Voluntary legal plan
• B&V Credit Union
• Performance-based bonus program