Principal Consultant - Cyber/Physical Security

Bureau Veritas•Remo, VA

1d•Remote

About The Position

Bureau Veritas offers dynamic, exciting employment opportunities with an attractive salary/benefit package and an opportunity to play a vital role with a global organization. If you would enjoy working in a dynamic environment and are looking for an opportunity to become part of a stellar team of professionals, we invite you to apply online today. Bureau Veritas is an Equal Opportunity Employer, and as such we recruit, hire, train, and promote persons in all job classifications without regard to race, color, religion, sex, national origin, disability, age, marital status, citizen status, sexual orientation, gender identity, genetics, status as a protected veteran, or any other non-job-related characteristics. This position is responsible to ensure equal opportunity in employment in that all persons are treated equally and on the basis of merit, in decisions regarding selection, placement, promotions, training, work assignments, transfers and other personnel actions. Role Overview The Principal Consultant, Cyber-Physical Security serves as the technical practice lead and senior seller-doer responsible for delivering high-quality consulting services while helping expand the organization’s cyber-physical security practice across industrial sectors including Oil & Gas, Electric Utilities, and Manufacturing. This role combines deep industrial control systems expertise, consulting management, and practice capability development. The individual will support client acquisition, lead complex technical engagements, build internal laboratory environments, establish technical delivery standards, work with marketing and sales to maintain service collateral and mentor junior consultants. The role acts as the technical authority and delivery arm of the engagements, ensuring technical rigor, structured methodologies, and high-quality deliverables while working closely with practice leadership to grow services and client relationships.

Requirements

10+ years of experience in industrial or operational technology environments such as: Oil & Gas, Electric Utilities, Manufacturing, Industrial automation or critical infrastructure
Of which, Minimum 3 years of consulting-type experience
Hands-on experience with industrial control systems, building management systems or security design and implementation
Experience delivering complex technical programs in industrial environments.
Familiarity with industrial cybersecurity frameworks and regulatory environments including: North American experience in NERC CIP, TSA security directives, Standards such as ISA/IEC 62443, NIST SP 800-82

Nice To Haves

ISA/IEC 62443 certifications
GIAC ICS certifications
CISSP
Industrial automation or vendor certifications

Responsibilities

Serve as the technical authority for cyber-physical security services within the practice.
Define and maintain technical methodologies, architecture frameworks, and delivery standards for client engagements.
Establish technical quality assurance processes for client deliverables.
Translate cybersecurity risk findings into engineering-level design improvements and operational outcomes.
Maintain structured documentation to be used across engagements.
Act as a trusted technical advisor to industrial clients across sectors one or more sectors such as Oil & Gas, utilities, and manufacturing.
Support business development activities including: Discovery workshops, Solutioning discussions.
Contribute to the development of repeatable Cyber Physical service offerings.
Support growth of strategic accounts through technical credibility and delivery excellence.
Lead complex Cyber Physical security consulting engagements, including but not limited to: Regulatory Assessments, Cyber Risk and Capability Assessments, Product Security Assessments, Architecture and Control Design, Security Validation and Assurance, Security Operations Design and Operationalization.
Ensure engagements maintain engineering rigor, operational awareness, and safety considerations.
Apply deep understanding of industrial automation and control system environments and architectures, including: PLC-based control, Distributed Control Systems (DCS), SCADA systems, Safety Instrumented Systems (SIS), Industrial networks and field devices.
Understand and assess security implications of networking services and protocols.
Evaluate cybersecurity risks within real operational environments and safety-critical systems.
Design and lead development of internal laboratory environments to support: Research and development, Tool validation and testing, Cyber-physical attack simulation, Client demonstrations, Internal training.
Identify and manage emerging technologies relevant to industrial cybersecurity.
Mentor and train junior consultants and engineers.
Develop structured technical training materials and knowledge repositories.
Promote strong engineering discipline, safety awareness, and structured problem solving within the team.
Establish consistent documentation and reporting standards across projects.