Job Description
FM is a leading property insurer of the world's largest businesses, providing more than one-third of FORTUNE 1000-size companies with engineering-based risk management and property insurance solutions. FM helps clients maintain continuity in their business operations by drawing upon state-of-the-art loss-prevention engineering and research; risk management skills and support services; tailored risk transfer capabilities; and superior financial strength. To do so, we rely on a dynamic, culturally diverse group of employees, working in more than 100 countries, in a variety of challenging roles.
We are seeking a highly motivated and detail-oriented co-op student to join our cybersecurity team. The successful candidate will contribute to the continuous development of cyber mitigation strategies for Operational Technology (OT) environments, leveraging the MITRE ATT&CK for ICS matrix. This position offers hands-on experience in designing attack experiments, evaluating mitigation techniques, and supporting the development of testbeds for validating security measures. The co-op student will also be involved in producing technical documentation and utilizing threat intelligence to enhance our cybersecurity posture.
- Testbed Support
- Assist in the development and maintenance of testbeds for validating cyber mitigation strategies.
- Interest in configuring and troubleshoot hardware and software components within the testbed environment, including industrial devices (PLC, HMI, DCS, RTU, etc.) and industrial software (e.g. OPC UA/DA, PI, historians, user repositories, firewall management including inspection, etc.).
- MITRE ATT&CK for ICS Expertise
- Leverage MITRE ATT&CK for ICS matrix to understand adversarial tactics, techniques, and procedures in industrial control systems.
- Research and propose mitigation strategies to address specific threats identified within the MITRE ATT&CK for ICS framework.
- Run Experiments
- Design and document attack experiments to simulate real-world cyber threats against OT environments.
- Focus on attack strategies that are shifting from immediate exploitation to establishing persistent footholds within OT environments.
- Incorporate techniques such as exploiting supply chains and 'living off the land'.
- Analysis of Run Experiments
- Evaluate the effectiveness of proposed IT and OT mitigation strategies in preventing or mitigating the impact of simulated attacks.
- Analyze the results of experiments and provide recommendations for improving mitigation techniques.
- Technical Documentation
- Produce clear and concise slipsheets, technical reports, and presentations summarizing research findings and experimental results.
- Document IT and OT attack methodologies, mitigation strategies, and testbed configurations.
- Threat Intelligence and Research
- Leverage threat intelligence feeds and research capabilities to stay informed about emerging cyber threats and vulnerabilities.
- Analyze threat intelligence data to identify relevant threats to our OT environment and propose proactive security measures.
- Use platforms and frameworks to improve and automate threat research.
- Currently enrolled in a Master's degree program in Cybersecurity, Computer Science, Engineering, or a related field.
- Familiarity with industrial control systems (ICS) and operational technology (OT) concepts.
- Understanding of cyber-attack methodologies and mitigation techniques.
- Knowledge of the MITRE ATT&CK framework, particularly the ICS matrix.
- Interest in designing and conducting experiments or simulations.
- Analytical and problem-solving skills.
- Fluency in English, written and verbal communication skills.
- Ability to work independently and as part of a team.
Preferred Skills - Experience with penetration testing or ethical hacking.
- Knowledge of network security principles and technologies.
- Familiarity with scripting languages such as Python or PowerShell.
- Experience with virtualization technologies such as VMware or VirtualBox.
- Understanding of threat intelligence concepts and tools.
This co-op position offers a valuable opportunity to gain practical experience in the field of OT cybersecurity and contribute to the development of innovative mitigation strategies.
This is an in-office role based in Norwood, MA. Temporary relocation support provided for selected qualified candidate.
FM is an Equal Opportunity Employer and is committed to attracting, developing, and retaining a diverse workforce.
#LI-TA1 FM
Job Tags
Temporary work, Immediate start, Relocation package, Shift work,