Job Description
Nessus SME Remote • Posted 7 days ago • Updated 7 days ago Full Time Occasional Travel Required Remote Depends on Experience Fitment Dice Job Match Score™ 🔗 Matching skills to job... Job Details Skills Nessus Scripting
NIST NERC
Tenable ACAS Summary Title:
Nessus Subject Matter Expert (SME) Location:
Austin, TX/Remote Job Summary:
We are looking for a Nessus Subject Matter Expert (SME) with specialized experience in Operational Technology (OT) security to lead vulnerability scanning, assessment, and mitigation efforts across both IT and OT environments. The ideal candidate will have hands-on expertise with Tenable Nessus and a strong background in securing SCADA networks, and other OT assets. Key Responsibilities:
SME for Nessus and Nessus Professional/Tenable.sc scanning solutions in both IT and OT environments. Conduct vulnerability assessments on OT systems, including PLCs, RTUs, HMIs, and SCADA infrastructure, ensuring minimal operational impact. Configure and fine-tune scan policies for OT networks, balancing visibility with system safety and availability. Analyze scan results to identify vulnerabilities, misconfigurations, and compliance issues, including adherence to standards like NERC CIP-004
related to personnel training and access controls. Collaborate with OT engineers, IT security, and compliance teams to align scanning activities with operational safety and security objectives. Maintain a comprehensive inventory of OT assets and integrate vulnerability data with asset management systems when possible. Support segmentation, network mapping, and risk assessments for OT environments using Nessus and complementary tools. Develop and maintain detailed documentation on scan procedures, results, and mitigation strategies. Develop reporting and metrics that highlight OT-specific vulnerabilities, risk levels, and remediation progress. Stay informed of emerging threats, zero-days, and advisories relevant to OT (e.g., CISA ICS alerts, ISA/IEC 62443 standards). Qualifications:
3+ years of experience configuring/implementing Tenable Nessus for enterprises for IT/OT vulnerability assessments. 5+ years of experience with vulnerability management lifecycle and remediation tracking. Nice to have experience in OT/ICS cybersecurity, particularly in sectors such as energy or critical infrastructure. Experience integrating NessTenable with asset discovery and monitoring tools (e.g., Nozomi, Claroty, Dragos, SCADAfence). Experience with Tenable.sc or Tenable.io in hybrid OT/IT environments. Ability to script in Python, PowerShell, or Bash for automation and data processing. Knowledge of ICS protocols (e.g., Modbus, DNP3, BACnet, OPC, Profinet). Familiarity with network segmentation, zone-based architecture, and secure remote access principles in OT. Strong understanding of CVEs, CVSS scoring, and vulnerability lifecycle management. Working knowledge of industry standards and guidelines: ISA/IEC 62443, NIST 800-82, NERC
CIP-004, or equivalent. Strong interpersonal and communication skills to interface effectively with IT, OT, and executive stakeholders. Ability to work in sensitive, safety-critical environments where system availability is paramount. Strong analytical thinking with a detail-oriented and risk-focused mindset. Employers have access to artificial intelligence language tools ("AI") that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity. Dice Id:
10121335 Position Id:
8976801 Posted 7 days ago
