Bureau Veritas

Principal Consultant - Cyber/Physical Security

Bureau Veritas · United States

  • Hybrid
  • Full-time
  • $150,000 / year
  • United States

Job highlights

  • Lead cyber-physical security consulting for industrial sectors.
  • Develop technical methodologies and client solutions.
  • Drive business development and client relationships.
  • Oversee technical delivery and quality assurance.
  • Mentor junior consultants and build lab environments.

About the role

Role Overview

The Principal Consultant, Cyber-Physical Security serves as the technical practice lead and senior seller-doer responsible for delivering high-quality consulting services while helping expand the organization’s cyber-physical security practice across industrial sectors including Oil & Gas, Electric Utilities, and Manufacturing. This role combines deep industrial control systems expertise, consulting management, and practice capability development. The individual will support client acquisition, lead complex technical engagements, build internal laboratory environments, establish technical delivery standards, work with marketing and sales to maintain service collateral, and mentor junior consultants. The role acts as the technical authority and delivery arm of the engagements, ensuring technical rigor, structured methodologies, and high-quality deliverables while working closely with practice leadership to grow services and client relationships.

Key Responsibilities

Technical Practice Leadership

  • Serve as the technical authority for cyber-physical security services within the practice.
  • Define and maintain technical methodologies, architecture frameworks, and delivery standards for client engagements.
  • Establish technical quality assurance processes for client deliverables.
  • Translate cybersecurity risk findings into engineering-level design improvements and operational outcomes.
  • Maintain structured documentation to be used across engagements.

Client Engagement & Business Development

  • Act as a trusted technical advisor to industrial clients across sectors such as Oil & Gas, utilities, and manufacturing.
  • Support business development activities including: Discovery workshops, Solutioning discussions, Business Development, Technical Presentations.
  • Contribute to the development of repeatable Cyber Physical service offerings.
  • Support growth of strategic accounts through technical credibility and delivery excellence.

Technical Delivery Leadership

  • Lead complex Cyber Physical security consulting engagements, including but not limited to: Regulatory Assessments, Cyber Risk and Capability Assessments, Product Security Assessments, Architecture and Control Design, Security Validation and Assurance, Security Operations Design and Operationalization.
  • Ensure engagements maintain engineering rigor, operational awareness, and safety considerations.

Industrial Control Systems Expertise

  • Apply deep understanding of industrial automation and control system environments and architectures, including: PLC-based control, Distributed Control Systems (DCS), SCADA systems, Safety Instrumented Systems (SIS), Industrial networks and field devices.
  • Understand and assess security implications of networking services and protocols.
  • Evaluate cybersecurity risks within real operational environments and safety-critical systems.

Lab Development & Technical Innovation

  • Design and lead development of internal laboratory environments to support: Research and development, Tool validation and testing, Cyber-physical attack simulation, Client demonstrations, Internal training.
  • Identify and manage emerging technologies relevant to industrial cybersecurity.

Capability Development & Team Mentorship

  • Mentor and train junior consultants and engineers.
  • Develop structured technical training materials and knowledge repositories.
  • Promote strong engineering discipline, safety awareness, and structured problem solving within the team.
  • Establish consistent documentation and reporting standards across projects.

Required Experience

  • 10+ years of experience in industrial or operational technology environments such as: Oil & Gas, Electric Utilities, Manufacturing, Industrial automation or critical infrastructure.
  • Of which, Minimum 3 years of consulting-type experience.
  • Hands-on experience with industrial control systems, building management systems or security design and implementation.
  • Experience delivering complex technical programs in industrial environments.
  • Familiarity with industrial cybersecurity frameworks and regulatory environments including: North American experience in NERC CIP, TSA security directives.
  • Standards such as ISA/IEC 62443, NIST SP 800-82.
  • Certifications are not required but may be beneficial: ISA/IEC 62443 certifications, GIAC ICS certifications, CISSP, Industrial automation or vendor certifications.

Key skills/competency

  • Cyber-Physical Security
  • Industrial Control Systems (ICS)
  • Consulting
  • Technical Leadership
  • Business Development
  • Risk Assessment
  • NIST SP 800-82
  • ISA/IEC 62443
  • NERC CIP
  • SCADA

Skills & topics

  • Cyber-Physical Security
  • Principal Consultant
  • Industrial Control Systems
  • ICS Security
  • SCADA Security
  • NERC CIP
  • ISA/IEC 62443
  • NIST SP 800-82
  • Oil & Gas Security
  • Utility Security
  • Manufacturing Security
  • OT Security
  • Cybersecurity Consulting
  • Technical Lead
  • Business Development

How to get hired

  • Tailor your resume: Highlight 10+ years of industrial/OT experience and 3+ years in consulting, emphasizing ICS, NERC CIP, and ISA/IEC 62443 expertise.
  • Showcase technical leadership: Demonstrate experience in defining methodologies, leading complex engagements, and developing technical content.
  • Quantify achievements: Use data to show impact in client acquisition, delivery excellence, and practice growth.
  • Prepare for technical interviews: Be ready to discuss ICS architectures, cybersecurity frameworks, and risk assessment methodologies.
  • Research Bureau Veritas: Understand their role in industrial assurance and how your expertise aligns with their mission.

Technical preparation

Master ICS architectures and protocols (PLC, DCS, SCADA).,Study ISA/IEC 62443 and NIST SP 800-82 standards.,Understand NERC CIP and TSA security directives.,Prepare to discuss cyber-physical attack simulations.

Behavioral questions

Describe a complex technical engagement you led.,How do you build trust with industrial clients?,How would you mentor junior consultants?,How do you translate technical risks into business outcomes?

Frequently asked questions

What specific industrial sectors does Bureau Veritas focus on for this Principal Consultant role?
The Principal Consultant, Cyber-Physical Security role at Bureau Veritas specifically targets industrial sectors such as Oil & Gas, Electric Utilities, and Manufacturing. Your expertise in these areas will be crucial for developing and delivering cyber-physical security solutions.
What are the key technical skills required for the Principal Consultant, Cyber-Physical Security position?
The role requires deep expertise in industrial control systems (ICS) like PLCs, DCS, and SCADA, along with familiarity with industrial networks and protocols. You'll also need knowledge of cybersecurity frameworks such as ISA/IEC 62443 and NIST SP 800-82, and experience with North American regulations like NERC CIP.
Does Bureau Veritas require specific certifications for the Principal Consultant, Cyber-Physical Security role?
While specific certifications are not strictly required, Bureau Veritas views them as beneficial. Relevant certifications include ISA/IEC 62443, GIAC ICS certifications, and CISSP. Industrial automation or vendor-specific certifications are also advantageous.
How does Bureau Veritas approach client engagement and business development for cyber-physical security services?
Bureau Veritas utilizes a consultative approach. As a Principal Consultant, you'll act as a trusted technical advisor, supporting business development through discovery workshops, solutioning, technical presentations, and contributing to repeatable service offerings to grow strategic accounts.
What is the expected level of experience for a Principal Consultant at Bureau Veritas?
Bureau Veritas seeks candidates with a minimum of 10 years of experience in industrial or operational technology environments (e.g., Oil & Gas, Utilities, Manufacturing) and at least 3 years of consulting experience. Experience delivering complex technical programs in industrial settings is also essential.
Will I be involved in developing internal technical resources and training at Bureau Veritas?
Yes, a significant part of the role involves capability development and team mentorship. You will design and lead the development of internal laboratory environments for R&D, tool validation, and training, as well as create structured technical training materials and knowledge repositories.