Job Description :
Role: Wonderware Programmer
Location: Bakersfield, CA
Duration: Full Time/Contract
Job description:
Mandatory Skills : Tofino Industrial Security
PanelView
Rockwell Automation
Archestra wonderware
Data Isolation
Investigate Tofino security appliance for data isolation between automation systems
Develop base configuration for Tofino security appliance. Base configuration should include provisions for remote management of the security appliance as well as transmission of SNMP or Syslog data to IT management systems
Evaluate Tofino in combination with Ethernet/IP and Modbus Enforcer LSM for common data transmission between automation systems (Modbus: read & write registers, Ethernet/IP: read & write tags via messaging, remote rack IO configuration)
Evaluate above for local and routed communication
Report out on findings
Develop Operations and Maintenance basis instructions, Roles & Responsibilties matrix
Investigate Owl Data Diode for data isolation between automation systems
Evaluate Owl Data Diode in combination with Ethernet/IP and Modbus for common data transmission between automation systems (Modbus: read & write registers, Ethernet/IP: read & write tags via messaging, remote rack IO configuration)
Evaluate above for local and routed communication
Report out on findings
Develop Operations and Maintenance basis instructions, Roles & Responsibilties matrix
2-Factor Authentication
Develop implementation and pilot for Smartbadge authentication to authorize higher-risk activities in ArchestrA and InTouch HMI applications
Develop security object model and authentication mechanism for both ArchestrA and InTouch applications that will allow for an operator action (write, script execution, animation, etc) to require confirmation by a member of a designated customer group via Smartbadge and PIN entry
Hold workshop with Operations to identify higher-risk activities to secure for pilot
Prove plan in DSL
Implement in production pilot
Provide documentation on implementation and Operations and Maintenance tasks
Develop implementation and pilot for Smartbadge authentication to authorize login to PanelView Plus Client''s
Develop authentication mechanism for PanelView Plus 6 & 7 to allow for an operator login to require authentication as a member of a designated customer group via Smartbadge and PIN entry
Hold workshop with Operations to identify higher-risk Client''s to secure for pilot
Prove plan in DSL
Implement in production pilot
Provide documentation on implementation and Operations and Maintenance tasks
Application Whitelisting
Develop application whitelist for ArchestrA and InTouch IO server and HMI client
Utilize Microsoft AppLocker for whitelisting enforcement
Create test image of each machine to ''audit'' applications that run continuously and periodically
Catagorize applications recorded during audit as: Base (should be allowed on all machines, such as anti-virus or Splunk forwarder), HMI (such as View), IO Server (such as DASABCIP), or Deny (applications that should not be run on these machines)
Create Group Policy Object for each class of machine based on above information
Develop pilot strategy for each: implement mirror systems that can be deployed to operations but that have a fallback machine available should the AppLocker configuration block a needed program
Thanks&