About the job
Your Tasks
- Commissions the preparation and the implementation of necessary operational security software updates, firewall installation, hardware additions, and any authorized technical changes related to the security functions to ensure compliance both with internal security policies etc. and applicable laws and regulations required security levels.
- Design and manage processes for detection, investigation, correction, and/or prosecution of operational security breaches, violations, and incidents.
- Benchmark, analyze report on, and make recommendations for the improvement of Operational Technology (OT) security infrastructure.
- Works with management to ensure that as new equipment, facilities, services, and systems are installed that the OT security issues are addressed.
- Typically, a background in technical Operational Technology (OT) roles such as architecture, security program development or operations, with a clear and abiding interest in operational security.
- Liaison with and offers technical direction to related operational security governance functions (such as Physical Security/Facilities, Risk Management, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies.
- Plan, implement and upgrade security measures and controls.
- Protect digital files and operational security systems against unauthorized access, modification, or destruction.
- Maintain data and monitor/review security access authorizations.
- Manage network, intrusion detection and prevention systems.
- Work out on the security tools such as security asset inventory management and risk management reporting to security information and event management system (SIEM).
- Define, implement, and maintain corporate security manuals, policies, procedures & instructions.
- Coordinate further security plans, awareness received from vendors and take required actions.
- Security assessments of network infrastructure, hosts and applications.
- Work out on ICS security related audit findings and maintain corrective actions.
- Download, validate and apply the latest Antivirus DAT file to AV server and ensure published to all ICS machines by continuously monitor the AV server dashboard.
- Asset identification, monitoring and analysis using supportive tools (IPS, firewall log, system events and antivirus reports.
- ICS Firewall Events log, DNS, Router, and switches Events log analysis.
- Validation and deployment of firmware and software updates, deactivate of unnecessary software’s or access.
- Define and implement backup schedule for all ICS assets, System configuration backups, Machines image backups, Router and switches backups, FW backups.
- Manage User accounts ICS, network, and security equipment.
- Support Project execution team to integrate new Operational Technology (OT) system in Plant security framework.
- Work out on Audit findings and observations.
- Work out with ICS modifications as requested.
- Collect and archive system logs, events, change logs, failure events etc. To support audit and forensic analysis.
- Ensure that all implementation activities are complied with published ICS policies, instructions, procedures,
Your Profile
- Bachelor’s Degree in Information security Technology, Computer Science or Electronic/Electrical Engineer.
- Must be ICS certified from SANS, however following certificates will be great additional advantage for the candidate: –
- GIAC GICSP (Global Industrial Cybersecurity Professional).
- ISA CAP (Certified Automation Professional).
- Cybersecurity for Automation, Control, and SCADA Systems (ISA-99/IEC-62443) – ISA
- Advanced SCADA Security – Red Tiger/ any other vendor.
- Industrial Cybersecurity for OPC – Matrikon/any other vendor.
- OPC-UA Hands-on Training Level-3 – OPCTI.
- ITIL.
- 3-5 years at least of field experience in OT Cybersecurity domain in Oil & gas & petrochemical industry.
- Excellent knowledge of common IT/OT ICS specialization areas related to PLC’s; DCS’s; PDCS, Firewalls, networks, and switches.
- Exposure of implementing IT/OT security policies and regulations.
- Knowledge of international & national standards frameworks such as ISA99, IEC62433, IEC61511, IEC62351, IEC62591 ISO27001, 27002, 27005 Compliance regulations.
- Strong understanding of core operations and of the information security requirements.
- Extensive knowledge of several ICS DCS/PDCS/PLC/ESD/Servers, routers, switches & firewalls technologies within several OEM technologies such as, Siemens, HIMA, TRICONEX, HONEYWELL, GE, Allan Bradley, CISCO, MacAfee.
- High Exposure in implementing and maintaining Operational Security Management Systems.
- Outstanding inter-personal skills and an ability to communicate with people at all levels to drive successful relationships.
- Ability to use all related tools and instruments.
- Ability to read and interpret documents such as safety rules, operating and maintenance instructions, procedures, technical manuals, and engineering drawings.