Cyber Security Engineer

職務概要

• Risk Assessment and Management – Conduct thorough risk assessments to identify vulnerabilities in industrial control systems (ICS) and other OT assets. Evaluate the potential impact of threats and develop strategies to mitigate risks, including regular security audits, vulnerability scans, and penetration testing to ascertain system resilience. Support on-site assessments of IT/OT and identify opportunities for improvement. • Assessments – Lead OT cybersecurity assessments, including design reviews, network topology reviews, and mapping data flows. • Security Policy Development – Support the Director of OT Security to create, implement, and maintain security and architecture policies and procedures, delivering a secure-by-design methodology. Collaborate with various stakeholders, including IT and operations teams, to build robust security frameworks addressing potential threats and vulnerabilities. • System Design – Support Site Managers, Digital Operations Team, Network Lead, and OT Security Director to define, review, and validate new systems and improve existing ones. • Implementation of Controls – Implement and manage security controls to protect critical systems, including deploying firewalls, intrusion detection/prevention systems (IDS/IPS), remote management software, and other security technologies to prevent unauthorized access and detect malicious activities. Configure network segmentation to limit exposure of sensitive OT assets. • Incident Response and Recovery – Coordinate response efforts during security incidents. Develop and maintain incident response plans outlining procedures for detecting, analyzing, and responding to security breaches. Lead post-incident root cause analysis. • Security Awareness and Training – Work with Governance, Risk, and Compliance teams to develop appropriate training for staff working in OT environments, ensuring they understand their security responsibilities. • Stakeholder Management – Work with multiple senior stakeholders at plants, including site management, internal IT teams, and service providers. Collaborate to implement, maintain, and monitor security protocols across sites and bridge gaps between IT and unique OT system requirements. • Vendor Management – Support the Director of OT Security in managing vendors, including relationship management, evaluation of vendor products and services, contract negotiation, and ensuring vendors meet contractual requirements. • System Integration – Integrate security solutions with existing OT systems, ensuring new technologies are compatible with legacy systems and do not disrupt operations. Maintain a deep understanding of both technical and operational aspects of OT networks and infrastructure. • Reporting and Metrics – Establish performance metrics to measure the effectiveness of security controls. Generate regular reports detailing security incidents, risk assessments, and overall system resilience. Continuously monitor control effectiveness and report back to stakeholders.