Cyber Security OT Assurance Analyst

Job Purpose

Preform and conduct OT assurance activities towards protecting the organization information assets and critical infrastructure. conduct technical OT cyber security assessments in addition to providing technical assurance capabilities that verify effectiveness of security controls and projects.

Principal Accountabilities

Operational

• Conduct OT cyber security analysis of the technology environment to identify gaps and recommend solutions for improvement.
• Conduct OT architecture assessments from technical security point of view
• conduct evaluation and assessment of available OT tools and countermeasures to remedy the detected vulnerabilities and recommend best solutions and practices.
• Conduct reviews and Validations of OT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
• Preform cyber security review for systems development or acquisition projects related to OT environments
• Validate and verify OT systems security requirements definitions and analysis and established system security designs
• conduct periodic cyber security assessments of existing OT controls and the technology landscape within the Organization (vulnerability scanning, penetration testing and Red Teaming exercises).
• conduct configuration review of OT cyber security equipment.
• Assess and validate security configurations and access to security infrastructure tools, including firewalls, IPSs, Passive monitoring solutions and anti-malware/endpoint protection systems
• conduct secure security code review and dynamic security testing for applications related to OT environment.
• Conduct OT cyber threat modelling of services and applications that tie to the risk and data classification associated with the service or application
• Build strong relationships and working collaboratively with internal/external stakeholders and customers to achieve objectives.

Education

• Degree: Bachelor’s degree in Computer Science, Engineering or Business field or equivalent, Diploma with additional relevant experience.
• MBA or Master’s degree in computer science, engineering, information security is preferable.
• Professional certificate such as CISSP, CISM, OSCP, CEH, CISA, GSEC, GPEN, GXPN, GWAPT will b e highly preferred.

Experience

• 6+ years of Information Technology experience, including 3 years of relevant experience in a similar role.
• Candidates must have core expertise in penetration testing and ethical hacking
• Working experience in multiple industries within an OT environment (e.g. Oil & Gas, Energy, Utilities, Retail, Government…) is preferable.
• Working experience in cyber security assurance, assessments & architecture review.