Job Description & Skill Requirement:
• Assist in developing a cybersecurity framework aligning to cyber security standards like IEC 62443, NIST 800-82, ISO 27001, etc.
• Serve as a subject matter expert on OT security, providing technical guidance and support. Assist in the design and implementation of secure OT architectures, systems, and networks.
• Perform gap assessment against standard security controls and provide recommendations to address the gap, define the target state and a roadmap to achieve the target state.
• Evaluate the risk posture of OT systems and infrastructure, including identifying potential threats, vulnerabilities, and impacts. Develop risk mitigation strategies and work with customers to prioritize and address identified risks.
• Work closely with client stakeholders, including IT teams, operations teams, and executives, to align OT security initiatives with business goals. Collaborate on projects, change management processes, and risk management activities.
• Create design documents like HLD, LLD, etc. for various security solutions like OT Network Monitoring, Secure Remote Access, Patch Management, OT firewall, Endpoint Security, etc.
• Assist in defining a TO-BE network architecture for various process environments to enable them with central security services or managed Security Operations Centre.
• Continuously monitor and research the latest OT security threats, vulnerabilities, and technologies. Stay abreast of industry developments and emerging solutions to provide clients with the most current and effective security strategies.
Experience, Skills and Qualifications
• A bachelor's or master's degree in a relevant field. Advanced certifications in cybersecurity and OT security, such as Certified Information Systems Security Professional (CISSP), ISO / IEC 62443 Cybersecurity Expert, or GIAC Global Industrial Cybersecurity Professional (GICSP), are highly valued.
• Significant 7-11 years of experience working specifically in the field of OT security, preferably in a consulting or advisory capacity. Hands-on experience with conducting OT security assessments, developing security strategies, implementing security controls, and assisting with incident response is highly desirable.
• A strong understanding of operational technology (OT) systems, including industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, and associated protocols (e.g., Modbus, DNP3). Familiarity with OT-specific security challenges, standards, and best practices, such as IEC 62443, is essential.
• Proficiency in conducting risk assessments, vulnerability assessments, and compliance audits in OT environments. Familiarity with relevant security frameworks and standards, such as NIST Cybersecurity Framework, ISO 27001, and regulatory requirements specific to OT (e.g., NERC CIP), is beneficial.
• Strong technical skills in areas such as network architecture, network protocols, firewalls, intrusion detection/prevention systems, malware analysis, and digital forensics. Experience with security assessment tools and technologies, penetration testing, and security monitoring.
• Knowledge of implementation of different OT security threat detection solution platforms.
• Excellent communication skills, both written and verbal, with the ability to convey complex security concepts to technical and non-technical audiences. Strong consulting and client-facing skills, including the ability to build relationships, provide actionable recommendations, and deliver presentations to stakeholders at various levels of the organization.
• Strong analytical thinking and problem-solving skills, with the ability to identify security risks, analyze complex systems, and develop effective solutions.
Qualification:
Bachelor's or master's degree in Information Technology or Computor Engineering