Job Description

Job Summary:

We are seeking a highly skilled Cyber Security Engineer and Operations Specialist to lead and support cybersecurity efforts in our Operational Technology (OT) environments. This role focuses on securing critical infrastructure systems by performing risk assessments, managing compliance, engineering defenses, and collaborating with cross-functional teams to uphold the highest OT security standards.

Job Responsibilities:

Include but are not limited to:

• Maintain, engineer, and support OT-specific cybersecurity toolsets including visibility and baselining platforms.
• Perform, interpret, and articulate results from OT security assessments (e.g., NIST, IEC 62443, NERC CIP) and provide actionable insights for continuous improvement.
• Identify and assess OT security risks and recommend mitigation strategies.
• Develop and maintain technical and process driven standard operating procedures (SOPs).
• Ensure adherence to, and continuous improvement of NERC CIP regulatory requirements.
• Collaborate with IAM, Security Operations and Architecture/Engineering teams to assess architectural designs and provide improvement recommendations.
• Support OT Governance, Risk, and Compliance (GRC) initiatives, including Vulnerability & Risk Compliance, Cyber Governance, Awareness & Strategy, Third-Party Risk, and Security Architecture.
• Provide technical expertise for OT threat risk assessments, and support the development, testing, and implementation of security plans and controls to mitigate cyberattacks or serious security events.

NERC CIP Responsibilities:

• Owns functional tasks on day-to-day compliance with the all the NERC Standard's Requirements assigned.
• Serves as contact for all assigned compliance activities. Coordinates the reviews and approvals as specified in Standard Requirements.
• Ensures required policies/procedures are followed and that any local department-level procedures encompassing the NERC Compliance Standards Requirements are up to date.
• Provides materials for required reviews and approvals of all assigned compliance activities for submission.
• Works with SME Mgrs and Lead SME Contributor on functional day-to-day compliance activities to ensure all are effectively coordinated, sustained in the LOB. Provides updated and approved input to the Lead SME for the Reliability Standard Audit Worksheets, CIP Evidence Request Tool, O&P Evidence Tracking Sheet and for all assigned NERC Standard. Includes FERC, NERC, NPCC, LIPA, NY State, DHS.

Job Specific Qualifications:

Required:

• Bachelors degree in Computer Science Information Systems Cyber Security Mathematics or Engineering with a minimum of 6 years of experience in Information Security.
• In lieu of a degree a minimum of 10 years of experience in Information Security.
• Strong verbal and written communication skills.
• Ability to work independently with minimal supervision.
• Technical Skills.
• Demonstrated cybersecurity experience in OT environments including work with Windows Linux and OT specific devices such as HMIs PLCs and RTUs.
• Intermediate knowledge of networking principals including network segmentation ZTNA strategies and core switch router firewall fundamentals.
• Understanding of OT network frameworks such as the Purdue Model and IEC 62443.
• Experience with OT vulnerability management platforms and risk assessment methodologies.
• Familiarity with modern endpoint protection platforms eg CrowdStrike SentinelOne.
• Minimum of 1 year of experience with OT visibility and vulnerability platforms eg Dragos Claroty Nozomi.
• Strong experience in incident response and threat analysis including the development of response procedures.
• Knowledge of Identity and Access Management IAM fundamentals including Active Directory ADCS and Privileged Access Management.

Desired:

• Experience with OTspecific protocols eg MODBUS DNP3 JMUX.
• Familiarity with securing legacy and airgapped systems.
• Experience with site assessments asset inventory validation and baseline development for OT environments.
• Experience with OT baselining tools eg Tripwire Industrial Defender.
• Proficiency in SIEM technologies alert analysis and event correlation.
• Experience in a NERC CIPregulated OT environment.
• SC2 Certified Information Systems Security Professional CISSP certification.

Job Tags

Similar Jobs