Roles and Responsibilities
The Operational Technology (OT) Security Implementation Engineer will be responsible for implementation of an effective operational technology (OT) security program within AIGC. This position requires a strong understanding of both IT and OT systems, as well as expertise in cybersecurity practices specific to operational technology to deal with Oil/Gas & Energy/Utilities Sectors client.
Key Requirements
- Extensive expertise in the field of cybersecurity, specifically focused on OT security or industrial control systems (ICS) security.
- Proficient in project management practices and methodologies, ensuring efficient project execution and delivery.
- Comprehensive knowledge and understanding of OT/ICS systems, encompassing SCADA, PLCs, DCS, HMIs, and various other industrial control devices.
- Preparation of a compliance list in case of any deviation required from the standard practices followed. Leading the design of Overall Architecture and implementation of secure OT network architectures. Ensure segmentation between IT and OT networks.
- Preparation of System Architecture, Logical Architecture, Preparation of Bill of Material with the latest available Hardware, software Functional Design Specification, Detail design specification, Factory Acceptance test Procedure, Site Acceptance test Procedure, Method Statement for Integration and Modification
- Profound familiarity with essential cybersecurity standards and frameworks, including ISA/IEC 62443, NIST SP 800-82, NERC CIP, and IEC 61511.
- Proven track record of implementing OT IDS/IPS controls & Rugged OT Firewall of Fortinet, Palo Alto, Dragos & Nozomi
- Exceptional communication and interpersonal abilities, enabling seamless collaboration with diverse cross-functional teams and stakeholders.
- Sound understanding of software and hardware technologies commonly employed in ICS, such as operating systems, databases, and programming languages.
- Solid knowledge of cutting-edge security tools and techniques utilized in both OT and IT environments, including firewalls and Network Intrusion Detection Systems (IDS) like Nozomi, Dragos, Tenable, etc.
- Configuration Knowledge on L2 and L3 Switches Hardening of Switches Troubleshooting capacity on multiple security solutions. Deep level Knowledge of ACL's.
- Implement and manage strict access controls for the DCS environment. This includes user authentication, role-based access, and secure remote access methodologies. Product Knowledge and Certification added advantage Hirshman CISCO Other Industrial Switches Designing and Implementation of the network with the layer concepts Network switch configuration Designing the network and positioning the components based on the functionality. Routing Switch Windows Security Update system (WSUS)
- Configuration of What's Up Gold Creating an Architecture diagram Configuring NMS system installation to commissioning Creating Dashboard Antivirus.
- MacAfee AV Epo Whitelisting
- Desktop-Hardening System Antivirus Protection Whitelisting Denial of Installing new Exe and Related files Integrity control Change Control Application Control Data loss prevention.
- Hands-on experience in Design the VM HA cluster Hands-on experience in Design VM Architecture Product Knowledge Creating the policies and Maintaining Designing the Backup system Expert-level Product knowledge on Veritas Net Backup Acronis Veeam Backup & Replication.
- Risk Assessment: Conduct and oversee regular risk assessments of the OT environment, identifying vulnerabilities and potential threats.
- Network Segmentation: Ensure that the DCS is adequately segmented from other networks, minimizing the risk of potential intrusions from external and internal sources.
- Work closely with customer OT cybersecurity teams to ensure consistent security practices across IT and OT landscapes.
- Recommend security enhancements and purchases that will support the defense of the OT environments for the benefit of the client.
- Provide training and guidance to OT engineers on security best practices.
- Patch Management.
Education and Qualifications
- At least 6-8 years of hands-on experience in Cybersecurity operations.
- Advanced knowledge of risk assessment frameworks implementation and delivery.
- A bachelor's degree with multiple related Professional Certifications (ISA/IEC 62443, CISM, CCSP etc.,)
- Required Technical Certifications in Dragos, Nozomi, Fortinet NSE4 & above/ Palo Alto PNSE or multiple relevant.
- In-depth understanding of industry security frameworks in ICS controls of OT Technologies.
- Strong understanding of industrial control systems (ICS) and operational technology (OT) environments, including knowledge of various protocols, architectures, and components used in critical infrastructure sectors.
- Knowledge of relevant industry standards and frameworks, such as NCA, NIST Cybersecurity Framework, IEC 62443, and ISA/IEC 62451, and the ability to align security initiatives with these frameworks.
- Strong experience of implementing OT security control services. Strong customer relationship management skills.