My client, a leader in OT space who specialises in advanced system integration on a massive scale for decades is looking for a Cyber Security Specialist to join their team. They work in some of the most highly regulated and challenging industrial environments and have delivered critical projects across energy, renewables, water and manufacturing.

Main Activities:

• Review industry specific threats and risks.
• Review and creation of Incident Response, Disaster Recover and broader Business Continuity plans, playbooks, and supporting documentation and materials.
• Conduct vulnerability assessments and administrative audits on client computer systems and network devices in order to comply with NIST 800-53/800-82, ISO 27000 series, IEC 62433, HSE OG-86, and NIS-D frameworks.
• Create and lead a test regime with realistic scenarios, table top exercises or simulated production; based upon experience, case studies provided by NCSC and CISA, or contemporary threat intelligence.
• Ability to manage mitigation activities by creating remediation action plans, ensuring activities remain aligned with strategic priorities and consistent with current threat and risk assessments.
• Ability to identify and address supply chain/third party cybersecurity risks and dependencies.
• Solve complex operational security problems facing Industry and Critical National Infrastructure.
• Assess the security architectures, technologies, and procedures in use at customer locations using remote tooling.
• Work across all business units to assist with delivery of projects.
• Creation of Business Impact Analysis within OT environment that align continuity model to the business objectives in the face of the ever-changing risk landscape.

Requirements:

• Incident Response experience within OT.
• Hold (or working towards) one or more of the following qualifications: CSTM/CSTL, QSTM/SST, ECSA, OSCP.
• Solid understanding of the Cyber Security market and industry with exposure in Energy, Chemical, Utilities, Oil & Gas industries sectors.
• Experience completing system assessments and security audits based on NIST 800-53/800-82, ISO 27000 series, IEC 62433, HSE OG-86, NIS-D, etc.
• Review Incident Response planning, and ability to respond to likely threats/events, review of operational teams/SOC, and review of previous security events and lessons learned.
• Has knowledge of system architectures including Windows/*nix server and client platforms, Virtualisation, Networking, Wireless technologies, and security products (firewalls, IDS/IPS, sheepdip, vulnerability scanners etc).
• Experience securing cross-domain IT/OT communications and interfaces.
• Full UK driving licence and must be prepared to travel to client sites when required.
• Able to achieve and maintain SC clearance.

Desirable Requirements:

• Qualifications: GICSP and other OT security certifications