Cyber Security Engineer

• Produce and maintain OT asset inventories and overall knowledge and documentation of the US/Intl OT architecture.
• Perform analysis of the architecture and infrastructure of Industrial Control Systems (PLC / SCADA / DCS / IIoT) in the context of cybersecurity.
• Review OT architecture design diagrams and documents for new technologies and changes to existing technologies to determine risks and provide recommendations and mitigations to ensure protection of critical Industrial Control Systems (ICS).
• Identify, assess, and report the overall OT cyber security risk landscape within the US/International region.
• Maintain and publish OT cyber security reference architecture, roadmaps, policies, standards, and guidelines.
• Develop ICS Control Frameworks, based on industry standard processes as well as national and international standards.
• Design and implement cybersecurity solutions for Industrial Control Systems.
• Implement or improve ICS security management processes across fleet.
• Responsible for hardening OT devices in coordination with the OT teams and IT.
• Serve as owner of critical control cyber security and performance standards, maintenance strategies, plans and instructions.
• Continually develop and improve the defensibility of the OT architectural landscape.
• Conduct regular vulnerability assessments to evaluate cyber risks to the OT environment, including partnering with stakeholders and score and performance.
• Responsible for training and assisting technical staff in cybersecurity techniques and applications.
• Act as subject matter expert of fleet OT environments, systems, risk posture and cyber resilience.
• Collaborate with owners of security technologies such as antivirus, IDS/IPS, SIEM, endpoint detection & response, configuration management, privileged identify management, etc. to ensure that all assets in the OT environments are being managed.
• Manage any on-site/remote OT cyber security assurance, maintenance, or assessment activities, including the management and oversight of any third-party vendor support.
• Provides technical guidance of the administration of security tools that control and monitor OT security.
• Maintain knowledge and awareness of current and emerging threats and attack vectors of OT environment and recommend and develop effective controls to detect and protect against those risks.
• Maintain knowledge and awareness of Mitre ATT&CK and specifically Mitre ATT&CK for ICS. This includes awareness of the TTPs of the top 5 known APTs associated with Energy / Oil & Gas companies.
• Maintain knowledge and awareness of industry best practices, standards and frameworks and continuously assess and propose improvements to our internal architecture, roadmaps, policies, standards and guidelines i.e. NIST CSF, NIST 800-53, NIST 800-82, NIST 800-207, NIST 800-160v1, IEC 62443, CIS, ISO 27001, and SANS ICS/OT Critical Controls.

• Other duties and projects as assigned by management.

• Bachelor's degree in Information Systems, Computer Science, Information/Computer Security, Engineering or a related technical discipline i.e. STEM.
• Minimum of 3 years of working experience in cyber security field or an industry with reliance on technical expertise.
• Must possess an understanding of principles of networking, servers, endpoints and system integration.
• Understanding of security standards for Industrial Control Systems is required.
• Overall strong technical proficiency in information technology/computer disciplines.
• Good communication skills (written and verbal) to communicate with both technical and non-technical audiences.
• Ability to author technical and non-technical documents for varying audiences.
• Strong MS Office skills (i.e. Excel, Word, PowerPoint and Access)
• Self-starting with the demonstrated ability to learn new technical concepts quickly.
• Detail oriented and demonstrated strong analytical and problem-solving skills.
• Good interpersonal skills and the ability to work effectively with clients, IT management and staff.

• (ISC)2 Certified Information Systems Security Professional (CISSP), SANS Global Industrial Cyber Security Professional (GICSP), one or more of the following certifications - GRID, CCIE, CCDE
• Knowledgeable with the implementation of NIST Cyber Security Framework (CSF), NIST 800-53, NIST 800-82, IEC 62443, SANS ICS/OT Critical Controls, North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP), and/or Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54)
• Knowledgeable of IT/OT technologies and utility industry experience preferred with an awareness of utility specific security threats
• Experience in OT, ICS, IEC 61511 Functional Safety, Process Safety and Critical infrastructure environments highly desirable
• Familiar with cloud computing and security standards for cloud first environment
• Experience with development and publishing of cybersecurity policies, standards, processes, and procedures.

• The ability to work at a computer, and computer monitor, and use repetitive motion for long periods of time.
• The ability to occasionally lift up to 25 pounds.
• This position requires sitting 80% of the time and standing and walking 20% of the time.

Ormat