OT Cybersecurity Engineer

Description

Job Summary: Design, implement, and operate cybersecurity in Operational Technology (OT) environments to protect critical industrial infrastructures. Key Highlights: 1. Operate and adapt SOC to OT/ICS environments 2. Design and implement secure OT network architecture 3. Manage OT risks using cybersecurity frameworks **Role Purpose** Design, implement, and operate cybersecurity capabilities in Operational Technology (OT) environments, ensuring protection of critical industrial infrastructures through proactive management of risks, vulnerabilities, and alerts, in close collaboration with engineering and operations teams. **Key Responsibilities** **OT SOC Operations** * Adapt the operational model of a traditional SOC to the OT/ICS context, considering requirements for availability and operational continuity. * Define monitoring, triage, and incident escalation workflows specific to industrial environments. * Collaborate with the corporate SOC to ensure integrated visibility between IT and OT environments. **Detection \& Correlation Engineering** * Design, review, and optimize correlation rules on SIEM platforms (e.g., Splunk, Sentinel, Claroty, Tenable). * Translate industrial processes into business-aligned detection logic. * Continuously optimize rules to reduce false positives without compromising coverage. **OT Cyber Risk Management** * Identify and classify critical assets (PLCs, HMIs, SCADA, historians) and their interdependencies. * Build and maintain a risk map considering threats, vulnerabilities, likelihood, and operational impact. * Align risk management with frameworks such as IEC 62443, NIST CSF, and MITRE ATT\&CK for ICS. **OT Network Security Architecture** * Design and document OT network architectures based on segmentation (Purdue Model / IEC 62443\). * Define security zones and conduits to limit lateral threat propagation. * Implement controls such as industrial firewalls, VLANs, and unidirectional gateways. * Review network topology changes to ensure operational continuity. **Security Processes \& Governance** * Design and execute vulnerability management processes adapted to OT environments. * Establish procedures for alert management and incident response. * Implement a continuous risk management cycle with reporting and mitigation tracking. **Experience** * 3 to 5 years in cybersecurity. * At least 2 years in OT/ICS environments. **Technical Knowledge** * Industrial protocols: Modbus, DNP3, OPC UA. * Purdue Architecture and IT/OT segmentation. * Industrial systems: SCADA, DCS. **Tools \& Platforms** * SIEM (Splunk, Sentinel or others). * OT platforms: Claroty, Tenable, Nozomi. **Frameworks \& Standards** * IEC 62443 * NIST Cybersecurity Framework (CSF) * MITRE ATT\&CK for ICS **OT Network Architecture** * Design of security zones and IT/OT/DMZ segmentation. * Handling of industrial firewalls and managed switches. **Soft Skills** * Communication with engineering teams. * Process documentation. * Analytical thinking. **Education** * University degree in computer science, engineering, or related field. **Nice to Have** * IoT Device Management * Nozomi Central Management Console Configuration * OT anomaly detection and SIEM operations * Network security monitoring * Vulnerability assessment **Certifications (Nice to Have)** * GICSP * IEC 62443 Cybersecurity Certificate * CISSP or CISM