Cyber Security OT Assurance Analyst

Job Purpose

Perform and conduct OT assurance activities towards protecting the organization's information assets and critical infrastructure. Conduct technical OT cyber security assessments in addition to providing technical assurance capabilities that verify the effectiveness of security controls and projects.

Principal Accountabilities

Operational

1. Conduct OT cyber security analysis of the technology environment to identify gaps and recommend solutions for improvement.
2. Conduct OT architecture assessments from a technical security point of view.
3. Conduct evaluation and assessment of available OT tools and countermeasures to remedy the detected vulnerabilities and recommend best solutions and practices.
4. Conduct reviews and validations of OT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.
5. Perform cyber security reviews for systems development or acquisition projects related to OT environments.
6. Validate and verify OT systems security requirements definitions and analysis and established system security designs.
7. Conduct periodic cyber security assessments of existing OT controls and the technology landscape within the organization (vulnerability scanning, penetration testing, and Red Teaming exercises).
8. Conduct configuration reviews of OT cyber security equipment.
9. Assess and validate security configurations and access to security infrastructure tools, including firewalls, IPSs, passive monitoring solutions, and anti-malware/endpoint protection systems.
10. Conduct secure security code reviews and dynamic security testing for applications related to the OT environment.
11. Conduct OT cyber threat modeling of services and applications that tie to the risk and data classification associated with the service or application.
12. Build strong relationships and work collaboratively with internal/external stakeholders and customers to achieve objectives.

Education

1. Degree: Bachelor’s degree in Computer Science, Engineering, or Business field or equivalent, Diploma with additional relevant experience.
2. MBA or Master’s degree in Computer Science, Engineering, or Information Security is preferable.
3. Required professional certifications: Professional certificates such as CISSP, CISM, OSCP, CEH, CISA, GSEC.

Experience

1. 6+ years of Information Technology experience, including 3 years of relevant experience in a similar role.
2. Working experience in multiple industries (e.g., Oil & Gas, Energy, Utilities, Retail, Government…) is preferable.
3. Working experience in cyber security assurance, assessments & architecture review.