OT Security Engineer

The purpose of this role is to design the organisation’s computer and network security infrastructure and protect its systems and sensitive information from cyber threats.

Responsibilities:

1. Design and develop enterprise cyber security strategy and architecture.
2. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses.
3. Identify risks associated with business processes, operations, information security programs, and technology projects.
4. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge.
5. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
6. Provide product best fit analysis to ensure end-to-end security covering different facets of architecture (e.g., Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations).
7. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc.
8. Provide support during technical deployment, configuration, integration, and administration of security technologies.
9. Demonstrate experience around ITIL or key process-oriented domains like incident management, configuration management, change management, problem management, etc.
10. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions, and unusual, unauthorized or illegal activity.
11. Provide solutions for RFPs received from clients and ensure overall design assurance.
12. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, and hardware related to cyber risk security in order to better match business outcome objectives.
13. Analyze technology environment, enterprise specifics, and client requirements to set a collaboration design framework/architecture.
14. Depending on the client’s needs with particular standards and technology stacks, create complete RFPs.
15. Provide technical leadership to the design, development, and implementation of custom solutions through thoughtful use of modern technology.
16. Define and understand current state solutions and identify improvements, options, and tradeoffs to define target state solutions.
17. Clearly articulate and sell architectural targets, recommendations, and reusable patterns, and accordingly propose investment roadmaps.
18. Evaluate and recommend solutions to integrate with the overall technology ecosystem.
19. Track industry and application trends and relate these to planning current and future IT needs.
20. Stakeholder coordination and audit assistance.
21. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations.
22. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security.
23. Support audit of security best practices and implementation of security principles across the organization to meet business goals along with customer and regulatory requirements.
24. Assist with the creation, maintenance, and delivery of cyber security awareness training to team members and customers.
25. Provide training to employees on issues such as spam and unwanted or malicious emails.

Stakeholder Interaction:

1. Internal: Program Manager / Director – Regular reporting & updates.
2. Infrastructure (CIS team): For infrastructure support.
3. External: Customer – To coordinate for all security breaches & resolutions.

Competencies Required:

1. Knowledge of current and upcoming security technologies (e.g., Firewalls, IPS, DDoS, SIEM, WAF, Endpoint, etc.) and understanding of compliance regulatory requirements like PCI DSS, HIPAA, etc.
2. Understanding of the Wipro system (interrelatedness, interdependencies, and boundaries) and perform problem solving in a complex environment.
3. In-depth knowledge of and mastery over ecosystem technology that commands expert authority respect.
4. Certified Information Systems Security Professional (CISSP), Cloud Architect Certification from AWS and Azure, ToGAF or SABSA certification.

Behavioral Competencies:

1. Effective Communication
2. Managing Complexity
3. Client centricity
4. Technology Acumen
5. Innovation
6. Problem Solving approach
7. Collaborative Working
8. Execution Excellence

Performance Parameters:

1. Customer centricity – Timely security breach solutioning to end users, internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers.
2. Support sales team to create wins – % of proposals with Quality Index > 7, timely support of the proposals, identifying opportunities/leads to sell services within/outside account (lead generation), no. of proposals led.

Roles & Responsibilities:

• Manage operation and quality teams.
• Maintain agreed SLA.
• Review all operation and quality reports.
• Present reports to SABIC.
• Responsible for operation and quality team performance.
• Conduct interviews for internal resources.
• Engage SABIC in Engineers and Sr. engineer interviews.
• Submit enhancement recommendations to SABIC.
• Submit program plan and updates including workforce progress, training, documentation, and quality reviews.
• Facilitate audit and investigation requirements including document preparation, site visits, and one-to-one interviews with team.
• Ensure smooth operation and handover.
• Review operation team shift roster to cover 24x7 OT CyberHub operation with enough workforce to maintain SLAs.
• Escalate high priority cases to the proper team.