Control Systems Engineer (Cyber Security Focus)

This Control Systems Engineer (Cyber Security Focus) will report to the Control Systems Operations Manager and will work within the Strategy Regulation and Support Services directorate based in our Fore Hamlet, Ipswich office. You will be a permanent employee.

You will attract a salary of £80,574.00 and a bonus of 3%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote.

Close Date: 23/04/2025

• 25 Days Annual Leave plus bank holidays.
• Reservist Leave – Additional 18 days full pay and 22 unpaid.
• Personal Pension Plan – Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%).
• Tenancy Loan Deposit Scheme, Season Ticket Loan.
• Tax efficient benefits: Cycle to Work, Home & Tech, and Green Car Leasing Schemes.
• Occupational Health support.
• Switched On – scheme providing discount on hundreds of retailers’ products.
• Discounted gym membership.
• Employee Assistance Programme
  
  

The role of the Control Systems Engineer (Cyber Security Focus) is to develop, maintain, and secure control systems applications, services, and data for EPN, LPN, and SPN networks. You will ensure the safe, secure operation of these systems, reduce customer interruptions, and support compliance with the National Cyber Security Centre's Cyber Assessment Framework (CAF) Enhanced Profile.

Your role will involve integrating advanced cyber security measures into Operational Technology (OT) systems, addressing vulnerabilities, and supporting ongoing compliance efforts. You will work collaboratively to enhance cyber resilience, contributing to the delivery of critical innovation and compliance projects.

• Cyber Security Integration
• Develop and implement advanced cyber security measures to protect OT systems against the latest threats.
• Ensure compliance with the CAF Enhanced Profile by collaborating with teams to integrate security into all control system applications.
• Conduct risk assessments, vulnerability testing, and threat analysis for SCADA, DMS, OMS, and other OT applications.
• Secure by Design Principles
• Ensure that all control systems and infrastructure are designed, developed, and implemented following secure-by-design principles to minimise potential vulnerabilities.
• Embed security features in the architecture and development lifecycle of OT systems to proactively address potential risks.
• System Resilience
• Enhance the resilience of infrastructure components, including data centres, servers, and networks, by implementing robust redundancy and disaster recovery mechanisms.
• Collaborate with the IS and Cyber teams to ensure all systems can maintain operational continuity during incidents or cyberattacks.
• System Development and Maintenance
• Develop and maintain configuration, monitoring, and performance standards for Control Systems.
• Collaborate with 3rd party service providers to ensure timely resolution of issues and delivery of secure updates.
• Participate in change management processes to ensure secure implementation of new or updated systems.
• Participation in a 24x7 support rota for critical systems support with the further option for out of hours standby.
• Incident Management
• Conduct root cause analysis and implement solutions for security incidents impacting OT systems.
• Collaborate with the IS Security team to handle certificates, keys, and access controls.
• Continuous Compliance
• Provide technical advice on cyber resilience and support for regulatory reporting requirements.
• Monitor system performance and produce reports demonstrating compliance with cyber security standards.
• Innovation and Improvement
• Participate in and support innovative projects to improve cyber security capabilities within control systems.
• Develop scripts and tools to automate compliance and security-related tasks using languages like Python, SQL, and Perl.
  
  

Your role is part of the Control Systems and Automation team, reporting to the Control Systems Operations Manager. Your role will involve ensuring the security and resilience of control systems applications critical to the safe operation of UK Power Networks' OT systems.

As part of a wider effort to meet stringent compliance requirements, this role is important to maintaining operational continuity and protecting business-critical infrastructure. You will work with other engineers, analysts, and partners to provide the latest cyber security solutions and achieve strategic goals.

You will support UK Power Networks' ambition to lead in the Control Systems and Automation space while safeguarding operational integrity through robust cyber security measures.

You should hold a degree or equivalent industry qualifications.

Also, you will demonstrate experience in the following areas:

• Experience in DMS, SCADA, and other OT systems with a focus on security within the utilities sector.
• Knowledge of CAF Enhanced Profile requirements and practical experience in implementing security measures in OT environments.
• Familiarity with secure-by-design principles and system architecture development for OT environments.
• Experience with system resilience, including disaster recovery, redundancy, and failover mechanisms for critical infrastructure.
• Familiarity with scripting languages (Python, SQL, Perl) for automation and data analysis.
• Experience liaising across departments and managing external partners.
• Understanding of network protocols and industry standards like DNP3 and WISP+.
• Analytical approach to security challenges.
• Experience in incident response, risk assessment, and regulatory compliance.
  
  

• Experience with automation projects or Smart Grid technologies.
• Certifications in cyber security (e.g., CISSP, CISM, or equivalent).
  
  

Managers and supervisors carry both legal and company responsibilities for ensuring the health and safety of their employees, those under their control and those who might be affected by the work undertaken, i.e. public, visitors and employees of other organisations. This includes briefing individuals working for them and ensuring there is the necessary understanding, competence and application of requirements to work safely and without harming the environment.

Employees will ensure they understand the health and safety risks involved in their work activities and their responsibility to apply the controls needed to manage those risks to acceptable levels. Similarly where work activities can have an adverse impact upon the environment, and where there are legal requirements, employees will understand those impacts and the controls they must ensure are applied.

If in doubt ask!