Job Summary:
The Operational Technology (OT) Cybersecurity/Network Engineer is an integral member of the Process Automation Department in the Corporate Technology and Engineering Group who designs cybersecurity roadmap and implements policy in a highly complex industrial control system (ICS) that will drive the successful execution of TPC Group's strategic process control projects. This role drives cybersecurity engineering solutions, framework, roadmap, risk remediation, and mitigation of operational risk in OT environment. The role includes reviewing all major technology projects to ensure compliance with OT cybersecurity policies, guidelines, and standards. This position requires the need to understand how to apply industry standard assessment methodologies, establish governance policies, determine and establish OT cybersecurity design requirements, and develop OT cybersecurity design documentation. This position supports several OT areas such as DCS system and network security, administration and network troubleshooting, system performance and evaluation, performance analysis, and capacity planning. Additional responsibilities include implementing, managing, and troubleshooting the existing network, security, and system while providing support for a variety of hardware.
Job Duties and Responsibilities:
- Responsible for the development of TPC OT cybersecurity policies, standards, and procedures. Work with corporate IT security team, data custodians, and governance groups in the development of such policies. Ensure that TPC policies support compliance with DCS OEM and other control systems such as Emerson DeltaV, Bently Nevada, Triconex, etc.
- Develop system design and specification documentation deliverables that address OT cybersecurity vulnerabilities, including identifying physical controls to mitigate vulnerabilities and attack vectors
- Participate in project meetings and coordinate deliverables with multi-discipline engineering teams and system integrators
- Maintain a working knowledge of cybersecurity standards and frameworks to include specifically ISA-62443, NIST CSF, and others as required
- Develop and provide internal training/mentorship on cybersecurity topics for OT personnel
- Provide post project design validation reviews to confirm conformance with the established OT cybersecurity needs
- Lead, manage, and review TPC OT cybersecurity/engineering deliverables in all TPC projects in OT environment
- Work with OEM and 3rd party vendors to develop and implement an Incident Reporting and Response System to address TPC OT cybersecurity incidents (breaches), investigate and respond to alleged policy violations or complaints from TPC management and external parties, and develop improvement plans
- Develop and implement an ongoing risk and threat assessment program targeting information security; recommend methods for vulnerability detection and remediation and oversee vulnerability testing
- Evaluate annually the level of access granted users within TPC PCN systems to ensure that access is limited to level required for job duties
- Responsible for configuring and maintaining PCN and DMZ systems, network switches, and firewalls
Required Qualifications
- Bachelor's degree in Information Technology or Computer Science
- 3+ years of relevant work experience
- Industrial control systems experience
- Experience with COTS technologies used in a Cybersecurity Engineering environment
- Familiarity with the implementation of OT cybersecurity and the needs of enterprise business management, as it pertains to OT data access
- Industrial Control System (ICS) network segmentation design experience and familiarity with the Purdue Model
- Familiarity with multiple SCADA equipment manufacturers and OT network communications protocols
Preferred Qualifications
- CISSP or GICSP certification or willingness to obtain certification
- Experience and ability to correctly apply common OT systems including DeltaV DCS, wireless network systems, fiber optic networks, Layer 2 and Layer 3 switches/methodologies, firewalls, and related systems
- Knowledge of common cybersecurity threats such as a Denial of Service, Ransomware, etc. and knowledge of approaches to mitigate threats
- Capability of applying cybersecurity standards and framework (ISA 62443, NIST CSF, etc.)
- Experience in ICS design, development, deployment, and evaluation of virtual hosting in both Hyper-V and VMware vSphere environments
- Familiarity with various SCADA system platform architectures, PLC programming and architectures, and HMI programming and architectures
- Experience working within a Cybersecurity Operations Center environment desired