Role Summary
We are looking for an OT Cybersecurity Consultant / Engineer to support an OT cybersecurity assessment covering industrial control systems, OT networks, and related third-party interfaces. The resource should have strong experience in OT/ICS environments, cybersecurity risk assessment, IEC 62443, network architecture review, vulnerability assessment, and security hardening.
Key Responsibilities
- Support OT cybersecurity assessment activities across ICS/ICSS, DCS, SIS, CCS, MMS, and third-party interfaces.
- Review OT network architecture, zoning, conduits, traffic flow, and segmentation.
- Conduct documentation review, system definition, asset identification, and asset criticality assessment.
- Support threat and vulnerability assessment for OT and related IT/OT interfaces.
- Review security controls, configuration hardening, CIS benchmarking, and relevant standards alignment.
- Identify cybersecurity risks, vulnerabilities, architectural gaps, and remediation actions.
- Support preparation of risk registers, findings, recommendations, and technical reports.
- Participate in stakeholder workshops, technical discussions, and site/workshop activities where required.
- Support preparation of prerequisite documents, methodology inputs, and assessment planning.
Mandatory Requirements
- Active CICPA pass.
- Experience in OT/ICS cybersecurity assessments.
- Knowledge of IEC 62443 requirements and OT security levels.
- Experience with ICS/SCADA, DCS, SIS, ICSS, or similar industrial environments.
- Understanding of OT network architecture, firewalls, segmentation, DMZ, remote access, and third-party interfaces.
- Experience in vulnerability assessment, configuration review, and system hardening.
- Ability to prepare technical reports, risk registers, and remediation recommendations.
Preferred Skills & Certifications
- IEC 62443 certification or equivalent OT cybersecurity certification.
- Experience with CIS benchmarks, NIST, ISO 27001, or OT security frameworks.
- Experience in oil & gas, utilities, energy, or critical infrastructure environments.
- Familiarity with OT tools, protocol review, Modbus/TCP, OPC, firewall rule review, and network monitoring concepts.