Job Title: Security Engineer - Operational Technology (OT)
Location: Kansas City KS USA 66111 (100% Onsite)
Duration: 6 Months Assignment (Contract to hire)
Shift: 8:00am to 5:00pm (Standard)
Summary
As an Operational Technology (OT) Security Engineer at CLIENT, you will collaborate with cross-functional teams to design, implement, and maintain cybersecurity measures that protect CLIENT’s manufacturing capabilities from cyber threats and vulnerabilities.
Job Duties and Responsibilities
- Assist in designing, monitoring, and enforcing cybersecurity standards, procedures, and controls within manufacturing plant environments, covering areas such as physical security, network segmentation, firewalls, and intrusion detection systems.
- Partner with manufacturing sites, engineering, and IT teams to analyze current OT architecture and integrate cybersecurity measures across plant facilities.
- Develop and maintain OT-specific cybersecurity documentation, including risk registers, dashboards, and detailed reports to communicate OT risk posture effectively to stakeholders.
- Assess current security architectures to identify vulnerabilities and design enhanced protections.
- Implement an ongoing vulnerability detection and remediation program for OT systems and oversee vulnerability testing.
- Conduct risk assessments on OT systems using frameworks like NIST CSF, ISO 27001, and ISA/IEC 62443 to identify vulnerabilities and mitigation strategies.
- Continuously monitor OT networks for unusual activities and potential security breaches.
- Develop and maintain an OT incident response plan for cybersecurity incidents, covering detection, response, and recovery.
- Drive continuous improvement of cybersecurity policies, procedures, and tools, enhancing CLIENT’s OT security framework.
- Lead training sessions to promote cybersecurity best practices and ensure compliance with security policies.
- Ensure compliance with industry standards, regulations, and best practices related to OT cybersecurity.
Minimum Requirements
Education and Experience
- Bachelor’s degree in information security, computer science, or a related field (equivalent work experience may substitute on a year-for-year basis).
- Minimum of 3 years’ experience in information security, IT, or industrial control systems (ICS) engineering.
- Basic understanding of Programmable Logic Controllers (PLC), Windows-based PCs, VMs, and industrial network architectures. Experience in ICS security is highly desirable.
- Proven experience selecting, designing, architecting, and deploying security technologies in an OT/ICS environment, with a demonstrated understanding of OT/ICS critical infrastructure, threats, vulnerabilities, and attack paths.
Knowledge, Skills, and Abilities
- Understanding of cybersecurity threats (e.g., denial of service, ransomware) and mitigation approaches.
- Capability to apply cybersecurity standards and frameworks (e.g., NIST Cybersecurity Framework, NIST 800-82 for ICS, ISA-62443).
- Knowledge of security controls for both on-premise and cloud-based platforms (AWS, Azure), including Active Directory and Windows systems.
- Familiarity with SCADA, PLC, and HMI system architectures.
- Advanced knowledge of network technologies, protocols, and telecommunications principles.
- Strong communication skills to effectively convey complex concepts, policies, and procedures to diverse stakeholders.
- Ability to influence, collaborate, and communicate across various levels and teams.
- Detail-oriented with strong documentation skills.
- Capable of conducting research into networking issues and prioritizing tasks effectively.
- Proven track record of process improvement and execution.
- Ability to work well in a team and independently identify and communicate emerging security threats and industry trends.