Operational Technology is all around us. All the products we buy, the food we consume, the energy we use, we all depend on it. In all these sectors, some of them are known as critical infrastructure, and critical processes are managed through operational technology (OT) and information technology (IT) systems. Digital security of these systems is of increasing importance, as more and more OT systems are connected and controlled through IT systems. Moreover, cybercrime is growing in the world of critical infrastructure, and last but not least, nation-states using cyberattacks for espionage or even to sabotage critical infrastructure.
We are looking for a Senior Consultant IT/OT Security, to be involved in security assessment projects for various industries. You will work on, for example, gap-analysis or risk assessments based on IEC 62443, IT & OT Site assessments, Threat modeling, a NIS compliance check, and a security maturity review. All these services are designed to support our customers to identify risks and improve their security resilience, no matter their current security maturity state.
On top of these services, you will also provide specific OT security training, offer a comprehensive IT/OT security awareness & behavior program, and perform OT security research. One notable example is the recent release of OTCAD, an Operational Technology Cyber Attack Database, that consists of a mapping between known OT-related cyber-attacks and MITRE’s ATT&CK framework for ICS.
As a Senior Consultant IT/OT Security, you will:
- Perform advisory services on client SCADA/ICS/OT infrastructure for small to large-sized projects. This will include security risk assessments based on IEC 62443 and QAROT, gap analysis, compliance checks, and security maturity reviews;
- Provide support in security design and security architecture of industrial networks;
- Assist customers in establishing or extending their SCADA/ICS/OT security program;
- Assist customers with secure digital transformation and Industry 4.0 initiatives;
- Interpret security vulnerabilities, risks, policies, and procedures concerning the operational business impact;
- Manage and execute assessments based on recognized frameworks or specific frameworks developed by Secura;
- Coaching junior and medior consultants on knowledge development and service offering;
- Actively contribute to knowledge and service offering development.
You recognize yourself in the following:
- A completed bachelor or master’s degree;
- Practical security experience within industrial networks and industrial devices like PLC, DCS, Safety systems, and SCADA;
- Experience with industrial communication protocols, like Modbus, IEC104, and vendor-specific protocols;
- Experience with conducting risk analyzes and assessing risk management processes;
- Good advisory skills and can communicate technical concepts and assessment results verbally and in written reports in simple terms;
- Knowledge of IEC 62443, MITRE ATT@CK for ICS, NIST CSF, and NIST SP 800-82;
- Preferable a GISCP and/or IEC 62443 certification;
- Good communication skills (written and oral) in English and preferably in Dutch;
- Interest and ability to write whitepapers and publications.
At Secura we have:
A diverse portfolio of customers and customer projects. Within this role, there is freedom to explore cutting-edge developments in the market and perform research with concrete end goals. The freedom to express your vision on market developments internally and externally.
We are an organization with a technical security heart and we provide high-quality services in the field of digital security. You will join a team of passionate specialists and knowledge exchange is our top priority.
Secura is a fast-growing company with ambition. We are an organization with people who share that drive and ambition to reach for the stars. Especially in the collaboration with Bureau Veritas new opportunities for extreme growth are on the table for our ambitious and skilled team members to further scale up our team. Therefore, you have the opportunity to grow and shape your career.
Are you the Senior Consultant IT/OT Security we are looking for?
Pre-employment screening and assessments are part of the selection process and annual social media screenings and check of criminal record will be conducted.