OT Cybersecurity Engineer

Location

Nanterre, 92000 | France

Job description

Contract Type: Full-time / Freelance contract
Experience Level: Mid to Senior-Level (5-10+ years of experience)
Hybrid remote work environment
Base location: preferred in Paris/Nanterre, with the ability to travel for missions to meet teams and stakeholder (on an ad hoc basis).
Duration: 12 months (renewable)

About the Job

Neotrust is a security innovation company that helps Executives, CISO, CIO and CTO to successfully complete their security transformation and integrate cyber innovation into their long-term security strategy.
The OT Cybersecurity Operations Centre of our client over 3 years, a large customer with international footprint, is looking for an OT Cybersecurity Engineer.

THE ROLE - JOB PURPOSE

• Brings the added value of an Operations Technologies (OT) cybersecurity governance to the Projects executed for our clients in Paris Operating Centre
• Is involved in our Client Projects" activities related to the Engineering, Procurement, Construction and commissioning, at the FEED and EPC stages, in various process industries (activities like contributing to Material Requisition, meetings with clients, etc.)
• Collaborates with control systems" Subject Matter Experts (SMEs) and engineers to design, implement and support the cybersecurity networked and non-networked OT systems
• Works in compliance with the recommendations of IEC 62443 standard and the internal policies and procedures of our Client

Reporting lines and interactions

• Reporting functionally: reports to Head of OT Cybersecurity Operations Centre
• Reporting operationally during Projects execution: reports to Information Security Project Manager
• Internal interactions: reporting lines, other OT Cybersecurity Engineers, Asset Management Lead
• External interactions: vendors and clients, Engineering & Construction discipline engineers

JOB SCOPE

• The OT Cybersecurity Engineer"s duties fall into mainly 2 steps, whatever the context of the industrial facilities:
• Before the procurement of OT systems, the OT Cybersecurity Engineer concentrates on reviewing the OT architecture and performing the risks" assessment for all OT systems (FEED stage)
• Starting from the procurement of OT systems, the work of the OT Cybersecurity Engineer turns to the activities of vendors" management (EPC stage) until the hand over

For that

• The OT Cybersecurity Engineer reviews engineering disciplines" documents and drawings and provides cybersecurity requirements to the design of the OT architecture
• Assesses the risks (during risks" workshops notably) and qualifies the cybersecurity requirements for all OT systems as per IEC 62443
• Implements the OT cybersecurity strategy defined by the Information Security Project Manager (ISPM)
• Participates to the procurement activities by including the cybersecurity requirements for vendors in OT systems and holds clarification meetings with vendors
• Reviews the documentation provided by the vendors and confirms the consistencies with the requirements
• In collaboration with the other Project members is in charge for the management of changes
• Participates to the FAT at the OT vendors" premises (FAT: Factory Acceptance Test)
• During the Commissioning stage, participates to the SAT in the construction site (SAT: Site Acceptance Test)
• Supports the global OT Asset Management team to maintain the OT Asset Inventory
• Is responsible for the incident response in the OT environment
• Delivers trainings to vendors or to Project members involved into the delivery of OT systems
• Participates in the hand-over of the OT systems to the client with regards to cybersecurity aspects

Must have

• Understanding of Operations Technologies (OT)
• Field experience with Operations Technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS); Safety System (SIS)
• Understanding of cybersecurity risk in the industrial environments

Nice to have

• IEC 62443 attendance or certification
• Understanding of IT and OT network communication protocols (e.g. TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, and PROFINET) and ability to perform packet analysis
• Understanding of operating systems, network/system architecture involved in OT environment and IT architecture design
• Understanding of machine and network virtualization, routing and switching, firewalls, IDS, storage area networks, relational database, and VPN tunnels along with traditional elements of instrumentation, control, and HMI platforms

Work experience

• At least 5 years of experience in the field of Oil & Gas industry or similar industrial context
• Experience in onshore and offshore Projects execution

Minimum education level

• Bachelor"s degree in engineering discipline such as instrumentation control engineering, electrical engineering, computer engineering, computer science or related courses

Contact

Job tags

Salary