Our client, a reputed industrial cyber security consulting division requires an OT Security Test Specialist to be placed in Abu Dhabi or Dubai. Whilst the candidates are allowed to work remotely, the role also requires candidates to travel as and when required between Abu Dhabi and Dubai due to project and site requirements. Please find the scope and key results area below.
·Work on cutting edge projects across wide range of OT sectors, power, water, mining, transport sectors
·Assist with OT security testing on transport, mining, water, and power control systems
·Assist with OT security monitoring- SOC implementation projects
·Assist with delivering OT security training services
·Become an expert in the application of OT/ICS security industry standards
Key Results Areas
Supports and contributes to the determination of client requirements, collecting data, delivering analysis and problem resolution. With peers undertakes the evaluation of recommended options, implementing when required. Collaborates with, and assists the facilitation with stakeholder groups, as part of formal or informal consultancy agreements. Seeks to fully address client needs, enhancing the capabilities and effectiveness of client personnel, by ensuring that proposed solutions are properly understood and appropriately exploited.
Defines, documents, and carries out small projects or sub projects (typically less than six months, with limited budget, limited interdependency with other projects, and no significant strategic impact), alone or with a small team, actively participating in all phases. Identifies, assesses, and manages risks to the success of the project. Prepares realistic plans (including quality, risk and communications plans) and tracks activities against the project schedule, providing regular and accurate reports to stakeholders as appropriate. Monitors costs, timescales and resources used, and takes action where these deviate from agreed tolerances. Ensures that own projects are formally closed and, where appropriate, subsequently reviewed, and that lessons learned are recorded
OT Security Risk Management:
Conducts security risk and vulnerability assessments for defined business applications or ICS installations in defined areas and provides advice and guidance on the application and operation of elementary physical, procedural, and technical security controls (e.g. the key controls defined in IEC 62443 and ISO27001). Performs risk and vulnerability assessments, and business impact analysis for medium size control systems. Investigates suspected attacks and manages security incidents.
OT Security Testing:
Accepts responsibility for creation of test cases using own in-depth technical analysis of both functional and non-functional specifications (such as reliability, efficiency, usability, maintainability, and portability). Creates test cases using in-depth technical analysis of risks and typical vulnerabilities. Produces test scripts, materials, and test packs to test new and existing software or services. Specifies requirements for environment, data, resources, and tools. Interprets, executes, and documents complex test scripts using agreed methods and standards. Records and analyses actions and results. Review’s test results and modifies tests if necessary. Provides reports on progress, anomalies, risks, and issues associated with the overall project. Reports on system quality and collects metrics on test cases. Provides specialist advice to support others.
OT Technology Audits:
Contributes to risk-based audit of existing and planned technology systems. Identifies ICS security risk in detail, assesses and tests the effectiveness of control measures and prepares formal reports in order to provide independent assurance on an organisation's information security, integrity, and resilience