Are you an industrial cybersecurity expert with experience managing or supporting a Security Operations Center? If you understand the unique aspects of Operational Technology (OT) and have experience with best practices for remote support, then read on - this job is for you.
The role of the cyber security operations Expert is to provide technical leadership for the implementation and delivery of Siemens Security Operations Centers. To further support our global customers, Siemens will operate several SOC's expected to "go live" in the next two years. This position requires intensive Operational Technology experience in an industrial energy or utilities environment - think powerplants, turbine generators, compressors, boilers and energy distribution. You are a Subject Matter Expert (SME) in the areas of IT/OT security and how to operate a remote service center intent on preventing security breaches and mitigating them should they occur. In addition to delivery and execution related to the SOCs, you will be tasked with development and testing of various security features to meet customer or regulatory cybersecurity requirements. Reporting to the Head of Global Cyber Security Operations, you will be based in North America but will support global projects as necessary and provide global technical leadership on cyber implementation.
This role is responsible for the technical execution of cybersecurity operation centers globally and ultimately supporting customers with maintaining compliance and cybersecurity. This role will also support sales and bids efforts on an as-needed basis. This position will provide technical leadership to regional cyber security teams on implementation strategy and execution concepts. You will be engaged with cyber security solutions development and will provide technical leadership to regional execution teams on how to execute new and existing offerings.
Some of the key responsibilities include customer scope review, managing multiple projects with broad scopes, ambiguity, and high degrees of difficulty while expected to gather and interpret complex, qualitative and quantitative data, in addition to maintaining a working knowledge of cybersecurity principles and elements.
The candidate must have sufficient knowledge and abilities to:
• Conduct Cyber Vulnerability Assessments
• Conduct Penetration Tests
• Conduct regulatory audits
• Design and implement cyber security solutions for control systems
• Develop project documentation
• Successfully conduct onsite implementations of security solutions as needed
• Provide technical analysis and guidance on control systems security trends
• Prepare and conduct technical presentations
• Create technical reports and progress reports for projects
The candidate is expected to continuously improve self as subject matter expert by participating in educational opportunities, reading professional publications, attending conferences, maintaining personal networks, in addition to presenting for professional organizations.
Required Knowledge/Skills, Education, and Experience
• Must have a broad experience in computer and network systems, including IT/OT security, NERC CIP regulations, NESA requirements, SANS security practices, Cisco Firewalls and Routers, and industrial control system networking products.
• Must have strong analytical and problem-solving skills with the capability to identify solutions to unusual and complex problems.
• Must have strong interpersonal and leadership skills
• CISSP certification is preferred.
• BS in Computer Science or equivalent degree such as Computer Information Systems is preferred.
• Must be able to demonstrate proficiency in a wide range of information technology security technologies, embedded security, and network platforms.
• Must have good communication skills, must be an independent worker, and a team player.
• Must have knowledge at least one major Distributed Controls System (DCS) and related networking components.
• Must have 5 years of experience in IT/OT cybersecurity related to regulatory requirements and the industry's best security practice.