The position of Information OT / IOT / ICS (Operational Technology / Internet of Things / Industrial Control Systems) Security Analyst will be responsible for Information Security within the OT / IOT / ICS) environments.
The role monitors multiple OT / IOT / ICS clients computing environments to detect, validate and respond to malicious activity, security events, unauthorized access or malicious use of Brookfield Global Integrated Solutions information assets;
develops solutions to prevent future re-occurrences and find innovative ways to enforce Information Security policies, and procedures.
KEY DUTIES AND RESPONSIBILITIES
Monitors multiple OT / IOT / ICS computing environments to detect, validate and respond to malicious activity, security events, unauthorized access or use of Brookfield Global Integrated Solutions information assets;
develop solutions to prevent future re-occurrences and find innovative ways to enforce security policies, and procedures.
Proficient in monitoring various security administrative consoles as well as IT related administrative consoles to determine root causes for security events (Next-Gen FW, Remote Access VPN, NAC, Anti-Malware, Anti-spam, endpoint hardening, etc.).
Creatively and independently provide resolution to security problems in a cost-effective manner.
Assess and communicate any security risks associated with any purchases or practices performed by the company.
Identify and develop research into future attack vectors for OT / IOT / ICS systems.
Review and assess the architecture and design of our OT / IOT / ICS communication. authentication and encryption solutions.
Provide support for network infrastructure resolution issues, retaining a level of professionalism and customer service delivery.
Liaise with Development, Infrastructure, DB admins and Network Administrators in implementing and enforcing security technical best practices.
Be an active policy governance and compliance agent and expand the culture of security awareness throughout BGIS.
Remain informed on trends and issues in the OT / IOT / ICS security industry, including current and emerging technologies.
Understanding and knowledge of Cloud (Azure, AWS, etc.) security practices.
Experience in dealing with 3rd party vendors and / or service providers.
Deliver high-quality technical analysis, status reports and presentations to senior management.
Security Planning and Implementation
Participate in security initiatives and proof of concepts with vendors, utilizing critical analytical skills to advise management on best solution fit into BGIS environment.
Maintain familiarity with relevant legislation and regulation to OT / IOT / ICS cyber security, digital forensics OT / IOT / ICS and incident response.
Developing OT / IOT / ICS cyber security assessment approaches to ensure pro-active identification of threats and attack vectors in line with NIST 800-53.
Review and assess the low-level and high-level design for OT / IOT / ICS environments in line with industry best practice and international standards / guidelines (eg.
ISA 99 / IEC 62443, NISTIR 8183, NISTIR 8259, Enisa Good Practices for Security of OT / IOT / ICS, PAS 1885 : 2018, and ISO21434).
Applying security best practices and architectural recommendations as they align to BGIS written policies, processes and procedures.
Provide continual updates to technical security policies to help enforce written documented security policies and guidelines.
Liaise with Infrastructure teams, DB admins and Network Administrators in implementing and enforcing security technical best practices.
Remain informed on trends and issues in the security industry, including current and emerging technologies.
Communication / Training
Develops and delivers the training sessions to managers on the client sites.
Develops communication sessions on regulatory changes.
KNOWLEDGE & SKILLS
Experience in IT-Security specific roles :
Knowledge of security attack methodologies and understanding of the anatomy of an attack. Proficient understanding of core Microsoft technologies such as Active Directory, MS Exchange.
Comfortable and adaptable to taking on various roles, both on a technical level and operational level.Understanding of Security Forensics OT / IOT / ICS practices and methodology.3-10 years.
Experience in OT / IOT / ICS industry :
Solid working experience in conducting cyber security assessments and implementing risk mitigation controls for OT / IOT / ICS systems.
Solid knowledge of OT / IOT / ICS security best practices applied in red team assessments and exercises.Good knowledge and understanding of threat hunting strategies for OT / IOT / ICS environments.
Good knowledge and experience of OT / IOT / ICS cyber incident response, cyber kill-chain, and the Mitre ATT&CK framework.
Proven ability of designing, implementing and reviewing OT / IOT / ICS security assessments and incident response plan.
Good understanding of protocols common within OT / IOT / ICS (e.g., MODBUS, DNP3, S7, OPC. HTTP, SMB, DNS etc. (Min 5 years).
Licenses and / or Professional Accreditation
CISSP, GIAC / Security+ or other information security certificate.
At BGIS we believe that diversity and inclusion is a key business driver, such that we never lose sight of its importance as it is woven into the fabric of our organization.
We are committed to maintaining a barrier-free recruitment process by providing equal employment opportunities through recruiting and retention of individuals of all backgrounds.
We recognize that promoting diversity is an essential component of our continuing pursuit for organizational success!
BGIS is an equal opportunity employer and we welcome you to apply for a position with us! If you require accommodation during the recruitment process, please contact us at askHR.
Upon request for accommodation, we will consult with the applicant in question and provide, or arrange for the provision of, a suitable accommodation in a manner that takes into account the applicant’s accessibility needs due to disability.