Senior Cyber Security Consultant - home based

Senior Cyber Security Consultant - home based

Our global consulting client is looking to recruit an IT/OT specialist to join the existing and expanding Cyber team in the UK. They provide cutting edge cyber support and solutions to clients across the full Critical National Infrastructure spectrum.  Their forward-thinking capabilities are used to provide complex solutions to their clients based within the UK and beyond. They leverage the expertise and passion of their employees to conduct:  incident response, architecture reviews and designs, full cyber risks assessments and risk mitigations recommendations, IT/OT red team assessments.

This role requires a forward thinking individual with extensive cyber experience across the IT/OT environments to provide expertise to current and future clients.  

Roles and responsibilities

• Ability to understand and perform assessment of ICS design considerations with emphasis on operational safety and the availability/security of operating environments across multiple sectors (Nuclear, Rail, Power etc).
• Prepare, review, and assess Low level and High-level design for IT and OT environments and apply best practice, policies, and standards.

• Undertake risk assessments in an OT/ICS environment and provide a risk mitigation strategy to the client.

• Develop, improve and evolve a comprehensive ICS cyber security portfolio to meet the customers' cyber security and compliance requirements.
• Work with customers to design and implement various cyber security technologies and process across IT and OT systems.
• Maintain familiarity with legislation and regulations relevant to ICS cyber security.

Desirable experience, qualifications and training

• Working knowledge and understanding of ICS/OT systems including SCADA, PLCs, RTU, etc.
• Ideally have experience and skills in safety-related control systems, including a working knowledge of IEC 61508 and IEC 61511 Functional Safety Standards. 

• Experience in design, implementation and packet analysis of IT and OT network communication protocols including TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, and PROFINET, etc.
• Hands on experience with ICS threats and vulnerabilities assessments including experience of utilizing the MITRE ATT&CK matrix and the ATT&CK for ICS framework.
• Experience in implementation and assessment of cyber security standards such IEC 62443, ISO 27001, NIST CSF, NIST SP 800-82, CPNI Good Practice, etc.
• Experience of the NIS Regulations.
• Experience deploying or supporting security practices and technologies such as risk or vulnerability assessments, antivirus software, firewalls, intrusion detection systems, centralised alert logging and monitoring in ICS environments.
• Experience in developing ICS security recommendations and level of effort estimates to support those recommendations.
• Ability to author technical and non-technical documents for varying audiences from technical automation personnel to senior security or operations personnel.
• Global Industrial Cyber Security Professional (GICSP), Certified Information Systems Security Professional (CISSP), or other ICS cyber security related certification would be preferred.