Stimulating. Motivating. Challenging.
Leveraging its long-standing expertise in securing digital content as well as fighting piracy, Kudelski Security, a division of the Kudelski Group, is a provider of cybersecurity solutions and services focused on protecting data, processes and systems for companies and organizations around the world, safeguarding their assets at a time of increasingly remote communications.
Location: Madrid, Spain
Mission
The Digital Infrastructure & Endpoint Protection practice is the home base of a growing number of advisors that can deliver OT/ICS/DCS/SCADA related engagements. The EMEA OT Consultant is a crucial member of our Kudelski Security Advisory team working closely and reporting to the Digital Infrastructure & Endpoint Protection practice lead, and ultimately reporting to Technical Practice Lead.
Responsibilities
Your Responsibilities will be to:
- Performs cybersecurity & vulnerability criticality assessment of the OT systems & Categorize the risks
- Benchmarks the cybersecurity system state as per ISA/IEC 62443 / NIST
- Identifies the gaps to reach desired SL level and Recommend the mitigation actions as per the assessment
- Understands the frameworks and recommends applicable controls specific to the environment and systems
- Develops Audit reports
- Identifies the gaps and coordinate with the stakeholders for closure
- Experience in planning the audit and assessment activities
- Perform the hardening of the OT systems and network
- Liaises with the OT asset owners for implementation activities and site planning for performing these activities
- Performs risk assessment of the implementation activities and identify the mitigation measure for smooth implementation on site
This role involves
- Assisting the development of Proposals and Statement of Works (SOW) in close collaboration with the sales and pre-sales team, and other advisory team members working as one team
- Working closely with the rest of the advisory team to deliver consistent outcomes across regions acting as one team
- Working collaboratively with other BU’s and divisions inside of Kudelski Security
- Develop and maintain strong relationships with KS colleagues and the KS clients, contributing to a positive culture of change and innovation
- Develop and maintain strong relationships with KS clients
Requirements / Profile
You are
- Very good knowledge of security principles and firm knowledge of cybersecurity technologies, as well as industry-recognized certifications, such as - CISSP, CISM, CISA, CEH, GICSP, IEC 62443, etc.
- Experienced with security engineering principles, various cybersecurity assessment methodologies, security control implementation, and validation, and system life-cycle practices
- Able to demonstrate you have advanced knowledge of networks and control systems utilized by critical infrastructure sectors, is preferred
- Able to demonstrate you understand business principles and operational security practices specific to engineering and/or security consulting
- Proven knowledgeable with industry good practice, such as IEC 62443 (3-3, 3-2), NIST CSF, NIST 800-82r2, ONG-C2M2, NERC-CIP
- Experienced with physical cabling for network communications and control system input/output
- Knowledgeable with - Security, Orchestration, Automation & Response (SOAR) solutions- OT asset inventory w/ change detection solutions- Vulnerability Management solutions- Identity and Access Control solutions- Zero Trust Security solutions- OT network & communications monitoring solutions+ Knowledge of the Purdue model (ISA95)
- Knowledgeable with - Cybersecurity controls, specifically those relating to firewalls, identity, and access control, authentication, and authorization, anti-virus/anti-malware, patch management, network, and system hardening, SIEM implementation, and/or tuning, and logging
- Knowledge with legacy and modern computer networking and telecommunications
You have
- Minimum of bachelor’s degree in a technical field
- 3+ years of industrial cybersecurity experience
- Additional applicable years of experience may be considered in lieu of degree requirements
- Cybersecurity, Industrial Cybersecurity, Cyber-Physical Systems, Computer Science or Information Systems, Computer Engineering, Electrical Engineering, or another related technical field with appropriate experience
- Control systems from a wide range of vendors (PLC, DCS, SCADA)
- Preferable training/certifications in any of these ISA 62443, CISSP, GIAC, ICS-CERT, or SANS
- Strong written and oral communication skills
- Strong analytical and critical thinking skills
- Ability to operate under pressure and under tight deadlines, to operate onsite within industrial, corporate, and government work settings
- Ability to present complex technical issues and their impact in an easy-to-understand manner
- Must have Effective Written/Verbal Communication Skills in English and other European language
Reference: 14305
Publication Date: 02-02-2024