Cybersecurity Engineer

Empower, Connect, Evolve, and Inspire - these are the values that drive us and make BMI a company where you can thrive and grow.

Working onsite at one of Standard Industries operating companies (OpCos), BMI in Reading, the Cybersecurity Engineer will play a crucial role in securing our IT infrastructure, focusing on both IT and Operational Technology (OT) security. Responsible for maintaining existing security tools ensuring the security and resilience of our IT environment, whilst also building a good understanding of OT security tooling and principles. Will actively contribute to architecture review boards, provide expert advice for projects, and assess and implement IT security tooling to enhance our overall security posture.

• Security Management and Maintenance: Maintain and manage security technology in line with Standard Industries' security standards. This includes conducting regular assessments of security technology configurations and proactively responding to identified cybersecurity threats.
• Security Leadership and Consultation: Act as the technical security lead for all projects related to security or requiring security input. Provide expert guidance on the configuration and best-practice use of security technologies to internal teams.
• Solution Implementation and Evaluation: Collaborate with internal teams and external vendors to evaluate and implement effective new security solutions.
• Continuous Improvement: Stay informed on emerging technologies and trends within cybersecurity tooling to ensure continuous improvement of security posture.
• OT Security Assessment and Enhancement: Collaborate with OT teams to assess and enhance the security of operational technology systems.
• Tooling Evaluation and Configuration: Continuously evaluate OT security tooling and configuration to provide the best protection of critical infrastructure.
• Guidance and Collaboration: Provide assistance and guidance on securing OT assets and networks in collaboration with OT engineering team.
• Policy and Standards Adherence: Ensure all OT security practices and configurations adhere to relevant internal security policies and industry standards (e.g., NIST, IEC 62443).
• Actively participate in architecture review boards for IT and OT projects.
• Review and assess proposed solutions for security vulnerabilities.
• Provide recommendations to ensure projects align with security best practices.
• Offer expert advice on security architecture for IT related projects.
• Work closely with project teams to integrate security requirements seamlessly.
• Ensure adherence to security policies and standards during project development.
• Where required, support incident response efforts, including analysis and mitigation.
• Work with cross-functional teams to develop and enhance incident response plans.
• Conduct post-incident reviews to improve response capabilities.
• Maintain accurate documentation of security configurations and procedures.
• Generate reports on security metrics including risk.
• Contribute to the development of general security documentation and run books.

• 5-10 years’ work experience in IT Security engineering.
• Knowledge of common information technology management frameworks such as ISO/IEC 27001, ITIL, COBIT, and NIST.
• Strong knowledge of network security, operating systems, databases, web applications, and cloud computing.
• Strong understanding of security technologies, such as firewalls, intrusion detection/prevention systems, SIEM, antivirus, and data loss prevention.
• Experience with security assessment tools and techniques, including vulnerability scanning and penetration testing.
• Proven experience as an IT Security Engineer with exposure to OT security.

• Excellent written and spoken communication skills.
• Comfortable and effective in building partnerships with organizational leaders and influencing senior management.
• Be able to deliver to deadlines and manage expectations professionally.
• Ability to work collaboratively and effectively with a cross-section of the Information Technology team and business organizations to implement information security standards and initiatives.

• Ideally have experience with OT security tools and technologies.
• Excellent communication and collaboration skills.
• Ability to provide clear and actionable security recommendations.
• Project management skills with the ability to balance multiple priorities.
• Familiarity with MITRE ATT&CK and D3FEND.
• Experience working in an IT organization with global operations.
• Experience working in a shared services IT model.