OT Cyber Security Analyst

UKAEA's mission is to lead the delivery of sustainable fusion energy and maximise scientific and economic impact. The Computing Division underpins this mission by delivering secure, scalable, and innovative digital solutions across scientific computing, modelling, simulation, software engineering, business systems, data acquisition, and core IT services. Within the Computing Division, the Enterprise Infrastructure Solutions unit is responsible for the design, delivery, and management of centrally supported IT infrastructure and applications. This includes enterprise compute platforms, data networks, UNIX/Linux/Windows environments, cloud services, data centres, commercial software solutions, and end–user support across all UKAEA sites. The OT Security Specialist will lead the development and maturation of UKAEA's Operational Technology (OT) security capability as part of a greenfield security programme. This includes defining and implementing an OT Security Strategy, developing policies and standards, and introducing appropriate security controls across OT environments. You will provide technical and governance oversight of OT security, ensuring alignment with industry frameworks (IEC 62443, NIST CSF, CAF, ISO 27001) and with enterprise cyber security objectives. The role will combine hands–on implementation, strategic oversight, and the creation of governance artefacts. You will also engage with engineering teams and managed service providers (MSPs) to ensure that OT security controls are effectively designed, implemented, and sustained. Experience with SIEM/SOC integration is valuable and considered desirable.

• Lead the design and delivery of the OT Security Strategy, policies, and standards.
• Define governance processes for OT security, ensuring alignment with enterprise security frameworks.
• Conduct OT risk assessments and gap analyses against recognised standards (IEC 62443, NIST CSF, CAF).
• Identify, prioritise, and oversee the implementation of security controls across OT systems and networks.
• Provide technical oversight and assurance when engaging with MSPs and third–party vendors.
• Collaborate with enterprise security teams to align OT security with broader cyber programmes.
• Support OT incident response activities, including escalation paths to SOC teams where relevant.
• Mentor and support junior team members in OT security concepts and practices.
• Track and report on OT security maturity progress against roadmap milestones.

None

Essential

• Demonstrable experience in maturing OT security within ICS or critical infrastructure environments.
• Proven ability to create and implement OT security strategies, policies, and standards.
• Strong knowledge of OT security frameworks and standards (IEC 62443, NIST CSF, CAF, ISO 27001).
• Experience conducting OT security risk assessments, gap analysis, and remediation planning.
• Knowledge of OT networks, segmentation, and common industrial protocols.
• Experience working with operations and engineering teams in OT environments.
• Ability to provide technical oversight for MSPs or third–party security service providers.
• Strong communication and documentation skills, particularly in policy/standards creation.
• Eligible for SC–level national security clearance.

Desirable

• Familiarity with SIEM/SOC integration for OT environments.
• Experience with OT asset discovery, monitoring, and security tool deployment.
• Exposure to regulatory compliance in critical infrastructure (e.g., NIS Directive, UK CAF).

• May be requested to represent the Group in OT security working groups, act as an SME in OT–related projects, and contribute to the development of internal security capability through training and mentoring.

Rullion celebrates and supports diversity and is committed to ensuring equal opportunities for both employees and applicants.