Principal OT Cyber Security Engineer

Job Description

Bilfinger UK is a leading engineering and maintenance provider, supporting customers across the chemical & petrochemical, nuclear, oil & gas, pharmaceuticals & biopharma, power & energy, utilities, renewables and food & beverage markets. We enhance the efficiency of assets, ensuring a high level of availability and reducing maintenance costs. We have extensive experience in offshore and onshore facilities, specialising in asset management services throughout all life cycle phases from consulting, engineering, manufacturing, assembly, operations, maintenance, and decommissioning. This commitment is delivered by an experienced and highly competent workforce of over 4,500 employees operating from 14 offices in strategic industrial hubs, upholding the highest standards of safety, compliance and quality.

Role:

As part of our continued growth in OT Cyber Security, we are looking for an experienced, committed and enthusiastic Principal OT Cyber Security Engineer to join our Automation team. The Principal OT Cyber Security Engineer will:

• Lead OT cyber security project lifecycle activities to deliver secure by design Industrial Automation and Control Systems
• Be responsible for developing and supporting the growth of our OT cyber security consultancy services
• Manage continuous improvement of Bilfinger UK\'s OT Cyber Security Management System (CSMS)

The Principal OT Cyber Security Engineer will take full responsibility for the successful delivery of cyber security projects (technical, quality, time and cost elements).

The ideal candidate will demonstrate a growth mindset, bring innovative and bleeding edge solutions to address complex challenges and have the ability to develop new ideas, processes and systems in an evolving OT cyber security landscape.

Key Activities:

Working co-operatively with the OT Cyber Security Manager, Technical Managers, Project Managers and engineering teams across a variety of Automation projects you will:

• Lead OT cyber security project lifecycle activities to deliver secure by design IACS
• Facilitate and conduct ISA-62443-3-2 based cyber security risk assessments to define risk based OT cyber security requirements
• Create defence in depth, segmented system architectures
• Develop secure by design IACS to meet client requirements including documenting OT cyber security requirements and specifications
• Implement OT cyber security controls and countermeasures including:
• Hardening of BIOS/UEFI, virtual environments and operating systems to recognised industry standards, guidelines and best practices
• Network security including segmentation and boundary protection through managed switches, firewalls and remote access solutions e.g. Stratix, Fortinet etc.
• Cyber security applications for industrial control system environments:
• Host Intrusion Detection (HIDS)
• Malware detection and protection i.e. Endpoint Detection and Response (EDR)
• Network Intrusion Detection (IDS)
• Network monitoring
• Security Information and Event Management (SIEM)
• Support Project Managers with the planning and execution of OT cyber security aspects of projects to ensure they meet the time, cost and quality required by our clients

• Responsible for developing and supporting the growth of our OT cyber security consultancy services by:
• Evaluating new OT cyber security consultancy offerings and establishing our approach
• Conducting OT cyber security gap assessments of procedural and technological controls against relevant frameworks and standards such as the Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF), ISA / IEC 62443 suite, OG86 etc.
• Carrying out a wide variety of site and desktop based vulnerability assessments on clients\' brown field IACS
• Support clients in the creation and development of their own CSMS artefacts including policies, procedures, guidelines, specifications and work instructions

• Manage continuous improvement of Bilfinger UK\'s OT Cyber Security Management System
• Support further development of cyber security documentation including policies, procedures and specifications
• Grow out OT cyber security partner ecosystem
• Ensure policies, procedures and specifications are being followed on projects by providing OT cyber security technical supervision and quality assurance through project surveillance (e.g. design review, informal audits)
• Promote and maintain high level of security hygiene within Bilfinger UK Automation department
• Promote and facilitate OT cyber security knowledge sharing and learning from experience through, for example, internal training, lunch and learns, standardisation, best practices etc.
• Attend and represent Bilfinger UK at industry OT cyber security groups and events
• Contribute to the continuous professional development of the team by providing technical leadership and mentoring of junior engineers
• Support Business Development team on opportunities including at client meetings, presentations/demonstrations, solutions optioneering etc.
• Support Proposals team on technical solutions optioneering, bid production and technically reviewing bids
• Help develop and foster relationships and partnerships with control system OEM/vendor OT cyber security teams and OT cyber security solution providers
• Provide health and safety leadership by example

Skills & Experience:

• At least 5 years of practical engineering experience in the application of OT cyber security to PLC, DCS, RTU, SCADA and HMI systems in at least one of Bilfinger UK\'s key sectors.
• Experience of the design, specification, implementation, testing and commissioning of security solutions, controls and countermeasures for OT/IACS environments. This should include:
• Hardening of BIOS/UEFI, virtual environments and operating systems to recognised industry standards, guidelines and best practices
• Network security including segmentation and boundary protection through managed switches, firewalls and remote access solutions e.g. Stratix, Fortinet etc.
• Cyber security applications for industrial control system environments:
• Host Intrusion Detection (HIDS)
• Malware detection and protection i.e. Endpoint Detection and Response (EDR)
• Network Intrusion Detection (IDS)
• Network monitoring
• Security Information and Event Management (SIEM)
• Practitioner of the ISA/IEC 62443 suite of standards, with particular focus on -2-1, 2-4, 3-2 and 3-3.
• Experience working in or for System Integrator, Operators of Essential Services (OES) or Critical Infrastructure (CNI) organisations
• Broad technical knowledge of a variety of control system Original Equipment Manufacturers (OEMs) e.g. AVEVA, Rockwell Automation, Siemens, Schneider etc.
• Experience of industrial networking protocols e.g. CIP, DNP3, Modbus, PROFINET, IEC 61850, PRP, REP
• Experience of working within and supporting the continuous improvement of a Quality Management System (QMS)

Qualifications:

• A degree or HND/HNC in Electronic/Electrical Engineering, Computer Science or other relevant engineering discipline
• Professionally registered engineer or working towards professional registration
• Relevant OT cyber security certification e.g.:
  • ISA/IEC 62443 Cyber Security Expert
  • Global Information Assurance Certification (GIAC) Global Industrial Cyber Security Professional Certification (GISCP)

If you wish to speak to a member of the recruitment team, please contact 01224 246246.

Bilfinger UK Limited

Engineering

Permanent

Professional

Bilfinger Engineering