Senior Cyber Security Engineer

1. Role Objective

• To lead and develop a robust OT Cyber security architecture and system and to provide expert technical knowledge in the identification, monitoring and remedy of cyber security threats to ADDC Operational Technology systems and assets.

• To develop and update OT Cyber security policy procedure, systems and tools

• To ensure compliance to network security guideline specifications, design approach and documents, for project implementation.

2. Key Responsibilities/Accountabilities Growth & Sustainability related :

• Technically support through specialized advice in areas of expertise

• Provide advice and act as first level reviewer of all the work of staff, ensure that they are of appropriate quality and that resources are used effectively and comply with leading practices

• A continous improvement and a change leader.

Customer related:

• Execute all customer facing transactions in line with ADDC strategy resulting in higher satisfaction and timely delivery of services

• Ensure that internal customer needs, problems and requests are recorded and addressed in a timely manner

• Ensure the delivery of a world-class business services experience

Operational Excellence related:

• Support security integration during the development stages of OT Systems (SCADA, ADMS, SCMS, RTU, BCU). software systems, networks etc.

• Identify vulnerabilities and risks in OT hardware and software.

• Ensure security of the OT infrastructure of an organization.

• Build, manage, maintain and monitor all Cyber security systems i.e. DMZ, firewalls etc. into OT network infrastructure as required.

• Identify for attacks and intrusions and plan all prevention and remedial measures.

• Perform Prompt recovery and restoration of the system.

• Perform System monitoring, Administration, Backups and patch management

• Identify potential perpetrators and escalating to senior management or local authorities.

• Keep up to date with the latest security and technology developments.

• Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues.

Performance Driven Organization related:

• Ensure that all staff acquire the required skills and knowledge by providing coaching and counselling

• Support in development of policies and procedures for various functions within the Office.

In addition to the above, the incumbent shall also perform all other duties assigned by line manager.

Technical

• Endpoint Protection: McAfee ePO suite, VSE, ENS & Application Control (Whitelisting) Symantec Endpoint Protection (SEPM).

• Microsoft Platform: Active Directory, Group Policy, System Hardening.

• WSUS patch management.

• Backup & Recovery: Acronis, Symantec Backup Exec & SSR, NetBackup etc. Familiar with bare metal backup & recovery. SAN, LTO Tape library setup.

• Network Platform: Firewalls: Cisco ASA, Fortinet, Juniper; Switching & Routing, Network Monitoring using SolarWinds / WhatsUpGold.

• Network architecture design and implementation.

• Virtualization: VMWare ESXi, Hyper-V, high availability.

• Hardware: HP, Dell, SAN, Tape Library.

• Good documentation skills with MS PowerPoint, Excel, and Word.

• Capability in conducting business in English both in speaking and writing.

• Ability to manage a team of engineers.

• Familiarity with available technology in the automation market.

Qualifications & Experience

• Bachelor’s Degree in Electrical/Electronics/Instrumentation and Control/Computer Science

• Master's Degree in Cyber Security

Preferred Experience:

• Minimum 8 years of Experience in managing Cyber Security of Operational Technology Systems (SCADA, RTU, SCMS, DCS, ESD) in large Utilities or Oil and Gas facilities.

• Professional Information & Cyber Security certification (such as CIA, CISA, CISSP, or CISM) desirable.

• Extensive domain knowledge and expertise in Industrial Control and Safety systems.

• Well versed with frameworks such as NIST-CSF, ISO27k, IEC62443.

• Certifications preferred (e.g. SANS GICSP of ISA Cybersecurity Related Certification.