Cybersecurity SME

Your Tasks:

Job Title: OT Cybersecurity Auditor/Assessor

Required Experience: 8-10 years of relevant experience in OT/ICS cybersecurity auditing and assessment

Key Responsibilities (KPI/KRA's):

• Conduct comprehensive OT cybersecurity audits, risk assessments, and compliance evaluations across industrial environments
• Perform vulnerability assessments and security gap analysis for OT systems including SCADA, DCS, PLC, and IIoT platforms
• Review and assess OT asset inventories, network architectures, and security controls for compliance with industry standards
• Evaluate OT/ICS environments against IEC 62443, NIST 800-82, ISA/IEC 62443, and other regulatory frameworks
• Assess secure remote access implementations, network segmentation, and DMZ architectures in OT environments
• Analyze OT security monitoring practices, incident response procedures, and threat detection capabilities
• Review patch management processes, vulnerability prioritization approaches, and compensating controls
• Evaluate IT-OT integration security, firewall policies, and network security controls
• Prepare detailed audit reports, assessment findings, and actionable remediation recommendations
• Conduct security assessments of OT protocols (Modbus, OPC, DNP3, etc.) and industrial control systems
• Review and assess OT cybersecurity policies, procedures, and operational documentation
• Provide expert guidance on OT security best practices and compliance requirements
• Support clients in developing cybersecurity roadmaps and improvement plans
• Willing to work in plant environments for on-site assessments and open to travel as per business requirements

Required Skills:

• Assessment & Auditing Expertise:
  • Strong experience in OT/ICS security assessments and compliance audits
  • Proficiency in vulnerability assessment methodologies and risk-based prioritization
  • Experience with security architecture reviews and gap analysis
• OT Domain Knowledge:
  • In-depth understanding of OT protocols (Modbus, OPC, DNP3, Profinet, etc.)
  • Hands-on knowledge of industrial platforms: Siemens SIMATIC, Mitsubishi, Allen-Bradley PLCs
  • Good understanding of SCADA, DCS, PLC architectures and operations
  • Knowledge of IIoT security and IoT systems in industrial environments
• Security Standards & Frameworks:
  • Strong knowledge of IEC 62443, NIST 800-82, and ISO 27001/27002
  • Understanding of ISA/IEC 62443 certification requirements
  • Familiarity with industry-specific compliance requirements
• Technical Knowledge (Beneficial):
  • Understanding of OT security tools (Nozomi/Claroty/Dragos) for assessment purposes
  • Knowledge of firewall configurations (Palo Alto, Fortinet) and network segmentation
  • Familiarity with OT DMZ architecture in brownfield & greenfield projects
  • Experience with asset discovery and configuration management assessment
• Security Operations Understanding:
  • Knowledge of OT SOC operations, SIEM, and IDS/IPS implementations
  • Understanding of incident response frameworks for OT environments
  • Familiarity with threat detection and IOC analysis in industrial settings
• Certifications (Preferred):
  • GICSP (Global Industrial Cyber Security Professional)
  • CISSP, CEH, or equivalent
  • ISA/IEC 62443 Cybersecurity Expert/Specialist

Behavioral Competencies:

• Excellent communication and report writing skills in English
• Strong analytical and critical thinking abilities
• Attention to detail with systematic assessment approach
• Ability to collaborate effectively with IT, OT, and operations teams
• Client-focused mindset with consulting aptitude
• Adaptability to diverse industrial environments
• Continuous learning mindset to stay updated with evolving OT threats and standards

Your Qualifications:

Education Qualification: Bachelor's degree in Computer Science, Information Security, or a related field