Saudi Aramco
This job is closed

ICS Cybersecurity Specialist

Job Description and Requirements

As the successful candidate, you will hold a bachelor’s degree in Computer Science, Computer Engineering, or an equivalent degree from a recognized and approved program. An advanced degree is preferred in a related Computer Science, Cybersecurity, Autonomic Computing, or Data Informatics field. 

You will have at least 10 years of experience in IT, including at least 5 years in ICS/OT related to incident monitoring and response.

Technical skills
Have hands-on experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, RTUs, HMI, and Distributed Control Systems (DCS). 

Well-versed in various control frameworks, including: IEC62443, NERC CIP, and NIST.

Fundamental understanding of IT and OT network communication protocols (e.g., TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.).

Familiarity with Unix and Windows operating systems and administrative tools.

Ability to document and explain technical details in a concise and understandable manner.
Self-motivated and results focused with an ability to strengthen the team and its mission.

Global Industrial Cybersecurity Professional (GICSP), Certified SCADA Security Architect (CSSA), or 

Certified Information Systems Security Professional (CISSP) Certifications a plus.

Nontechnical skills

Technical writing and reporting

Verbal and nonverbal communication

Presentation and information delivery

Time management and prioritization

Duties & Responsibilities:
You will be required to perform the following: 

  • Act as a subject matter expert (SME) on ICS matters.
  • Conduct log analysis, and host and network analysis, in support of incident response investigations. 
  • Work with IT and OT client staff to conduct thorough investigations and implement effective remediation strategies.
  • Recognize attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied in current and future investigations.
  • Hunt for active threats and malicious activity within control systems and identify possible attack vectors.
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
  • Conduct tabletop exercises based on firsthand knowledge of real world attacks to help organizations better prepare for future attacks.
  • Effectively communicate investigative findings and strategy to client stakeholders, including technical staff, executive leadership, and legal counsel.