Saudi Aramco
This job is closed

ICS Cybersecurity Specialist

Job Description and Requirements

As the successful candidate you will hold a bachelor’s degree in electrical engineering, computer engineering, or computer science from a recognized and approved program. An advanced degree is preferred. 

You will have 10 years’ experience in information security, including at least 5 years in ICS cybersecurity.

You must have ample experience in industrial cybersecurity standards and guidelines such as ISA 99 (IEC 62443), C2M2, API 1164, IEC 61850, and NIST 800-82.

You must have extensive experience in information security risk management frameworks, such as ISO 27005 and NIST800-30/39, and risk analysis methods such as ISF IRAM, FAIR, or OCTAVE
You will have the ability to secure major ICS vendors’ systems such as Honeywell, Yokogawa, Siemens, Invensys Foxboro, Emerson, etc.

You must have experience of ICS/SCADA product quality security assurance assessments and reviews.

You must have excellent experience in ICS secure systems development methodology such as ISASecure.

You will be able to demonstrate knowledge and experience in working with IT GRC solutions such as Archer.

Duties & Responsibilities:
You will be required to perform the following: 

  • Create, lead, conduct, and track cybersecurity risk assessments of ICS’s, to include all cyber assets, such as distributed control systems (DCS’s), human-machine interfaces (HMIs), programmable logic controllers (PLCs), remote terminal units (RTUs), and supervisory control and data acquisition (SCADA) systems.  
  • Understand and explain risks and exposure to ICS environments.  
  • Conduct risk and threat research, keeping current with the evolving ICS threat landscape. U
  • Understand and incorporates ICS risk assessments reports into ICS risk registers. 
  • Work with SMEs to gauge viability and sufficiency for proposed mitigations and remediation, ensuring risks will be reduced to accepted levels prior to implementation.
  • Research and contribute to industry best practices. Develop, deploy, and train personnel on internal ICS security standards based on NIST 800-82, ISA99, and other industry-specific security standards.  
  • Perform security practices assessment to assess the ability of ICS/SCADA suppliers to meet ICS/SCADA security requirements for protecting Saudi Aramco Plants ICS/SCADA and manage identified risks. 
  • Monitor ICS/SCADA supplier adherence to Saudi Aramco ICS/SCADA security requirements. 
  • Perform ICS/SCADA product quality security assurance assessments and reviews against ICS/SCADA vendors to ensure security requirements are addressed. 
  • Record flaws or security weaknesses identified during the security testing and security assurance reviews to be resolved.