Operational Technology (OT) Security Lead

  • Developing expertise and best practices with regard to the security of the OT networks at SCK CEN
  • Animating a security community of OT network owners and operators
  • Supporting the OT network owners regarding the implementation of the SCK CEN information security policy
Apply now
Engineering

Developing the security of SCK CEN's Operational Technology (OT) networks

SCK CEN is a world leader in nuclear research, training and services. Due to the criticality of its facilities, as well as the value of its intellectual property, SCK CEN is exposed to both general and targeted cyber threats. In order to increase our resilience, the Information Security Office (ISO) has established a policy for identifying and preventing threats, as well as timely detection, response and recovery.

However, in addition to the classic IT infrastructure, SCK CEN has also a lot of Operational Technology (OT). The increasing digitalisation of OT, and the interaction between OT and IT increases OT's exposure to cyber attacks. This increases the security risk for OT networks.

The OT Security Engineer is the bridge between ISO/IT and the OT network owners for OT network security.

More specifically, in this role you will:

  • In order to assist OT network owners in their information security risk management through the definition of best practices and technical solutions for reducing security risks:
    • Finalize network zone documentation
    • Perform information security risk assessments and determine risk reduction measures  
    • Define and implement OT security road maps
    • Identify and handle information security incidents
  • Form and facilitate an OT security community which shares expertise, experience, and best practices in order to improve OT security; you will establish the necessary governance and monitoring required to enhance cyber resilience in an effective manner and improve efficiency in interaction with IT, ISO, and other expert groups
  • Translate the general security policy into processes and instructions which can be used by the OT network owners as a basis for network-specific measures
  • Assist the Information Security Office (ISO) in aligning information security policies and risk management with the specific needs of the OT networks.

To join this frontier, you'll need

  • Master's degree in industrial sciences or engineering, preferably in automation, electrical engineering or computer science
  • Several years of experience in one or more areas of IT security, or experience concerning the security of OT/ ICS environments is desired
  • A broad view of information security and OT Security in all its facets (policies, risk management, threats, network security, tools, etc.) with sufficient depth to understand domain experts and evaluate their approaches and practices in a critical manner
  • Knowledge of risk management
  • Knowledge of some security standards (IEC 62433, NIST SP 800-82, ISO 2700x, IAEA NSS-17(-T)) will be an asset
  • Knowledge of typical OT threats and weaknesses and knowledge of typical OT security tools
  • Knowledge of cybersecurity in an GxP environment will be a plus
  • Ability to build, motivate and manage a community without having any hierarchical responsibility over it.
  • Able to think in "corporate" terms and build a rapport with internal stakeholders
  • Able to communicate ideas and convey technical knowledge clearly in "business" language to management and other stakeholders
  • A positive can-do mentality focused on achieving goals and working out solutions in collaboration with your stakeholders
  • Problem-solving capacity and able to take the initiative
  • Skilled in project management
  • Proficient with MS-Office (templates, macros, etc.) and reporting tools

Deadline

Contact
Evi Belmans
evi.belmans [at] sckcen.be