Principal OT Security Consultant

Job description

Founded in 2012, Applied Risk is a well-recognised and respected leader in the Operational Technology (OT) Security space. We have managed to successfully grow the company to over 25 people today, with clients spread across 4 continents: Europe, US, APAC and the Middle East. We are considered a key Cybersecurity player within the Operational Technology industry. We’re helping businesses to protect assets and reduce security risk, providing organisations ranging from Fortune 500 enterprises to small-to-medium sized companies with the services and solutions they need to transform the way they procure, build, integrate and manage their critical infrastructures.

Our key mission is to help our clients to mitigate and defend against cyber threats. Our culture is based on the values of work ethic, keeping promises, safety, curiosity and collaboration. We built a vibrant company culture we believe everyone wants to work in. We trust our employees and empower them to do great things and use good judgement to make decisions on behalf of Applied Risk and for our clients.


The role:

As we are planning to double in size in the coming year due to our healthy expansion plans and the huge increase of our client base, we’re currently growing our OT Security capability globally. In the light of this, we’re urgently looking for a Principal OT Security Consultant, to be based at our HQ in Amsterdam. The Principal Consultant will be part of the Applied Risk Senior Management Team, being a critical member of the company. You will lead both the Consulting and Offensive security capabilities.

We’re looking for someone with solid experience in Critical Infrastructure sectors, such as Power, Oil & Gas, Water, Transportation, Manufacturing, Food etc. including experience in a variety of Cyber security disciplines like:

  • Industrial Automation and Process Control
  • Enterprise, IT and OT cyber security
  • Industry regulations including IEC 62443, NIST SP800 and other industry standards and regulations
  • Smart Grids and Digital Oilfields

You have:

  • Bachelor’s or Master’s degree in Computer Engineering, Electrical Engineering, Computer Science or a related technical field
  • Minimum of 10+ years in experience in Operational Technology Security
  • Proven experience in performing control systems risk assessments, and security awareness training for systems operators, owners and vendors
  • Knowledge of operational impact analysis workshops and technical trade–off studies against SCADA, PLC and DCS architectures, and associated industrial communication protocols
  • Expertise on developing OT security programs, securing OT network architecture
  • Ability to present technical design proposals and reports to customers and/or other senior engineering, management and government groups in clear, complete, concise and non–ambiguous terms
  • Ability to establish and maintain work relations with clients
  • Ability to conduct and support sales related –BDM activities
  • Excellent leadership skills with ability to direct a team and achieve results while staying on schedule
  • Excellent presentation, written and verbal communication skills; ability to clearly communicate
  • Ability to manage engagements, you support the delivery, provide direction for team members, and manage other aspects of the project.
  • Responsible for managing, mentoring and coaching the team
  • Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and to move swiftly from concepts and theory to action
  • Ability to interact at C-level, as well as with tactical implementers
    CISSP, GICSP, CISM or CFSE/CFSP certification
  • Fluent language skills in English and preferably in Dutch
  • Willingness to travel for approx. 20% of your time

Applied Risk works with clients that are related to critical infrastructure. A qualified candidate must be able to pass a screening background check.


What we offer:

  • A competitive compensation
  • The chance to work with the best cybersecurity people in the world
  • Work on International assignments
  • Learning and development opportunities, attending conferences, events etc.
  • Be part of a diverse and vibrant international environment
  • Our “thirsty Thursdays” as social activity including movies, pizza, drinks, bar visits
  • “Quarterly” team events

Job requirements

  • Experience with operational technologies such as Remote Terminal Units (RTUs), Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS) and SIS.
  • Experience with major industrial systems such as Emerson, Yokogawa, Honeywell, GE, ABB, Siemens...
  • Fundamental understanding of IT and OT network communication protocols (For example: TCP/IP, UDP, OPC, IEC 101/104, Modbus, IEC 61850, WirelessHART, ISA100
  • Active participation in design concepts and implementation strategies for various SIS, PLC and DCS systems to guarantee practical implementation of security standards
  • Understanding of contemporary and legacy security technologies used within a particular domain, such as Firewalls, IDS/IPS, Diodes, SIEM
  • Strong knowledge of networking technology (e.g. routers, switches, firewalls)
  • Comprehend the customer’s business environment and suggest fit for OT security solutions
  • Background in a CNI domain, e.g. transport, energy, utilities, defence or other heavy industry