Principal OT Security Consultant

Founded in 2012, Applied Risk is a well-recognised and respected leader in Cyber Security for the Operational Technology domain. We have managed to successfully grow the company to over 50 people today, with clients spread across all continents. We are considered a key Cyber security player within the Operational Technology industries that are depending on critical infrastructure. We’re helping businesses to protect their assets by reducing security risk. Our key mission is to help our clients to mitigate and defend against cyber threats and as such help society to become safer. We built a vibrant company culture, and as part of the DNV Holding, we believe in an inspiring workplace. We trust our employees and empower them to do great things and use good judgement to make decisions on behalf of Applied Risk and for our clients.

The role:

As we are planning to double in size in the coming year due to our healthy expansion plans and the huge increase of our client base, we’re currently growing our OT Security capability globally. In the light of this, we’re looking for a Principal OT Security Consultant, based in the Netherlands or the UK, with an option to work remotely. The Principal Consultant will play a critical role in our growth plans and ambitions. We’re looking for someone with solid experience in Critical Infrastructure sectors, such as Power, Oil & Gas, Water, Transportation, Manufacturing, Food etc. including experience in a variety of Cyber security disciplines like:

• Industrial Automation and Process Control
• Enterprise, IT and OT cyber security
• Industry regulations including IEC 62443, NIST SP800 and other industry standards and regulations
• Smart Grids and Digital Oilfields

You have:

• Bachelor’s or Master’s degree in Computer Engineering, Electrical Engineering, Computer Science or a related technical field
• Minimum of 15+ years in experience in Operational Technology Security
• Proven experience in performing control systems risk assessments, and security awareness training for systems operators, owners and vendors
• Knowledge of operational impact analysis workshops and technical trade–off studies against SCADA, PLC and DCS architectures, and associated industrial communication protocols
• Expertise on developing OT security programs, securing OT network architecture
• Ability to present technical design proposals and reports to customers and/or other senior engineering, management and government groups in clear, complete, concise and non–ambiguous terms
• Ability to establish and maintain work relations with clients
• Ability to conduct and support sales related –BDM activities
• Excellent leadership skills with ability to direct a team and achieve results while staying on schedule
• Excellent presentation, written and verbal communication skills; ability to clearly communicate
• Ability to manage engagements, you support the delivery, provide direction for team members, and manage other aspects of the project.
• Responsible for managing, mentoring and coaching the team
• Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and move swiftly from concepts and theory to action
• Ability to interact at C-level, as well as with tactical implementers
  CISSP, GICSP, CISM or CFSE/CFSP certification
• Fluent language skills in English and preferably in Dutch
• Willingness to travel for approx. 20% of your time

Applied Risk works with clients that are related to critical infrastructure. A qualified candidate must be able to pass a screening background check.

What we offer:

• A competitive compensation
• The chance to work with the best cybersecurity people in the world
• Work on International assignments
• Learning and development opportunities, attending conferences, events etc.
• Be part of a diverse and vibrant international environment
• Our “thirsty Thursdays” as social activity including movies, pizza, drinks, bar visits
• “Quarterly” team events

• Experience with operational technologies such as Remote Terminal Units (RTUs), Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS) and SIS.
• Experience with major industrial systems such as Emerson, Yokogawa, Honeywell, GE, ABB, Siemens...
• Fundamental understanding of IT and OT network communication protocols (For example: TCP/IP, UDP, OPC, IEC 101/104, Modbus, IEC 61850, WirelessHART, ISA100
• Active participation in design concepts and implementation strategies for various SIS, PLC and DCS systems to guarantee practical implementation of security standards
• Understanding of contemporary and legacy security technologies used within a particular domain, such as Firewalls, IDS/IPS, Diodes, SIEM
• Strong knowledge of networking technology (e.g. routers, switches, firewalls)
• Comprehend the customer’s business environment and suggest fit for OT security solutions
• Background in a CNI domain, e.g. transport, energy, utilities, defence or other heavy industry