Senior OT Security Consultant

Founded in 2012, Applied Risk is a well-recognised and respected leader in Cyber Security for the Operational Technology domain. We have managed to successfully grow the company to over 50 people today, with clients spread across all continents. We are considered a key Cyber security player within the Operational Technology industries that are depending on critical infrastructure. We’re helping businesses to protect their assets by reducing security risk. Our key mission is to help our clients to mitigate and defend against cyber threats and as such help society to become safer. We built a vibrant company culture, and as part of the DNV Holding, we believe an inspiring workplace. We trust our employees and empower them to do great things and use good judgement to make decisions on behalf of Applied Risk and for our clients.

The role:

As we are planning to double in size in the coming year due to our healthy expansion plans and the huge increase of our client base, we’re currently growing our OT Security capability globally. In the light of this, we’re looking for a Senior OT Security Consultant, based in the Netherlands or UK, with an option to work remotely. We’re looking for someone with senior experience in Critical Infrastructure sectors, such as Power, Oil & Gas, Water, Transportation, Manufacturing, Food etc. including experience in a variety of Cyber security disciplines like:

• Industrial Automation and Process Control
• Enterprise, IT and OT cyber security
• Industry regulations including IEC 62443, NIST SP800 and other industry standards and regulations
• Smart Grids and Digital Oilfields

You have:

• Bachelor’s or Master’s degree in Computer Engineering, Electrical Engineering, Computer Science or a related technical field
• Minimum of 10+ years’ work experience in Operational Technology Security
• Proven experience in performing control systems risk assessments, and security awareness training for systems operators, owners and vendors
• Knowledge of operational impact analysis workshops and technical trade–off studies against SCADA, PLC and DCS architectures, and associated industrial communication protocols
• Expertise on developing OT security programs, and securing OT network architecture
• Ability to present technical design proposals and reports to customers and/or other senior engineering, management and government groups in clear, complete, concise and non–ambiguous terms
• Excellent presentation, written and verbal communication skills; ability to clearly communicate and have excellent consulting skills
• Ability to manage and mentor a small team of Security consultants
• Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and move swiftly from concepts and theory to action
• Perform presales activities (e.g. proposals, presales calls, RFP responses)
• Ability to interact with high profile clients
• CISSP, GICSP, CISM or CFSE/CFSP certification
• Fluent language skills in English and preferably in Dutch
• Willingness to travel for approx. 20% of your time

Applied Risk works with clients that are related to critical infrastructure. A qualified candidate must be able to pass a screening background check.

What we offer:

• A competitive compensation
• The chance to work with the best cybersecurity people in the world
• Work on International assignments
• Learning and development opportunities, attending conferences, events etc.
• Be part of a diverse and vibrant international environment
• Our “thirsty Thursdays” as social activity including movies, pizza, drinks, bar visits
• “Quarterly” team events

• Experience with operational technologies such as Remote Terminal Units (RTUs), Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS) and SIS
• Experience with major industrial systems such as Emerson, Yokogawa, Honeywell, GE, ABB, Siemens etc.
• Fundamental understanding of IT and OT network communication protocols (For example: TCP/IP, UDP, OPC, IEC 101/104, Modbus, IEC 61850, WirelessHART, ISA100
• Active participation in design concepts and implementation strategies for various SIS, PLC and DCS systems to guarantee practical implementation of security standards
• Understanding of contemporary and legacy security technologies used within a particular domain, such as Firewalls, IDS/IPS, Diodes, SIEM
• Strong knowledge of networking technology (e.g. routers, switches, firewalls)
• Comprehend the customer’s business environment and suggest fit for OT security solutions
• Background in a CNI domain, e.g. transport, energy, utilities, defence or other heavy industry