Cyber Security Analyst, OT

The Cyber Security Analyst – OT Estate will play a pivotal role in ensuring the secure design, configuration, and operation of the organisation’s Operational Technology (OT) environment. Working as part of the Cyber Security Team, this individual will collaborate closely with Engineering and Operations teams to embed secure-by-design principles into all aspects of OT architecture and implementation, safeguarding industrial systems against evolving cyber threats. The role requires deep technical knowledge of OT cyber security practices and the ability to influence secure practices across complex environments.

This role offers the opportunity to make a significant impact on the organisation's security posture across the extensive OT estate. 

• Work collaboratively with Engineering and OT teams to ensure secure-by-design principles are embedded into all OT systems, including ICS/SCADA, PLCs, DCS, and associated networks.
• Conduct security reviews of OT system architectures and configurations, ensuring alignment with industry standards and internal security policies.
• Provide expert cyber security guidance across OT projects, upgrades, and lifecycle management activities.
• Validate and oversee secure configuration baselines for OT hardware and software.
• Develop, implement, and maintain OT-specific cyber security policies, procedures, and technical controls.
• Support risk assessments and threat modelling activities for the OT estate.
• Assist in monitoring, detecting, and responding to cyber threats within the OT environment.
• Contribute to the development and integration of OT cyber incident response plans.

Foster strong working relationships with internal teams, third-party vendors, and other key stakeholders to promote a culture of cyber resilience.

Experience:

• Minimum of 3 years in a cyber security or engineering role with a focus on OT environments.
• Hands-on experience with securing OT/ICS/SCADA systems and understanding of OT protocols (e.g., Modbus, DNP3, OPC, Profinet).
• Demonstrated involvement in securing critical infrastructure or industrial systems.
• Familiarity with NIS/NIS2 Directive, ISA/IEC 62443, NIST CSF or similar regulatory frameworks.

Essential Skills:

• Strong understanding of OT-specific security challenges, including system segregation, network zoning, and legacy system risks.
• Knowledge of secure system design principles applied within industrial control environments.
• Ability to interpret and apply cyber security standards in real-world OT scenarios.
• Excellent communication skills with an ability to influence and engage diverse technical and non-technical stakeholders.
• Strong analytical and problem-solving capabilities in complex technical environments.

Desirable Skills:

• Experience with industrial network monitoring and threat detection tools (e.g., Nozomi, Dragos, Claroty).
• Exposure to asset discovery and vulnerability management tools for OT environments.
• Understanding of convergence challenges between IT and OT networks.
• Experience participating in cyber incident investigations affecting OT environments.

Education:

• Degree in Cyber Security, Engineering, Industrial Automation, or a related field (or equivalent professional experience).

Industry-recognised certifications are advantageous (e.g., GICSP, ISA/IEC 62443 Cybersecurity Certificate, CISSP, CompTIA CySA+ or Security+).