ICS Cybersecurity Specialist

The ICS Cybersecurity Specialist is responsible for the protection, detection, response, and recovery of Industrial Control Systems (ICS) Cybersecurity for Windows-based operating systems and network levels 0 through 3.5, in line with ISA/IEC 62443 standards. The role ensures compliance with company standards for both networked and standalone ICS/OT devices, and develops, enhances, and maintains the ICS Cybersecurity capabilities through the adoption of ISA/IEC 62443 standards and supporting tools (e.g., vulnerability assessment, IPS, SIEM, etc.).

Routine Duties:

• Establish a comprehensive cybersecurity management system and framework for the organization.
  
• Develop and implement necessary cybersecurity standards, policies, procedures, and risk assessment frameworks.
  
• Plan and facilitate internal and external audits to identify ICS cybersecurity gaps and vulnerabilities.
  
• Manage patch deployment for Windows devices across network levels 0 through 3.5 and standalone devices.
  
• Identify obsolete operating systems (OS) and plan for necessary upgrades through vendor consultations.
  
• Consolidate standalone devices (e.g., laptops used for PLC configuration).
  
• Complete configuration review sheets for workstations, servers, switches, firewalls, and routers in the OT environment for internal ICS audits, correcting deficiencies, and documenting deviation/remediation plans.
  
• Participate in and document compliance of all OT environment devices with organizational policies and procedures.
  
• Contribute to the design and implementation of cybersecurity solutions for the OT environment (e.g., SIEM, IPS, ATP).
  
• Monitor patch deployment, anti-virus, SIEM, IPS, ATP, and related systems, responding to and investigating alerts.
  
• Perform detailed post-event analysis of cyber incidents and direct necessary incident response actions.
  
• Conduct in-depth technical analysis of industrial control systems (ICS) and cybersecurity controls.
  
• Participate in vulnerability assessments and administrative audits on client computer systems and network devices considering the sensitivity of operational technology testing.
  
• Identify cybersecurity gaps and recommend mitigation strategies.
  
• Keep up-to-date with cybersecurity capabilities of operating systems, networking devices, control systems, and vendor solutions.
  
• Stay informed on current and emerging computer/network system technologies, architectures, and products.
  
• Resolve technical issues with a focus on operational impact and communicate resolutions to OT organizations.
  
• Secure operational technology networks by designing and implementing appropriate cybersecurity measures.
  
• Develop and deploy simulated ICS environments within virtual infrastructure.
  
• Contribute to MOC / PSSR processes.
  

Policies, Systems, Processes, and Procedures:

• Maintain an understanding of relevant cybersecurity standards, including those related to process networks.
  
• Provide input to the planning, design, development, and implementation of technical controls, procedures, and policies related to cybersecurity compliance.
  
• Identify opportunities for continuous improvement in systems, processes, and practices to enhance productivity and operational efficiency.
  
• Implement all relevant policies, processes, and procedures to ensure work is carried out in a controlled and consistent manner.
  

Quality, Health, Security, Safety, and Environment:

• Ensure compliance with life-critical procedures, operational tenets, and safety systems, including plant policies and standard operating procedures (SOPs).
  
• Participate in safety activities, ensuring regulatory, health, safety, security, environmental, and quality compliance.
  
• Conduct plant walk-downs and audits to ensure safe work practices and effective plant safety systems.
  
• Participate actively in shift toolbox meetings, Job Safety Analyses (JSAs), and related safety meetings.
  
• Enforce Stop Work Authority and immediately address unsafe practices.
  

Reporting:

• Communicate and present technical knowledge to stakeholders effectively.
  
• Provide training to employees on ICS cybersecurity measures and social engineering risks.
  
• Prepare timely and accurate reports to meet departmental requirements.
  
• Keep the supervisor informed of issues requiring additional follow-up.
  
• Report incidents and near misses, and participate in investigations as required.
  

Education:

• Required: Bachelor’s degree in Electrical Engineering, Electronic Engineering, Process Control Engineering, Instrumentation Engineering, Engineering Technology, Physical Engineering, Automation Engineering, Mechatronics Engineering, Cyber and Networking Security, Computer Engineering, or Science majoring in Information Technology.
  
• Preferred: Master’s degree in Electrical Engineering, Electronic Engineering, Process Control Engineering, Instrumentation Engineering, Engineering Technology, Physical Engineering, Automation Engineering, Mechatronics Engineering, Cyber and Networking Security, or Computer Engineering.
  

Experience:

• Required: Minimum of 5 years’ experience in control systems engineering, DCS/PLC/SIS support, instrumentation maintenance, or a related operational role in an Oil & Gas or chemical manufacturing environment. At least 3 years of experience in ICS/OT Cyber Security.
  
• Preferred: Minimum of 7 years’ experience in control systems engineering, DCS/PLC/SIS support, instrumentation maintenance, or a related operational role in Oil & Gas or chemical manufacturing environments. At least 5 years of experience in ICS/OT Cyber Security.
  

Other Job Specific Requirements:

• Strong experience with Windows OS, Active Directory (AD), GPO, security, and related tools.
  
• Knowledge of ICS cybersecurity standards, including ISA/IEC 62443.
  
• Familiarity with system security design, defense-in-depth/breadth, authentication, risk management, incident handling, configuration control, change management, and auditing.
  
• Experience with cybersecurity vulnerability assessments, penetration testing, and associated tools and techniques.
  
• Skilled in configuring cybersecurity controls, including firewalls, intrusion detection systems, access control, anti-virus software, patching, and logging.
  
• Strong technical writing skills and experience with policies, procedures, and documentation.
  
• Proficiency in network routing, switching, TCP/IP, and physical cabling for network communications and control system I/O.
  

Preferred Certifications:

• ISA 62443 Level 1/2/3 Certified.
  
• CISSP (Certified Information Systems Security Professional).
  
• GICSP (Global Industrial Cybersecurity Professional) Certification.
  
• CCNA/Network+ Certification.
  
• MCSE (Microsoft Certified Systems Engineer) Certification.
  
• Experience with DCS systems such as Emerson, Honeywell, or Yokogawa.
  

Languages:

• Required: Proficient in English.
  
• Preferred: Working knowledge of Arabic.