Company: Saudi Aramco
Skills: IT - Analysis & Management
Experience: 10 + Years
Education: Bachelors/3-5 yr Degree
Employment Type: Full Time Salaried Employee
Location: Dhahran, Eastern Province, Saudi Arabia
No location/work authorization restrictions found.
Req Number: 17384BR
We are seeking an ICS Cybersecurity Specialist to join the Security Intelligence Center Division (SICD) of the Information Protection Department (IPD).
The Security Intelligence Center Division is responsible for providing the defense of Saudi Aramco systems and networks against worldwide adversaries. In addition, with the continued evolution of SICD and the need for adapting to the emerging adversaries/APT groups, dynamic threat landscape, and increased regional and global risk, SICD requires individuals with data science and cybersecurity experience and expertise.
Your primary role is to identify, analyze, and assess ICS cybersecurity defense-related problems and provide solutions as the ICS Cybersecurity Specialist technical lead and subject matter expert. You will protect industrial networks and ICS/SCADA systems. You will combine industry-leading security technologies and intelligence to deliver incident monitoring, response, and threat modeling for Saudi Aramco within the Industrial Control Systems space.
The risk profile of controls systems is continually changing as Operational Technology (OT) and IT networks become increasingly interconnected. The changing risk profile increases Saudi Aramco's need to assist in preventing, detecting, responding to, and recovering from cybersecurity incidents involving control systems. Additionally, the role includes exposing threats targeting power plants and other control systems. Be part of team to develop innovative analytics for detection, support investigations, and incident response solutions.
As the successful candidate, you will hold a bachelor's degree in Computer Science, Computer Engineering, or an equivalent degree from a recognized and approved program. An advanced degree is preferred in a related Computer Science, Cybersecurity, Autonomic Computing, or Data Informatics field.
You will have at least 10 years of experience in IT, including at least 5 years in ICS/OT related to incident monitoring and response.
Have hands-on experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, RTUs, HMI, and Distributed Control Systems (DCS).
Well-versed in various control frameworks, including: IEC62443, NERC CIP, and NIST.
Fundamental understanding of IT and OT network communication protocols (e.g., TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.).
Familiarity with Unix and Windows operating systems and administrative tools.
Ability to document and explain technical details in a concise and understandable manner.
Self-motivated and results focused with an ability to strengthen the team and its mission.
Global Industrial Cybersecurity Professional (GICSP), Certified SCADA Security Architect (CSSA), or
Certified Information Systems Security Professional (CISSP) Certifications a plus.
Technical writing and reporting
Verbal and nonverbal communication
Presentation and information delivery
Time management and prioritization
Duties & Responsibilities:
You will be required to perform the following:
Act as a subject matter expert (SME) on ICS matters.
Conduct log analysis, and host and network analysis, in support of incident response investigations.
Work with IT and OT client staff to conduct thorough investigations and implement effective remediation strategies.
Recognize attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied in current and future investigations.
Hunt for active threats and malicious activity within control systems and identify possible attack vectors.
Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
Conduct tabletop exercises based on firsthand knowledge of real world attacks to help organizations better prepare for future attacks.
Effectively communicate investigative findings and strategy to client stakeholders, including technical staff, executive leadership, and legal counsel.