Plant Computing Security Specialist – PCSS
 
Risktec Solutions Ltd is an established, independent engineering and risk management consultancy. We help clients to manage health, safety, security, environmental (HSSE) and business risk in sectors where the impact of loss is high. Our people are high calibre and motivated professionals, with a clear focus on meeting clients’ expectations.
We are seeking highly motivated and dynamic individual with Security Computing and Software experience and a background in Control and instrumentation systems engineering or software engineering to manage the security aspects of a Plant Computer Systems, including computer-based systems Important to Safety (CBSIS) and non-CBSIS Plant Computer Systems.
We have an opportunity for a practitioner in OT (Operational Technology) cyber security to join the Engineering department of a client’s power station to drive plant computing security governance through the implementation of company policy, technical standards and regulatory requirements.
 
The station uses programmable and configurable microprocessor based systems for monitoring and control. The security of these systems or devices is important for the continued safe and reliable operation of site processes involved in nuclear power generation, supporting the nation’s critical infrastructure.
 
This role would suit a candidate who is looking to develop their career and who shows an aptitude for learning and a desire to become a subject matter expert and a source of technical expertise, supporting different teams with their security governance compliance.
 
 
What you’ll be doing
Reporting to the Cyber Security Site Lead, you can expect to use your skills and experience to:

• Ensure that cyber security risks to OT assets are captured through a continual risk management process, working with system owners to actively manage residual risks.
• Maintain the station asset inventory and risk register to track actions and report progress.
• Carry out malware checks in line with established procedures.
• Administer computer based security and monitoring systems.
• Carry out software or configuration backups of IT and OT equipment ranging in age.
• Participate in cyber incident response planning, exercising and digital forensic investigation.
• Ensure station documentation and network diagrams are maintained and accurately reflect design and configuration changes for new connections.
• Maintain awareness of current cyber security threats and vulnerabilities facing the industry or station OT assets. Provide advice on practical mitigations proportional to the risk.
• Contribute to new initiatives making use of technological developments to improve security and work closely with counterparts within the fleet to share information and experience.
• Produce and communicate learning briefs for user awareness, deliver training as required to educate and improve the security culture at all levels.
• Interface with NCSC and ONR, hosting security inspections as directed by the regulator.
• Handle and appropriately protect sensitive or restricted information.

 
Who you are
We welcome your application for the role if you have experience in cyber security and how this applies to OT systems in an industrial environment. Applicants should have a relevant HNC or degree qualification and possess the following knowledge and expertise such as:
 An understanding of relevant industry security standards and frameworks such as IEC 62443, ISO 27001 or NIST 800.

• Working knowledge of typical OT plant computing such as ICS, SCADA, DCS, PLC, HMI and smart instruments.
• Experience of both modern and legacy computer systems, with a breadth of hardware and software technical skills. Familiarisation with all types of storage media and digitisation thereof, including EPROM programming.
• An understanding of network security principles, aware of DMZ architecture for securing cross domain communication and know about industrial protocols such as serial, Modbus, OPC and HART. Experience configuring switches, routers and firewalls is advantageous.
• Lead by example demonstrating good digital hygiene practices and be able to assess both standard and unconventional devices for malware.
• A high level of attention to detail and good record keeping.
• Ability to work on your own initiative, build effective relationships with system owners and clearly communicate technical security concepts in simpler terms.
• Hold or be able to attain professional certifications such as CISSP, GICSP or CCNA.
• Hold or be able to attain and maintain SC national security vetting.

 
Location

• Site based location, East Lothian. Potential of hybrid remote working after an initial probation period.
• 12 month contract with the potential to extend

 
Due to the nature of the work, applicants must have a suitable background that will allow them to achieve UK security clearance (please note that this is very difficult to achieve within the timescales for non UK nationals and you will be subject to a screening process prior to interview to ensure that you meet the security clearance criteria).