OT Vulnerability Analyst

An experienced OT Vulnerability Analyst to ensure that OT vulnerabilities are identified by cyber tools, assessments and audits are assessed, prioritized, and risk managed appropriately and in line with policies. You will also be responsible for providing relevant technical/non-technical security and providing reports to the vulnerability manager.

How you’ll support us on our mission to keep people safe and warm:

• Provide cyber security assurance activities by ensuring implemented solutions are a replica of agreed and approved architecture definition documents.
• Where required, propose solutions and coordinate delivery of mitigating actions to ensure risk levels are aligned with risk appetite.
• Work alongside and coordinate our third-party vendors including 'managed security services provider' (MSSP), penetration testers, attack path mapping and SOC operators including following up remediation work and reports.
• Work with the technical security and assurance team to help deliver new security tooling.
• Be a Security touchpoint for Project Business Analysts and Project Management and provide project with security consultations, supporting OT Security projects within the Cyber programme.
• Review both high/low level architecture definition documents for compliance against security policies, standards and regulatory requirements pertinent to OT environments.
• Attend relevant Architecture Review Board and Technical Design Authority meetings providing sign-off to designs created to deliver technical solutions into the OT environment.
• Produce in-flight project functional and non-functional security requirements and embed into existing processes.
• Post-implementation / pre-go live auditing of initial requirements for Security OT projects, checking agreed design proposals matched against delivered solutions.
• Operate collaboratively with the IT/OT Security Leads and the wider Corporate IT team to deliver the required solutions.
• Configure vulnerabilities management tools to ensure security vulnerabilities are identified across the SGN IT and OT estate.
• Triage, assess and prioritize identified security vulnerabilities, ensure mitigating controls are identified and implemented where necessary.
• Track remediation, risks, and exceptions and provide the Security Assurance function with vulnerability metrics and reports which include a view of outstanding vulnerabilities, plans for remediation, applied exceptions and security risks.
• Support continued service improvements initiatives.

What you’ll need:

We’re looking for a blend of skills and attributes that make you a great fit for this role. If you don’t tick every box, don’t worry - we provide tailored learning and development programs to help you grow and succeed with us.

• Must have 2 years’ cyber security experience within an OT environment with strong OT / ICS knowledge about products, architectures and workflows.
• Must have proven expertise in three of the following security domain areas: Vulnerability Assessment and Management, Security Risk and Compliance, Security Architecture, Endpoint Protection, Network Security, and Security Engineering.
• Good understanding and practical experience of Cyber Security Frameworks and standards such as NCSC security principles, NIST Framework, ISO 27001, ISO27005, IEC62443 etc.
• Good understanding of Cyber Assurance Framework and experience with working with Regulators and providing compliance updates for OT environment.
• Knowledge of the Purdue Model and experience of application of network segmentation to OT systems to bolster the cybersecurity.
• Role will require Security Clearance.

Why SGN?

SGN is a leader in pioneering research and development toward a net-zero energy system. Our cutting-edge technologies and innovative thinking are driving change in the gas industry, all while keeping people safe and warm.