Operational Technology Cyber Security Consultant (All Levels)

We offer an exciting range of opportunities to develop your career within a supportive and diverse team who always strive to do the right thing for our people, clients and communities. People are our greatest asset, and we offer a competitive package to retain and attract the best talent. In addition to the benefits you'd expect, UK employees also receive free single medical cover and digital GP service, family-friendly benefits such as enhanced parental leave pay and free membership of employee assistance and parental programmes, plus reimbursement towards relevant professional development and memberships. We also give back to our communities through our Collectively program which incorporates matched-funding, paid volunteering time and charitable donations.

Amentum are offering an exciting opportunity to join our growing team of Cyber Security professionals to work on a range of projects for our diverse client portfolio that covers Critical National Infrastructure, National Security, Defence and Nuclear market sectors. Our team is growing and we are looking for proactive and collaborative Cyber Security Professionals of all levels to work within our Critical National Infrastructure market, providing a range of security services. With our deep technical, commercial, and strategic nuclear expertise we develop solutions that address our client's critical challenges supporting digitalisation and security.

As part of our team, you will support across the full spectrum of security engineering activities in support of the design, development, integration, delivery, and in-service support of complex technical projects. You will collaborate with the team to deliver cyber security solutions, address risks, and support secure and resilient digital transformation across the information and operational technology environments. Amentum is a "relationship" focused company and the building and developing of these relationships with our clients is a significant and important part of this role. Although this role is initially Energy sector focused, you will have the opportunity to work across multiple market sectors to suit your interests and career aspirations under a hybrid working arrangement that best suits each client's needs. Training and development opportunities specific to the project needs and those of your own career plan will be available and supported. This role will report to the Head of Critical National Infrastructure.

Key Responsibilities

• Develop security requirements, architecture, and design for complex OT systems.
• Develop cyber security assessment approaches.
• Specify and implement a robust security risk management process.
• Support accreditation activities with the client and regulating authorities.
• Conduct security reviews and risk assessments in accordance with NCSC CAF, IEC 62443, etc.
• Provide technical assistance to business development.
• Maintain familiarity with legislation and regulations of relevance.
• Build and maintain relationships with internal and external stakeholders.

Here's What You'll Need

• Demonstrable experience in similar roles or transferable skills within a similar role.
• Familiarity with IEC 62443 and awareness of IEC 62351 for securing power-system comms (e.g., IEC 61850, IEC 60870-5-104).
• Certified Information Systems Security Professional (CISSP) and SANS Global Industrial Cyber Security Professional (GICSP) would be a plus.
• Able to travel to the client sites as and when required.
• Cyber Security work experience (with a significant focus on Operational Technology during that time).
• Practical experience of IT and OT cyber security risk/threat assessment approaches.
• Understanding of design considerations with emphasis on operational safety and the availability/security of operating environments.
• Understanding of cyber resilience plans and re-opener submissions under Ofgem price controls.
• Working knowledge and hands-on experience in a variety of operating systems and Operational Technology environments.
• Experience of security engineering and associated solutions (Endpoint Protection, IDS/IPS, Firewalls, etc.) for IT and OT environments.
• Working knowledge and understanding of networking technologies including architectures, key components, and common IT/OT protocols.
• Standards, frameworks, and regulatory experience including - NCSC CAF, EU NIS Directive, ISA/IEC 62443 Series, ISO 27000 Series, NIST Cyber Security Framework (CSF), and supplementary guidance.

Our Culture

Our values stand on a foundation of safety, integrity, inclusion, and diversity. We put people at the heart of our business, and we genuinely believe that we all succeed by supporting one another through our culture of caring. We value positive mental health and a sense of belonging for all employees. We aim to embed inclusion and diversity in everything we do. We know that if we are inclusive, we are more connected, and if we are diverse, we're more creative. We accept people for who they are, regardless of age, disability, gender identity, gender expression, marital status, mental health, race, faith or belief, sexual orientation, socioeconomic background, and whether you're pregnant or on family leave. This is reflected in our wide range of Global Employee Networks centred on inclusion and diversity. We partner with VERCIDA to help us attract and retain diverse talent.