OT Cybersecurity Engineer, Global

Vantage Data Centers powers, cools, protects and connects the technology of the world’s well-known hyperscalers, cloud providers and large enterprises. Developing and operating across North America, EMEA and Asia Pacific, Vantage has evolved data center design in innovative ways to deliver dramatic gains in reliability, efficiency and sustainability in flexible environments that can scale as quickly as the market demands.

The Vantage Cybersecurity Department is very hands-on. In most cases, we specify, purchase, configure, and maintain all networking and server hardware with a keen focus on cybersecurity measures. We also work closely with partner Value Added Resellers (VARs) to learn about the latest technological changes and cybersecurity trends so that we can make informed purchase decisions. We are always looking for ways to strike the best balance between technology, performance, cost, and cybersecurity.

The ICS/OT (Industrial Control Systems/Operational Technology) Cybersecurity Engineer will be part of a team responsible for protecting a rapidly expanding global enterprise. The Cybersecurity Engineer will audit the Industrial Control System / Operational Technology (ICS/OT) environment and perform risk/vulnerability assessments leading to the development of an enterprise strategy/design plan. The Cybersecurity Engineer will lead implementation (hands-on configuration) of the enterprise ICS/OT systems. Additional responsibilities include research, classification, and root cause analysis of security events that occur within the environment.

Responsibilities

• Partner closely with the OT Cybersecurity Manager and OT Cybersecurity Engineers to represent OT Cybersecurity at the regional level, participating in meetings with site operations, vendors, and internal stakeholders to drive consistent implementation of OT cybersecurity practices.
• Implementation and ongoing management of Secure Remote Access (SRA) and/or Privileged Access Management (PAM) solutions to control and monitor third party access to critical OT environments.
• Perform OT asset discovery, inventory management, and risk classification using OT monitoring platforms (e.g., passive monitoring tools), and support the deployment and configuration of ICS/OT IDS solutions.
• Conduct vulnerability assessments on OT assets and coordinate remediation activities in collaboration with Automation Systems, Site Operations, Network and Cyber Security teams.
• Support integration of OT security monitoring into SOC workflows, including alert tuning and playbook development.
• Work closely with data center teams to ensure cybersecurity controls do not impact uptime or operational resilience.
• Conduct Cybersecurity assessments of products and technologies under consideration by the Data Center teams prior to adoption and/or deployment.
• Perform OT Cybersecurity Risk assessments against best practices and industry frameworks (e.g., ISA/IEC 62443, NIST SP 800‑82, NIST CSF) including participating in audits.
• Implement and support OT cybersecurity monitoring and analytics tools to improve threat detection, threat hunting, and forensic investigations.
• Assess the criticality of OT systems, evaluate potential operational impacts of failures or cyberattacks, and use these insights to help design resilient OT architectures.
• Researching, developing, operationalizing, evaluating, and improving OT defensive tactics, techniques, and procedures (TTPs) for detecting and responding to cyber threats.
• Researching and developing OT Cyber Resiliency solutions including developing and operationalizing OT/ICS SCADA cyber defense architectures.
• Partner with other departments to review network architectures and determine if security best practices are being utilized.
• Work with vendors to ensure detailed diagrams, procedures, and plans are created and maintained for each deployment.
• Maintain and create documentation as needed.
• Represent the Cybersecurity team in meetings with the client’s vendors and stakeholders.
• Maintain awareness of industry trends, threats, and tools used to support enterprise security.
• Perform other ad hoc duties to support the company’s security goals.

Job Requirements

• Hands-on experience in an OT environment deploying and configuring OT security solutions.
• Design and implementation of solutions such as IDS, Secure Remote Access (SRA), Network segmentation, Firewalls, and Endpoint security.
• Working knowledge and hands-on experience in one or more of the following technologies and platforms: Building Management Systems (BMS), Electrical Power Management System (EPMS), SCADA Platform, PLC Platform (e.g. Siemens, Schneider, Rockwell), Industrial Protocols (Modbus, DNP3, BACnet, OPC, S7, CIP), Passive OT monitoring solutions (e.g. Tenable, Nozomi, Claroty), Firewalls (IDS/IPS/DPI/WAF/Web Filter/App Control), Networking Environments (Routing/Switching/VLANS/Security/Wireless etc.), SIEM, SOAR, and XDR technologies, Windows and Linux server architectures within IT/OT environments, Cloud and virtualization platforms supporting OT workloads.
• Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or related focused technical training or 4 additional years of engineering experience that may have been acquired in the military, public or private sectors.
• 3 years of experience performing Cybersecurity Risk assessments in an IT/OT environment.
• Strong understanding of cybersecurity frameworks for ICS/OT environments.
• Strong understanding of OT network communication protocols and industrial networking topologies.
• ISA/IEC 62443 Cybersecurity Certificates are preferable.
• Certifications for SANS Global Industrial Cyber Security Professional (GICSP), GIAC Response and Industrial Defense (GRID), Critical Infrastructure Protection are preferable.
• Understanding of MITRE ATT&CKS for ICS or NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Plan) frameworks.
• Familiarity with NIST Special Publication 800-61 Revision 2, Computer Security Incident Handling Guide.
• Familiarity with NIST Special Publication 800-82.
• Familiarity/Knowledge of the Perdue Enterprise Reference Architecture (PERA).
• Understanding of general cybersecurity frameworks (ISO IEC 27001/27002, ISO 15408, NIST CSF, NIST SP800-53).
• Demonstrable understanding of project/program management techniques and methods.
• Good Microsoft Excel skills required.
• Excellent written and verbal communication skills with transparent and timely communication.
• Expected travel is less than 20% but may be higher during construction projects. May grow and evolve over time.
• Be available outside standard working hours when required, including evenings, weekends, and holidays.

Additional Preferred Requirements

• Networking certifications (e.g. CCNA, CCNP).
• Security Certifications such as ISC2 Certified Information Systems Security Professional (CISSP), CompTIA Security+, CompTIA Network + or ISACA Certified Information Security Manager (CISM).
• Certifications for SANS (SysAdmin, Audit, Network and Security), GIAC (Global Information Assurance Certification), EC Council Certified Ethical Hacker (CEH), or Formal IT Security/Network Certification such as SANS GIAC Certified Intrusion Analyst (GCIA), SANS GIAC Network Forensic Analyst (GNFA), Certified SCADA Security Architect (CSSA).
• Data Center experience is strongly preferred, but not required.

We operate with No Ego and No Arrogance. We work to build each other up and support one another, appreciating each other’s strengths and respecting each other’s weaknesses. We find joy in our work and each other, actively seeking opportunities to inject fun into what we do. Our hard and efficient work is rewarded with an above market total compensation package. We offer a comprehensive suite of health and welfare, retirement, and paid leave benefits exceeding local expectations. Throughout the year, the advantage of being part of the Vantage team is evident with an array of benefits, recognition, training and development, and the knowledge that your contribution adds value to the company and our community.

Vantage Data Centers is an Equal Opportunity Employer. Vantage Data Centers does not accept unsolicited resumes from search firm agencies. Fees will not be paid in the event a candidate submitted by a recruiter without an agreement in place is hired; such resumes will be deemed the sole property of Vantage Data Centers.