Carlisle Companies
OT Security Analyst
Carlisle Companies, Scottsdale, Arizona, us, 85261
Job Description
The OT Security Analyst works closely with Engineering, Operations, Maintenance, IT, and Cybersecurity teams to manage OT risk within Carlisle. The OT Security Analyst supports changes in the manufacturing environment through collaboration with these aforementioned teams. The OT Security Analyst acts as an ambassador and subject matter expert for Carlisle's focus on security, specific to our OT environments and works with the business to ensure appropriate risk reduction, while simultaneously working to minimize any unplanned disruption to operations.
Primary Functions and Essential Responsibilities:
Monitor asset management, vulnerability management, and threat detection solution for Carlisle's Industrial Controls Systems (ICS) and Operational Technology (OT) environments. Escalate and prioritize risk-reduction tasks, liaising with Engineering, Operations, Maintenance, IT, and Cybersecurity teams.Provide security subject matter expertise in matters pertaining to ICS/OT environments, including consulting and design services.Perform control assessments, ensuring that controls are effective in defending against cyber-attacks on critical infrastructure operational technology and industrial control systems.Assist in the development of ICS/OT specific cybersecurity roadmaps that prioritize the mitigation of cyber threats, based on the likelihood of occurrence and magnitude of cost/consequence of a security incident.Act as an ICS/OT Security "ambassador" to both internal and external customersProvide guidance and leadership to other Information Security team membersParticipates and provides expertise in OT design, development, and deployment.Position Requirements
Requirements:
2+ years' experience working in OT/ICS security, architecture, or information security equivalent.Familiarity with industrial network design optimization as well as effective network segmentation.Preferred: College Diploma or University Degree in either Systems Engineering, Manufacturing Engineering/Automation, Industrial Security/Operational Technology, Information Technology, Manufacturing Automation, or other related discipline.Strong knowledge of firewalls and security zone.Experience working in an Operation Technology (OT), ICS / SCADA environment.Experience with OT network monitoring tools (Nozomi is a must)Significant exposure and understanding of industrial Ethernet networks.Significant exposure to ICS communications protocols including Modbus TCP/IP, OPC, Profibus etc.Significant exposure to OT fundamentals including Purdue model, zone and conduit.Knowledge of security industry best practices for industrial control systems.Strong interpersonal skills and ability to work effectively with diverse and distributed teams.Strong attention to detail, project management and organizational skills.Demonstrate competency with information security principles, and industry standardsAble to successfully prioritize and manage to completion multiple complex tasks and deliverablesDemonstrate the aptitude to understand business needs and deliver high-quality, and efficient servicesStrong team player with excellent communication and documentation skillAt least 2-3 years of experience working with control systems is a pluOne or more of the following certifications is a plus:IEC 62443 Fundamental Specialist CertificateGIAC Security Essentials CertificationGIAC Global Industrial Cyber Security Professional (GICSP)
The OT Security Analyst works closely with Engineering, Operations, Maintenance, IT, and Cybersecurity teams to manage OT risk within Carlisle. The OT Security Analyst supports changes in the manufacturing environment through collaboration with these aforementioned teams. The OT Security Analyst acts as an ambassador and subject matter expert for Carlisle's focus on security, specific to our OT environments and works with the business to ensure appropriate risk reduction, while simultaneously working to minimize any unplanned disruption to operations.
Primary Functions and Essential Responsibilities:
Monitor asset management, vulnerability management, and threat detection solution for Carlisle's Industrial Controls Systems (ICS) and Operational Technology (OT) environments. Escalate and prioritize risk-reduction tasks, liaising with Engineering, Operations, Maintenance, IT, and Cybersecurity teams.Provide security subject matter expertise in matters pertaining to ICS/OT environments, including consulting and design services.Perform control assessments, ensuring that controls are effective in defending against cyber-attacks on critical infrastructure operational technology and industrial control systems.Assist in the development of ICS/OT specific cybersecurity roadmaps that prioritize the mitigation of cyber threats, based on the likelihood of occurrence and magnitude of cost/consequence of a security incident.Act as an ICS/OT Security "ambassador" to both internal and external customersProvide guidance and leadership to other Information Security team membersParticipates and provides expertise in OT design, development, and deployment.Position Requirements
Requirements:
2+ years' experience working in OT/ICS security, architecture, or information security equivalent.Familiarity with industrial network design optimization as well as effective network segmentation.Preferred: College Diploma or University Degree in either Systems Engineering, Manufacturing Engineering/Automation, Industrial Security/Operational Technology, Information Technology, Manufacturing Automation, or other related discipline.Strong knowledge of firewalls and security zone.Experience working in an Operation Technology (OT), ICS / SCADA environment.Experience with OT network monitoring tools (Nozomi is a must)Significant exposure and understanding of industrial Ethernet networks.Significant exposure to ICS communications protocols including Modbus TCP/IP, OPC, Profibus etc.Significant exposure to OT fundamentals including Purdue model, zone and conduit.Knowledge of security industry best practices for industrial control systems.Strong interpersonal skills and ability to work effectively with diverse and distributed teams.Strong attention to detail, project management and organizational skills.Demonstrate competency with information security principles, and industry standardsAble to successfully prioritize and manage to completion multiple complex tasks and deliverablesDemonstrate the aptitude to understand business needs and deliver high-quality, and efficient servicesStrong team player with excellent communication and documentation skillAt least 2-3 years of experience working with control systems is a pluOne or more of the following certifications is a plus:IEC 62443 Fundamental Specialist CertificateGIAC Security Essentials CertificationGIAC Global Industrial Cyber Security Professional (GICSP)