The OT Security Engineer will participate in the multi-year greenfield standup of a formal Product Information Security Management System (ISMS) within Dematic. The candidate will apply engineering & cybersecurity experience to embedded device RTOS, CI/CD pipeline for OT firmware, industrial automation control system components, and industrial network components to enumerate threat models into Risk Assessment & Control, generate Standards, and apply / assess Product against cybersecurity frameworks.
What we offer:
Competitive Compensation and Benefits
Learn More Here: https://www.dematic.com/en-us/about/careers/what-we-offer
Dematic provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.
The base pay range for this role is estimated to be $ 65,000 - 140,000 at the time of posting. Final compensation will be determined by various factors such as work location, education, experience, knowledge, and skills.
Tasks and Qualifications:
This is What You Will do in This Role:
Define requirements and design standards to protect Dematic products and solutions from security threats and for mitigating the impacts of these threats. Ensure that these standards are implemented in Dematic system development programs.
Define reference network architectures based on industry best practices to promote IT and OT security.
Apply risk-based methodology to justify risk mitigation or acceptance
Lead security technical design reviews.
Participate in internal Risk Assessments and Audits
Perform Cybersecurity Assessments of Dematic and customer operational facilities and provide remediation steps for identified gaps
Work closely with OT Infrastructure teams and developers to develop secure architectures
Facilitate the application of Product Cybersecurity Standards across multiple business units
Participate in Investigation and remediation of Product cybersecurity events in coordination with other departments
Consult on projects and provide Product cybersecurity expertise.
What We are Looking For:
Bachelor's degree within an Information System field.
3 years of applied cybersecurity design, architecture, and application of controls to IT or OT systems Experience with IT security r 3 years of Cybersecurity Design/Architecture IT/OT experience
Intermediate or better experience with industrial automation control systems and embedded OT components.
Intermediate or better experience with physical & logical networking, firewalls, RTOS, PLCs, HMIs, VFDs, Profinet, SSDLC & CI/CD pipelines for embedded devices, cloud operations, DMZ, proxy services.
Formal experience applying industry cybersecurity framework to a product or environment (I.e. IEC 62443, ISO 27001)
Security , Network , CND, GICSP, or similar certification. ISA IC32 or IC33 Certificates Preferred
General working knowledge of OT environments and components
Skill in applying and incorporating technology into proposed solutions, identifying security risks and designing the integration of hardware and software solutions
Be knowledgeable in NIST RMF/CSF, NIST 800-53/82 control sets, IEC 62443 and/or ISO 27001 standards.
This is a remote position; however, must have the ability to travel occasionally.
Some positions in the U.S. may require vaccination against COVID-19. Where legally permitted or required, offers for such roles are contingent on the candidate providing proof of full vaccination against Covid 19 (currently one dose of the Johnson & Johnson vaccine or two doses of the Pfizer or Moderna vaccine). Candidates with medical issues or religious beliefs or practices that prevent them from getting the vaccine may request an exemption from the vaccine requirement.
Equal Opportunity Employer - minorities/females/veterans/individuals with disabilities/sexual orientation/gender identity
Please see job description for required skills.