SENIOR CYBER SECURITY ENGINEER
Our client, a Major Oil and Gas Operator is seeking an experienced Cyber Security Engineer. This is a core PAYE contract role initially until 30 November 2025 with extensions and potentially going staff in the future.
REPORTS TO: Cyber Security Manager
CONTEXT:
Cybersecurity Definition: Cybersecurity measures protect Industrial Automation and Control Systems (IACS) against threats from accidental circumstances, actions/events, or deliberate attacks.
Threat Origins: Threats can originate from the internet, corporate networks, maintenance activities, software upgrades, and unauthorized access, potentially leading to major health, safety, or environmental incidents.
Business Risk: Disruption to business, with cybersecurity as a potential cause, is identified as one of the top two risks for the client.
MAIN ACTIVITIES:
Implement Critical Requirements: Ensure compliance with CR GR SSI 001, CR GR SSI 023, GS EP INS 135, and L2-OPS-17-001 across all assets.
Incident Management: Review, investigate, mitigate, and resolve cybersecurity incidents, anomalies, and threats promptly.
Cyber Security Road Map: Assist in delivering key activities and act as a delegate for the Lead Cyber Security Engineer during absences.
Risk Analysis: Participate in asset cyber risk analysis and develop procedures and documentation for cybersecurity management.
Compliance: Ensure stakeholders comply with client cybersecurity requirements and carry out UK government cybersecurity self-assessment reports.
Solution Support: Roll out HQ security solutions, including administration and troubleshooting.
Audits: Conduct site audits, recommend improvements, and track actions to completion.
Vulnerability Management: Manage the client industrial cybersecurity vulnerability process and ensure timely patching.
Training: Develop and maintain industrial cybersecurity training materials and competence procedures.
Emergency Response: Create and maintain cyber emergency and incident response plans.
Project Involvement: Ensure cybersecurity requirements are captured in new projects and modifications.
Culture Promotion: Promote a positive cybersecurity culture and participate in annual events and presentations.
Innovation: Support the design and rollout of safer architecture solutions and stay updated on emerging technologies.
Reporting: Produce reports to monitor cybersecurity progress and communicate findings to stakeholders.
Vendor Coordination: Coordinate with third parties and vendors during cybersecurity incidents and carry out post-incident investigations.
SPECIFIC REQUIREMENTS:
Essential Qualifications/Knowledge Required:
Education: Relevant degree in Instrumentation and Controls, Computer Science, or Cyber Security.
Experience: Prior relevant industry experience.
Knowledge: Understanding of offshore operations, project management, and UK industry regulations.
Expertise: In-depth understanding of IEC/ISA 62443 and OG-86.
Management Skills: Experience managing contractors, vendors, and service providers.
Communication: Effective communicator, both written and verbal.
Relationship Building: Strong relationship-building skills at all levels - internally and externally.