ot/Enterprise iot Security analyst
OT/Enterprise IoT Security Analyst
By 2035, it is estimated that a colossal 1 trillion connected devices will be live across the globe. This introduces a new, complex web of security threats to people, lives, and connected cities.
At ANGOKA, we are focused on the security of critical machine-to-machine (M2M) communications particularly across Smart Cities and Smart Mobility. Our ground-breaking, quantum-safe solutions offer device identity protection, communication integrity and data provenance by creating trusted connections, even over untrustworthy networks.
Why join our talented team:
As we continue to create breakthroughs at the forefront of technology, we are looking for a Cyber Security Analyst with good experience in risk assessment, threat modelling, and analysis for OT/Enterprise IoT systems. You will help us develop the reliability and security of our ground breaking hardware and software authentication and encryption product. Reporting to the CTO and Security Lead, you will advance our knowledge and capabilities in Threat Analysis and Risk Assessment and Remediation.
As a fast-scaling start up, this role offers the opportunity for significant learning and professional development in a fast-paced industry, and you will work closely with the senior management team and key stakeholders within the company.
What you will do:
- Develop an OT/Enterprise IoT threat analysis and risk assessment framework and methodology to ensure proactive identification of threats and attack vectors and objective assessment of their risk on the safety of the system operation
- Review, analyse and assess the low-level and high-level design for OT/IoT environments in line with industry best practice and standards such as IEC 62443, EU NIS1 & 2, ISO 21434, WP 29-R155 & 156, NISTIR 8259, ISO 27400:2022, ETSI EN 303 645, and others
- Review and analyse conventional OT/IoT cyber security solutions and identify potential risks and attack vectors that compromise the safety and security of the system
- Identify and highlight areas of concerns in the design and architecture of the solution, and suggest risk mitigation controls and recommendations to the Security Lead and product team
- Monitor, research and analyse current and emerging threats and investigate these to develop appropriate security responses
- Research, review and analyse the latest and future OT and Enterprise IoT systems architecture and design to identify potential risks and provide recommendations on mitigations and remediation to ensure the system’s safety and security
- Maintain familiarity with relevant Cyber security and privacy standards and regulations for OT/ Enterprise IoT systems
- Develop and publish technical research and industry information on future risks and attack vectors compromising the safety and security of OT and Enterprise IoT systems
- Provide technical assistance and advice to the engineering team and the sales team where necessary
- Deliver high-quality technical analysis, reports, and presentations to senior management
What we are looking for:
- 2-4 years’ proven industry experience as a Security Analyst or Researcher focused on modelling threats, assessing their risks and recommending viable mitigation strategies for SCADA and cyber-physical systems in Industrial Systems, Mobility, Enterprise IoT, Manufacturing, and Critical National Infrastructure
- Demonstrable experience in conducting cyber security assessments and implementing risk mitigation controls for OT/Enterprise IoT systems
- Strong knowledge of cyber security best practices and standards for SCADA and cyber- physical systems in Industrial Systems, Connected and Autonomous Mobility, Critical National Infrastructure, Industry 4.0 and Manufacturing
- Good knowledge and understanding of threat modelling and analysis for OT/ Enterprise IoT systems
- Strong knowledge of different threat modelling and risk assessment frameworks, like MITRE & Attack, STRIDE, PASTA, Attack Tree, Cyber diamond, Taxi, etc.
- Proven ability of designing, implementing and reviewing OT/Enterprise IoT security assessments and remediation plans.
- Good understanding and working knowledge of SCADA, OT and Enterprise IoT communication protocols like CANbus, ModBus, ProfiNet, IP, 802.11, Bluetooth, Thread, Zigbee, etc.
- Applicable knowledge and experience in one or more of the following industries: Critical National Infrastructure, Nuclear, Electricity Distribution Networks, Connected and Autonomous Mobility, Rail, Industry 4.0, Manufacturing and Defence
- Good experience in security engineering for real-time, safety-critical systems is a bonus
- Qualified to degree level in cyber security, industrial systems, computer science, or a related field
- Professional certifications such as CEH or GPEN, CySA+ or ECSA, ICS/SCADA Cybersecurity, GICSP and GCIP would be a bonus
- Proven ability to rapidly interpret technical and business requirements and understand complex trade-offs in drawing conclusions and recommendations
- Proven ability to engage and work with other technical experts and incorporate their input and feedback
- Proven ability to communicate complex topics clearly and concisely
- Pro-active and enthusiastic with a can do attitude
- Excellent verbal and written technical English communications skills
- Ability to prioritise and handle multiple tasks and projects at any given time
- Strong organisational skills with a high attention to detail
- Ability to remain calm under pressure and meet deadlines
ANGOKA is an Equal Opportunity Employer. We welcome and encourage applicants from all backgrounds and experiences. We do not tolerate discrimination or harassment. At ANGOKA, all our hiring decisions are based on business needs, job requirements and individual qualifications, and we are committed to creating an inclusive culture that supports and represents our diverse society.