IT/OT Security Analyst
Location: Belfast, London
Role: IT/OT Security Analyst
We’re an IoT cyber security start-up, based in Belfast, with offices in London and The Hague. Our goal is to revolutionise the safety and resilience of machine-to-machine (M2M) communications of the future. With 1 trillion connected devices by 2025, the cyber security threat will increase exponentially. At Angoka, our innovative technology creates trust between devices to allow secure communication over zero trust networks.
Since our formation, we have been moving at a high speed. We have already been named as the Top Cyber Security company in NI, ranked 4th in NI’s Top 50 Tech companies, and nominated for Start-up of the Year. We’re also one of the Top 3 Hottest Space Tech start-ups in Europe! Our ground-breaking technology has also led us to be a part of prestigious programs, such as Tech Nation’s Cyber 2.0, and Seraphim Space Camp. We are the first (and only!) NI cyber security company to be a part of the NCSC Cyber Accelerator.
To achieve our goal, we’re growing our gifted, talented and international team. We aim to combine the best business and technical brains, to build a workplace where we continue to create breakthroughs at the forefront of technology.
We are looking for a Cyber Security Analyst specialised in IT/OT red team assessments. You will help us develop the reliability and security of our ground-breaking hardware and software authentication and encryption product. You will advance our knowledge and expertise in cyber risk assessments and mitigation control, incident response and secure architectures.
You will report to the CTO and Engineering Lead.
- Developing IT/OT cyber security assessment approaches to ensure pro-active identification of threats and attack vectors in line with NIST 800-53
- Prepare, review and assess the low-level and high-level design for IT/OT environments in line with industry best practice and international standards/guidelines, like ISA 99/IEC 62443, NISTIR 8183, NISTIR 8259, Enisa Good Practices for Security of IoT, PAS 1885:2018, and ISO21434
- Review and assess the architecture and design of our IT/OT communication authentication and encryption solutions
- Identify and highlight areas of concerns in the design, and suggest risk mitigation controls and recommendations to the engineering and development team
- Maintain familiarity with relevant legislation and regulation to IT/OT cyber security, digital forensics and incident response
- Reviewing security tools, processes and procedures to assist in testing the robustness of current and developing systems
- Identify and develop research into future attack vectors for IT/OT systems
- Provide technical assistance and advice to the engineering team and the sales team where necessary
- Deliver high-quality technical analysis, reports, and presentations to senior management
- Solid working experience in conducting cyber security assessments and implementing risk mitigation controls for IT/OT systems
- Solid knowledge of OT/IT security best practices applied in red team assessments and exercises
- Good knowledge and understanding of threat hunting strategies for IT/OT environments
- Good knowledge and experience of IT/OT cyber incident response, cyber kill-chain, and the Mitre ATT&CK framework
- Proven ability of designing, implementing and reviewing IT/OT security assessments and incident response plan
- Good understanding of protocols common within IT/OT (e.g., MODBUS, DNP3, S7, OPC. HTTP, SMB, DNS etc.)
- Good understanding of technical design considerations with emphasis on operational safety
- Proven experience (4-6 years) of working in a security role, focused on assessing cyber security risks for IT/OT systems and recommending viable security controls to mitigate against the risks
- Applicable knowledge and experience in one or more of the following industries: Nuclear, Electricity distribution, Rail, Utilities and Defence.
- Good experience in engineering security solutions for real-time and/or performance-sensitive systems is a bonus
- Qualified to at least an MSc degree in cyber security, industrial systems, computer science, or a related field
- Certifications such as Security+, Network+, SSCP, CCNA, GSEC, OSCP are a bonus
- Proven ability to rapidly interpret technical and business requirements and understand complex trade-offs in drawing conclusions and recommendations
- Proven ability to engage and work with other technical experts and incorporate their input and feedback
- Proven ability to communicate complex topics clearly and concisely
- Excellent verbal and written technical English communications skills
Significant related experience may be considered in mitigation of unmet criteria.
Applicants who exceed criteria may be considered for an equivalent higher-level position.
Angoka is an Equal Opportunity Employer. We welcome and encourage applicants from all backgrounds and experiences. We do not tolerate discrimination or harassment. At Angoka, all our hiring decisions are based on business needs, job requirements and individual qualifications, and we are committed to creating an inclusive culture that supports and represents our diverse society.