Cyber Security Engineer - Sydney - F/M

at  RATP Dev

CONTEXT

RATP Dev, a subsidiary of the RATP group, operates and maintains urban and interurban transport networks in 15 countries through more than 100 subsidiaries. Thanks to the professionalism of our 24,000 employees and the expertise of a world leader in public transport, our subsidiaries provide performance, dynamism and reliability to our customers and the passengers on their networks.

MAIN RESPONSABILITIES

• Support OT cyber security projects to deploy cyber security technologies/ solutions across critical assets to address cyber threats and asset risks/vulnerabilities in OT and IT Domains.
• Deliver required project deliverables by providing technical inputs to Digital Systems and the RATP Dev Western Sydney Airport Metro technical scope, such as cyber architecture/ engineering, contributing to and review of design/ OT system architecture, integration, fine-tuning and technical support.
• Develop Cyber standards, policies and procedures for the Digital Systems business.
• Develop management plans including concept of operations and maintenance of related assets
• Work closely with various OT/IT cyber security platform vendors to ensure a smooth integration of cyber security technologies/ solutions into OT/IT domains up to the operational phase.
• Collaborate with a wide range of local & global OT/IT teams from a variety of professional backgrounds to deliver OT cyber security project scopes on time.
• Engage in OT cyber security technologies/ solution platform deployment, troubleshooting, configurations and system management to familiarize and trained till operational phase.
• Responsible for the administration of OT/IT/IoT industrial cyber security technologies/ solution platform, including but not limited to below cyber security control requirement scopes
• Work closely with the Group CISO team and be part of the cyber security team of RATP Dev
• Asset management
• Backup & Restoration management
• Identity & Access management
• Security certificate application & licenses renewal
• Patch management
• Security policy and configuration management
• Change management
• Vulnerability management
• Coordination and management of OEMs and security vendors for any product issues e.g., patch/software updates, etc. including solution deployment and troubleshooting to resolve known issues.
• Lead the development of cyber response and incident management processes.
• Monitor and track the performance of the external cyber security service provider against the service contract scopes and raise non-compliance in the report in order to identify any patterns that require attention for improvement.
• Stay updated on emerging technologies, industry trends, and regulatory requirements related to cybersecurity and software quality assurance.
• Any other appropriated duties as required by the management.

WORK/JOB EXPERIENCE REQUIREMENTS

• Minimum 5 years combined working experiences in Operational Technology (OT), IT and Cyber Security preferably in an OT/ IACS environment
• Minimum 5 years hands-on experience in OT/IT systems preferably with SCADA and similar critical systems
• Fundamental understanding of IT/ OT network communication protocols
• Minimum of 5+ years of relevant working experience in cyber security technologies/ solutions implementation and securing OT Domains.
• Practical knowledge and applied experience on Operational Technology (OT) Cyber Security global standard frameworks such as ISA/IEC 62443, NIST SP-800-82, SANS Controls, ISO/IEC 27001. Knowledge of CLC 50701 standard is an advantage.
• Experience with cloud-based industrial cybersecurity solution platforms for OT/IT/IoT such as Claroty, Nozomi etc.
• Knowledge of ISA-99 Purdue Model, OT network security architecture, network security techniques and standards.
• Familiarity with compliance requirements such as the SOCI act 2018, Information Privacy act 2000 etc
• Ability to develop technical and non-technical Operational Technology (OT) Cyber Security documents for varying audiences e.g., control & automation personnel, IT/OT cyber security.
• Knowledge of OT Cyber Security aspects related to networking, industrial firewall, applications in OT environment. Hands-on experience using ITSM Tools and Password management is an advantage.
• Proven track record and demonstrated relevant experience as a key member of an incident response team and 3rd party vendor management.

EDUCATIONAL REQUIREMENTS

• Bachelor’s Degree (Computer Engineering, Instrumentation/Automation & Control) or other Engineering Degrees equivalent with applicable OT/IT Architecture and cybersecurity
• Desired Certification e.g., Global Industrial Cyber Security Professional (GICSP) is an advantage

PREFERRED SKILLS

• Proficiency in system architecture
• Knowledge of system engineering frameworks and tools
• Knowledge of frameworks, guidelines and manuals published by ASD
• Understanding of software development methodologies (e.g., Agile, Waterfall)
• Experience with version control systems (e.g., Git, SVN)
• Familiarity with databases and SQL
• Ability to develop cyber related design and assurance artefacts
• Knowledge of the various layers: application (+), physical, network (++), system (++), organizational
• In-depth technical knowledge of the IT security environment
• Knowledge of information systems and architecture principles
• In-depth knowledge of technologies, IT security solutions and associated investigation tools (+++)

The Cyber Security Engineer/ Specialist is responsible for providing technical expertise in the area of Operational Technology (OT) and IT Cyber Security including the design, review, implementation, system administration of cyber security technologies/ solutions including security services management and forensic activities.
The role will play a pivotal role in delivering cyber security related outcomes including a brand-new C-SOC. The role will provide subject matter expertise to ensure cyber initiatives are seamlessly integrated and adhered to throughout the D&C as well as O&M phases.
The ideal candidate shall be a passionate OT, Cyber Security and IT professional with the ability to communicate with various project, business, and support teams.