Operational Technology & Cyber Security Engineer (28x28 Rotation in Equatorial Guinea)

Petrofac is a leading international service provider to the energy industry, with a diverse client portfolio including many of the world’s leading energy companies.

We design, build, manage and maintain infrastructure for our clients. We recruit, reward, and develop our people based on merit regardless of race, nationality, religion, gender, age, sexual orientation, marital status or disability. We value our people and treat everyone who works for or with Petrofac fairly and without discrimination.

The world is re-thinking its energy supply and energy security needs; planning for a phased transition to alternative energy sources. We are here to help our clients meet these evolving energy needs.This is an exciting time to join us on this journey.  

We support flexible working requests and have adopted a hybrid approach for most of our office-based roles. We ask employees to be present in the office at least three days per week.

Are you ready to bring the right energy to Petrofac and help us deliver a better future for everyone?

JOB TITLE: Operational Technology & Cyber Security Engineer

KEY RESPONSIBILITIES:

·       As an OT Cybersecurity Engineer, your role will focus on securing, supporting, configuring, and regularly updating our Process Control Systems. Your responsibilities will extend to configuring and managing network security measures to protect the process control layer from internal & external threats. Collaboration with diverse teams will be crucial to uphold the reliability, security, and efficiency of our OT systems.

·       The ideal candidate will possess specialized skills in OT network design, cybersecurity practices, and effective troubleshooting techniques.

·       Plan and organize work within OT domain while ensuring the interfaces are clearly defined and documented.

·       Ensure that all equipment, systems, and applications in the OT environment are registered & maintained.

·       Maintain comprehensive documentation of OT network configurations, protocols, and security measures.

·       Develop, maintain, and execute any site-specific procedures required to maintain OT security compliance by having an overview of our security measures.

·       Design, implement, and maintain robust OT network architectures to support sites, creating or modifying component information in the database as required.

·       Perform regular site visits to production facilities for remediation activities and to assure controls and procedures are in place. Also, identify new vulnerabilities and implement necessary measures.

·       Ensure Disaster Recovery Plans, systems are sustained through changes and tested appropriately.

·       Monitor and configure IDS/IPS & any other security systems/applications to meet cyber security & operational requirements.

·       Own all OT access control methods and profile management based on documented business approval.

·       Generate reports on network security/vulnerability, security incidents, and recommended improvements.

·       Escalate incidents as necessary, ensuring incidents are properly investigated, remediated, reviewed, and closed.

·       Implement change management, and testing procedures for network and endpoint security while maintaining system reliability.

·       Provide technical guidance and mentorship to junior engineers.

·       Experience exposure to offshore Process Automation and Control, Production and Operations environments.

·       Experience in defining, implementing & assessing cyber security controls in Industrial automation control systems.

·       Preferable experience with NIST-SP800-82, IEC62443 / ISA99, NERC-CIP, IEC 27002, ISO/IEC 15408, BSI TL-02103, etc.

·       Strong understanding of cybersecurity frameworks, principles, and practices in OT environments.

·       Working knowledge on Cyber Security concepts like Risk Assessment, Gap Assessment, Risk Treatment Plans, and relevant security technologies like SIEM, IDS & IPS.

·       Strong understanding of Offshore Oil & Gas operations, Hazards & Risks.

·       Familiarity/Knowledge of the Purdue Enterprise Reference Architecture (PERA)

·       In-depth knowledge OT / IACS network communication protocols (e.g., Modbus, Profibus, industrial networking topologies, as well as L2/L3 networking and architecture

·       In-Depth understanding of industrial automation systems (PLCs, SCADA, DCS).

·       Familiarity of the current threats, vulnerabilities, exploits in ICS environments, and appropriate mitigation techniques.

ESSENTIAL QUALIFICATIONS AND SKILLS:

·       An ability to work autonomously, cooperatively, and remotely from the corporate office with other locations.

·       Good presentation, training, and communication skills to both internal and external stakeholders.

·       Strong problem solving & time management skills.

·       Effective technical writing skills in English

·       Proficiency in Spanish would be a plus.

·       Cybersecurity industry certification such as Global Industrial Cyber Security Professional (GICSP)

·       Other Relevant IT / OT certifications (e.g., CISSP, CCNA, CCNP, ISA/IEC 62443 Cybersecurity Specialist)

·       Degree in Cyber (IT/OT) Security / Electronics / Electrical / Information Technology /Computer science Engineering, or demonstrable & relevant work experience.

·       Relevant Offshore Travel Certifications e.g., BOSIET, HUET, CA-EBS, MIST