IT Security Analyst, Sr( OT Cybersecurity )

Overview

Job Description

Stefanini Group is seeking a skilled Senior OT Cybersecurity Engineer to join our Infrastructure Services Division, within the Cybersecurity Services Tower, with direct-colleagues stretching remotely across North America, Europe and Asia, delivering high end security services to global customers.

The Senior OT Cybersecurity Engineer will be responsible for the architecture, implementation, operation, and continuous improvement of security platforms across industrial and operational technology (OT) environments.

We define a Senior Cybersecurity Engineer as a professional who understands systems, failure modes, and adversaries, and can design, operate, explain, and improve security under real-world constraints.

This role acts as the technical authority for OT visibility, threat detection, asset discovery, and risk management, while also mentoring junior engineers and enabling sustainable OT security operations.

A commitment to being available for on-call responsibilities is required to ensure timely response and support when needed.

Job Responsibilities:

• Ensure robust cybersecurity for Operational Technology (OT) environments, maintaining compliance with internal policies and regulatory frameworks (IEC 62443, NIST SP 80082, ISO 27001, NIS2, sector regulations).
• Act as the OT Security Subject Matter Expert (SME) and lead technical workshops, architectural reviews, and design sessions.
• Prevent security threats from becoming incidents by proactively reducing exposure, closing gaps, and guiding risk-based remediation activities.
• SecOps:
• Asset discovery and classification (passive-first approach).
• Network visibility and traffic analysis.
• Vulnerability and exposure identification with OT-specific prioritization.
• Threat detection, behavioral analytics, and anomaly hunting.
• Secure Remote Access (SRA) operations.
• Oversee rules tuning, alert reduction, and creation of new OT-specific detection use cases.
• Develop and maintain cybersecurity processes, procedures, and playbooks specific to OT environments.
• Support and guide incident response efforts, ensuring documentation, lessons learned, and continuous process improvements.
• Maintain detailed incident and investigation records for future analysis.
• Use scripting (Python/PowerShell), APIs, and data parsing (JSON, CSV, logs) to automate tasks and improve repeatability.
• Provide technical recommendations for secure OT architectures in alignment with the Purdue Model and OT segmentation.
• Collaborate closely with engineering, infrastructure, and business stakeholders to implement best practices and enhance OT security posture.
• Provide advisory guidance, technical leadership, and mentorship to junior engineers.
• Assist with reporting, dashboarding, and presenting security status to leadership.
• Platform Management:
• Initial platform deployment and scaling, sensor placement and architecture design, platform tuning to reduce noise and false positives, lifecycle management (upgrades, patches, capacity planning), performance optimization in high-throughput OT Networks.
• Integration & Ecosystem Enablement:
• Security Tooling: SIEM Platforms, SOAR platforms, ITSM, CMDB, Vulnerability Management Platforms.
• Proficient in comprehending and adjusting technical configurations in Operational Technology (OT) systems in accordance with security and compliance requirements, including:
• IEC 62443 (all relevant parts)
• NIST SP 800-82
• ISO/IEC 27001 (OT applicability)
• NIS2 (where applicable)
• Sector-specific regulations (energy, manufacturing, utilities).
• Automation & Engineering:
• Scripting (Python or PowerShell minimum)
• API usage
• Data parsing (JSON, CSV, logs)
• Basic software lifecycle awareness
• Infrastructure-as-Code awareness (even if not writing it).
  

• Excellent written and verbal communication skills in English.
• Experience in a customer-facing technology consultancy role.
• A customer-oriented attitude and strong communication & presentation skills are a requirement.
• Exhibit good interpersonal skills and ability to communicate confidently & concisely with audiences at all levels, manage expectations and explain technical details.
• Ability to develop and maintain excellent relationships with external and internal stakeholders.
• Excellent at communicating technical problems and solutions to both technical and non-technical audiences.
• Analytical mind with evaluative and problem-solving abilities, able to define technical solutions aligned with client's business problems at an architectural and design level of detail.
• Able to effectively undertake challenges and have experience in leading a project and teams in a complex environment.
• Ability to manage multiple priorities and meet deadlines.
• High degree of initiative, dependability and ability to work with little supervision.
• Highly adaptable professional, able to work well with others in diverse and evolving work environments.
  
  

Job Requirements

Details:

Required Experience:

• 7+ years of experience in cybersecurity, with at least 2+ years in OT / ICS security.
• Demonstrated experience or knowledge of various OT security platforms (both on-premises and cloud-based), along with relevant certifications.
• Proven experience securing:
• Industrial Control Systems (ICS)
• SCADA environments
• Manufacturing, energy, utilities, or critical infrastructure.
• Demonstrated experience leading end-to-end OT security initiatives, from architecture through operationalization.
• Experience working in safety-critical environments where availability and integrity are paramount.
  

• Familiarity with the Purdue model, IT/OT segmentation and zoning, Safety Instrumented Systems (SIS), and process control environments.
• Hands-on knowledge of industrial protocols, including Modbus, DNP3, OPC, Profinet, EtherNet/IP, BACnet, and IEC 60870-5-104.
• Understanding of Operational Technology (OT) assets such as PLCs, RTUs, HMIs, and DCS systems.
• Knowledge of the cyber kill chain and the MITRE ATT&CK framework (conceptual understanding rather than memorization), including common attacker techniques, supply chain attacks, ransomware operations, and various types of malware and their behaviors.