Senior Cyber Security Engineer

SENIOR CYBER SECURITY ENGINEER

Our client, a Major Oil and Gas Operator is seeking an experienced Cyber Security Engineer. This is a core PAYE contract role initially until 30 November 2025 with extensions and potentially going staff in the future.

REPORTS TO: Cyber Security Manager

CONTEXT:

Cybersecurity Definition: Cybersecurity measures protect Industrial Automation and Control Systems (IACS) against threats from accidental circumstances, actions/events, or deliberate attacks.

Threat Origins: Threats can originate from the internet, corporate networks, maintenance activities, software upgrades, and unauthorized access, potentially leading to major health, safety, or environmental incidents.

Business Risk: Disruption to business, with cybersecurity as a potential cause, is identified as one of the top two risks for the client.

MAIN ACTIVITIES:

Implement Critical Requirements: Ensure compliance with CR GR SSI 001, CR GR SSI 023, GS EP INS 135, and L2-OPS-17-001 across all assets.

Incident Management: Review, investigate, mitigate, and resolve cybersecurity incidents, anomalies, and threats promptly.

Cyber Security Road Map: Assist in delivering key activities and act as a delegate for the Lead Cyber Security Engineer during absences.

Risk Analysis: Participate in asset cyber risk analysis and develop procedures and documentation for cybersecurity management.

Compliance: Ensure stakeholders comply with client cybersecurity requirements and carry out UK government cybersecurity self-assessment reports.

Solution Support: Roll out HQ security solutions, including administration and troubleshooting.

Audits: Conduct site audits, recommend improvements, and track actions to completion.

Vulnerability Management: Manage the client industrial cybersecurity vulnerability process and ensure timely patching.

Training: Develop and maintain industrial cybersecurity training materials and competence procedures.

Emergency Response: Create and maintain cyber emergency and incident response plans.

Project Involvement: Ensure cybersecurity requirements are captured in new projects and modifications.

Culture Promotion: Promote a positive cybersecurity culture and participate in annual events and presentations.

Innovation: Support the design and rollout of safer architecture solutions and stay updated on emerging technologies.

Reporting: Produce reports to monitor cybersecurity progress and communicate findings to stakeholders.

Vendor Coordination: Coordinate with third parties and vendors during cybersecurity incidents and carry out post-incident investigations.

SPECIFIC REQUIREMENTS:

Essential Qualifications/Knowledge Required:

Education: Relevant degree in Instrumentation and Controls, Computer Science, or Cyber Security.

Experience: Prior relevant industry experience.

Knowledge: Understanding of offshore operations, project management, and UK industry regulations.

Expertise: In-depth understanding of IEC/ISA 62443 and OG-86.

Management Skills: Experience managing contractors, vendors, and service providers.

Communication: Effective communicator, both written and verbal.

Relationship Building: Strong relationship-building skills at all levels - internally and externally.