Share this Job

Operations Technology Security Analyst

Date: Sep 9, 2022

Location: Nashville, WI, US, 37228

Company: A. O. Smith Corporation

Company / Location Information

We are one of the world’s leading manufacturers of water heating and water treatment technologies in the world. We are a $3.5 billion company with 140+ years history and we employ more than 12,000 individuals globally who pride themselves on providing the world with innovative water technology. We are committed to Continuous Improvement, not just in our factories or processes, but in our people.

Primary Function

The primary focus of the Operations Technology (OT) Security Engineer is to support support and implement the goals of our OT security program. This position requires a solid understanding of IT and OT network communication protocols, experience implementing the Purdue model reference architecture, and the ability to perform packet analysis. In addition, this position requires an understanding of application, perimeter, and zone-based firewall solutions. Good communication and interpersonal skills are also of utmost importance.

Responsibilities

  • Serve as liaison between Manufacturing site team members and the Global Information Security team
  • Develop cybersecurity technology implementation strategies for OT environments with clear understanding of the differences between IT and OT (e.g. Anti-virus on HMIs, application whitelisting, network isolation strategies, etc.).
  • Develop OT cybersecurity reference architectures, standards, and guidelines for ICS systems and networks.
  • Develop risk mitigation plans, recommend solutions, and provide expertise to assure more resiliency for OT networked environments, assets, and sites.
  • Establish OT cybersecurity operations, maintenance, and monitoring of networked environments.
  • Demonstrate knowledge and/or proven record of success in security technologies such as firewalls, IDS/IPS, endpoint security solutions, access control systems, and other related security technologies within ICS environments.
  • Develop OT cybersecurity training and awareness program.
  • Understanding of ICS design considerations with emphasis on human safety and the availability/security of operating environment.
  • Collaborate with peers to identify new innovations, capabilities, and solutions that improve the security posture of the OT environment.
  • Understanding of infrastructure and network architecture and design, LAN/WAN implementation, and Windows environments (familiarity with Linux is a plus).
  • Participate in risk management activities to ensure proper risk levels are achieved.
  • Ensure security compliance with regulations and contractual obligations.
  • Perform hardware and software security risk assessments.
  • Partner with technical and business teams to design, implement, monitor, and maintain security controls.
  • Participate in the creation and maintenance of IT/OT security-related policies/ procedures.
  • Act as a resource to other IT departments seeking security-related advice or information.
  • Participate in external/internal penetration testing, including remediation and follow-up action plans.
  • Perform other duties as assigned.

Role Specific Responsibilities

  • Lead and assist in IT security incident management activities
  • Perform daily cadence of monitoring, reacting, and triaging malicious events
  • Identify security vulnerabilities and threat vectors, and identify/monitor/manage solution implementation
  • Coordinate security patch management, vulnerability scans, reporting and remediation follow-up with system owners
  • Develop and maintain ongoing process to remove unlicensed or unauthorized software
  • Provide side by side coaching for less experienced Security analysts
  • Monitor security process compliance of internal and third-party users
  • Provide consultation and advice to legal counsel and business leaders
  • Facilitate implementation of business-friendly solutions that insure the confidentiality, integrity and availability of A.O. Smith data
  • Participate in security related projects as applicable

Qualifications

  • Bachelor of Science/Bachelor of Art degree required, preferably in Computer Science, Information Systems, or Manufacturing Engineering
  • 8+ years of experience supporting information security
  • Experience with deploying processes and technology consistent with the Purdue model
  • Understanding of operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS)
  • Experience in troubleshooting system integration issues and working with security, network, and ICS technologies to implement secure solutions
  • Familiarity of the threats, vulnerabilities, exploits in ICS environments, and appropriate mitigation techniques
  • Knowledgeable with security control frameworks such as NIST CSF, CIS Controls
  • Ability to be a member of an on-call team

We Offer

Competitive compensation package and comprehensive benefit plans which include medical and dental insurance, company-sponsored life insurance, retirement security savings plan, short- and long-term disability programs and tuition assistance.


Nearest Major Market: Nashville

Job Segment: Operations Manager, Testing, Wastewater, Water Treatment, Cyber Security, Operations, Technology, Engineering, Security