OT/ICS Security Analyst

Why join us? 

Our purpose is to design for the good of humankind. It’s the ideal we strive toward each day in everything we do. Being a part of MillerKnoll means being a part of something larger than your work team, or even your brand. We are redefining modern for the 21st century. And our success allows MillerKnoll to support causes that align with our values, so we can build a more sustainable, equitable, and beautiful future for everyone.

GENERAL PURPOSE

As an Operational Technology (OT) Security Analyst at MillerKnoll, you will help reduce enterprise risk by safeguarding industrial devices and processes from cyber threats. You will work closely with the Security Operations Center to monitor, analyze, and respond to security alerts and event related to the OT environment, consisting of devices such as Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), Human Machine Interfaces (HMIs), and Internet of Things (IoT) devices. You will collaborate directly with the greater Information Security team to ensure compliance with industry regulations, standards, and best practices, as well as educate employees on proper cyber hygiene. You will help guarantee the confidentiality, integrity, and availability of the organization’s critical infrastructure and aid in shaping strategies to reduce cyber risk.

ESSENTIAL FUNCTIONS

•    Act as a first responder to security events within the OT environment and coordinate with the greater organization to resolve cyber threats.
•    Provide timely detection and identification of possible attacks/intrusions and distinguish findings from benign activities.
•    Correlate incident data to identify specific vulnerabilities and make recommendations that enable prompt containment and remediation.
•    Collaborate closely with information technology, engineering, and manufacturing support teams to integrate cybersecurity controls into the OT environment and processes.
•    Provide technical summaries of findings in accordance with established reporting procedures.
•    Escalate and triage incidents that may cause an immediate impact to the organization.
•    Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify possible threats.
•    Perform event correlation to gain situational awareness and to determine the effectiveness of an observed attack.
•    Assist in the development and implementation of security policies and procedures, specifically those relevant to Operational Technology.
•    Track and document cyber incidents from initial detection through final resolution.
•    Assist in reducing risk by actively identify areas of non-compliance and making recommendations for improvement.

Additional Functions

•    Stay current with cybersecurity news and trends relevant to the business and industry as well as techniques to continuously improve OT security measures.
•    Participate in the information security on-call rotation, providing emergency support for security-related incidents.
•    Provide input into the development of security policies and procedures.
•    Interface with other business units such as Governance, Risk, and Compliance to communicate program status and overall security posture.
•    Promote a positive security culture through knowledge sharing, influences, and conduct.
•    Create and maintain role-specific documentation.
•    Participate in the Change Advisory Board (CAB).

Knowledge, Skills, and Abilities

•    Knowledge of the Purdue model or other data flow reference models.
•    Knowledge of system administration concepts for operating systems such as Unix/Linux, iOS, Android, and Windows operating systems, including those commonly used in OT environments.
•    Knowledge of cloud service models and cloud security best practices.
•    Knowledge of procedures used for documenting and querying reported incidents, problems, and events.
•    Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
•    Knowledge of OT/ICS secure system design for critical infrastructure, including concepts like network segmentation, access control, and system hardening.
•    Knowledge of auditing and logging procedures (including server-based logging).
•    Knowledge of common software applications and their associated vulnerabilities, including those specific to Operational Technology and Industrial Control Systems.
•    Knowledge of host-based security products and how they reduce exploitation.
•    Knowledge of approach, strategy, and structure of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis).
•    Knowledge of MITRE ATT&CK and similar cybersecurity frameworks.
•    Knowledge of what constitutes a “threat” to a network.
•    Skill of identifying, capturing, containing, and reporting malware.
•    Skill in using incident handling methodologies.
•    Skill in using security event correlation tools.
•    Skill in developing analytic approaches to problems and situations for which information is incomplete or where no precedent exists.
•    Ability to identify unusual activity amongst a defined baseline. 

QUALIFICATIONS

Education/Experience

•    Bachelor in Computer Science, Information Systems, Cybersecurity, or Software Engineering.
•    3+ years of relevant experience in cybersecurity or information technology.
•    3+ years of hands-on experience with Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) systems, or other OT devices.
•    Experienced in a scripting language such as Python, PowerShell, or VBA.
Licenses and Certifications
•    One or more technical or cybersecurity certification preferred (e.g., CISA, CCSP, CRISC, CEH, Security+, GSEC, SSCP)

Experienced in an OT security solution such as Claroty, Dragos, or Tenable OT.

Who We Hire?

Simply put, we hire everyone. MillerKnoll is comprised of people of all abilities, gender identities and expressions, ages, ethnicities, sexual orientations, veterans from every branch of military service, and more. Here, you can bring your whole self to work. We’re committed to equal opportunity employment, including veterans and people with disabilities.

This organization participates in E-Verify Employment Eligibility Verification. In general, MillerKnoll positions are closed within 45 days and are open for applications for a minimum of 5 days. We encourage our prospective candidates to submit their application(s) expediently so as not to miss out on our opportunities. We frequently post new opportunities and encourage prospective candidates to check back often for new postings.

MillerKnoll complies with applicable disability laws and makes reasonable accommodations for applicants and employees with disabilities. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact MillerKnoll Talent Acquisition at  careers_help@millerknoll.com.