OT Security Engineer

Before you apply to a job, select your language preference from the options available at the top right of this page.

Explore your next opportunity at a Fortune Global 500 organization. Envision innovative possibilities, experience our rewarding culture, and work with talented teams that help you become better every day. We know what it takes to lead UPS into tomorrow—people with a unique combination of skill + passion. If you have the qualities and drive to lead yourself or teams, there are roles ready to cultivate your skills and take you to the next level.

Job Description:

Job Summary
This position participates in the identification, tracking, and monitoring of information security threats and service operations. He/She utilizes established processes and tools to focus on incident response, threat identification, analyses, and remediation. This position participates in the implementation and integration of risk management procedures. He/She supports the processes for technical and physical risk management to protect UPS’s information assets. This position may also possess a secondary skillset in Web Development and secure programming methodologies. He/She identifies opportunities where automation or development may aid in the Security Analyst role. This position reviews code from a UPS or Vendor product and determine its function and purpose, or work with an API to retrieve data from an Application/Vendor. He/She must be familiar with the following: .Net, C++, PowerShell, SQL Server/SSIS and tools used to design and implement these programmatic solutions (Visual Studio, SSMS, Burp, VMWare, etc.).

Key Responsibilities:

Policy & Procedure Development:

• Develop and Implement OT Security Policies: Create policies and define framework for access control, incident response, business continuity, data security, and change management.

• Conduct Policy Reviews and Updates: Regularly review and update security policies and frameworks to address evolving threats and regulatory changes.

GRC Program Implementation & Management:

• Implement and Manage GRC Programs: Assist in implementing and managing GRC programs.

• Develop and Maintain GRC Metrics and Reporting: Establish and maintain metrics and reporting for GRC activities.

Communication & Training:

• Communicate Security Risks and Best Practices: Effectively communicate security risks and best practices to stakeholders.

• Develop and Deliver Security Awareness Training: Create and deliver training programs to raise security awareness among personnel.

• Provide Ongoing Support and Guidance: Offer continuous support and guidance on GRC-related matters.

Risk Management & Assessment:

• Develop Risk Management Frameworks: Assist in developing and implementing risk management frameworks tailored to specific OT needs, such as NIST Cybersecurity Framework, IEC 62443, or NERC CIP.

• Perform Risk Assessments: Conduct regular risk assessments to identify vulnerabilities in OT systems and implement risk mitigation strategies.

• Develop Risk Mitigation Strategies: Recommend and implement appropriate security controls and safeguards to mitigate identified risks.

Compliance & Auditing:

• Guide on Compliance Requirements: Assist in understanding and meeting relevant regulatory and industry standards (NIST CSF).

• Conduct Compliance Audits and Assessments: Assess compliance with relevant standards and regulations.

• Develop and Maintain Compliance Documentation: Assist in developing and maintaining necessary documentation to demonstrate compliance.

Consulting & Advisory Services:

• Provide Expert Advice on OT Security Issues: Offer expert advice and guidance on a range of OT security issues.

• Conduct Security Assessments and Gap Analyses: Perform assessments and analyses to identify security gaps.

• Recommend and Implement Security Improvement Plans: Suggest and implement plans to enhance security.

Key Skills:

• Deep understanding of OT security concepts, GRC frameworks, Standard policies, Controls framework, Business continuity planning, Disaster recovery, Incident response plan framework etc.

• Experience with GRC frameworks, methodologies, and tools.

• Excellent communication, presentation, and interpersonal skills.

• Strong analytical and problem-solving abilities.

• Ability to work independently and as part of a team.

• Relevant certifications: CRISC, CISA, CISM, CISSP, CompTIA

If you are passionate about OT security and have the expertise to drive our GRC initiatives, we encourage you to apply for this exciting opportunity.

Qualifications:

• Bachelor’s Degree or International equivalent

• Bachelor’s Degree in Computer Science, Information Security or related discipline - Preferred

• 2–3 years’ Linux & Windows experience, Information Security Controls, Internet Development Architecture & Design, and Technical Knowledge & Software

• 3-5 years’ Web/Application Development experience

• Investigative team player with big picture thinking

Other Criteria

• Job Grade: 20G

• Must be currently located in the same geographic location as the job or willing to relocate yourself - Required

• Last day to apply is 02/12/2025 11:59pm

Employee Type:

UPS is committed to providing a workplace free of discrimination, harassment, and retaliation.

Other Criteria:

UPS is an equal opportunity employer. UPS does not discriminate on the basis of race/color/religion/sex/nationalorigin/veteran/disability/age/sexual orientation/gender identity or any other characteristic protected by law.

Basic Qualifications:

Must be a U.S. Citizen or National of the U.S., an alien lawfully admitted for permanent residence, or an alien authorized to work in the U.S. for this employer.