Position OverviewAs a Vulnerability Management & Cybersecurity Analyst, you will be responsible for safeguarding both IT and OT systems in one of the most critical industries. Your focus will be on identifying, assessing, prioritizing, and remediating vulnerabilities across both networks, while contributing to broader cybersecurity initiatives, such as threat detection, incident response, and security compliance. You will work with advanced tools like Tenable and Nozomi Networks to ensure that potential threats are managed proactively and that our cybersecurity posture remains robust and resilient.Key ResponsibilitiesVulnerability ManagementVulnerability Assessments: Perform regular vulnerability scans using Tenable and Nozomi Networks, covering both IT and OT environments, including SCADA, PLCs, and other ICS systems.Risk Prioritization: Assess vulnerabilities based on risk impact, exploitability, and criticality to business operations.Remediation Management: Collaborate with IT and OT teams to ensure vulnerabilities are patched or mitigated within defined timelines.Lifecycle Management: Track vulnerabilities from identification to remediation, ensuring a continuous improvement process.Patch ManagementEnsure timely and safe application of patches in IT and OT systems, working closely with system administrators and OT engineers.Propose compensating controls where patching is not feasible, particularly in OT environments where uptime is critical.Threat Correlation & PrioritizationLeverage threat intelligence to correlate vulnerabilities with active and emerging threats, ensuring swift mitigation of high-risk vulnerabilities.Security Monitoring & Incident ResponseMonitor SIEM, IDS/IPS, and network security tools for signs of potential security threats.Analyze logs and network data to detect suspicious behavior and threats across IT and OT environments.Participate in incident response activities, helping to mitigate active exploits and vulnerabilities.Security Risk Assessments & ComplianceConduct security risk assessments to identify weaknesses in IT and OT systems.Collaborate with business units to evaluate security risks from new technologies, applications, or infrastructure changes.Ensure compliance with relevant industry standards and frameworks such as NIST SP 800-82, ISA/IEC 62443, and ISO 27001.Access Control & Security GovernanceManage and monitor access control for IT and OT systems, ensuring that access rights are aligned with business needs.Contribute to the development and enforcement of security policies that align with industry regulations, such as POPIA, GDPR, and sector-specific guidelines for oil and gas.Skills & QualificationsTechnical SkillsExpertise in Tenable and Nozomi Networks for vulnerability scanning and monitoring.Proficiency in IT and OT network security, including protocols and architectures common in ICS/SCADA environments.Strong knowledge of incident response platforms, network firewalls, VPNs, and endpoint security.Familiarity with security frameworks and standards, including NIST SP 800-53, ISO 27001, and ISA/IEC 62443.Experience3-5 years of experience in cybersecurity, with a focus on vulnerability management, security monitoring, and incident response in IT and OT environments.Prior experience in the oil and gas industry, particularly in securing ICS/SCADA systems.Demonstrated experience managing security incidents and mitigating risks.Preferred CertificationsTenable Certified EngineerCertified Vulnerability Assessor (CVA)Offensive Security Certified Professional (OSCP) or Certified Penetration Testing Professional (eCPTP)Certified Information Systems Security Professional (CISSP)GIAC Global Industrial Cyber Security Professional (GICSP)Soft SkillsStrong analytical thinking and problem-solving capabilities.Excellent communication skills to engage with both technical and non-technical stakeholders.Proven ability to manage complex security challenges and work collaboratively with cross-functional teams.
