Operational Technology (OT) Cyber Security Engineer/Analyst

Please note that this is a hybrid position.

Do you want to experience the essence of a large organization in a company with a personal touch? Come and work with us! We are looking for creative, innovative, and collaborative people like you to join our team.

Take your ambitions to the next level

Alithya currently has an opening for an Operational Technology (OT) Cyber Security Engineer/Analyst. You will work on technically challenging and interesting projects, mostly within the nuclear industry. You have strong technical skills and excellent spoken and written communication skills. You are comfortable in client-facing situations, are results-driven and flexible, take ownership of tasks, and enjoy variety in your work.

• Perform GRC activities for OT systems, including:

  • Perform gap analysis and traceability;

  • Audit/create governance;

  • Identify and classify cyber essential assets (CEA);

  • Assess/implement cyber security controls for CEAs;

  • Develop cyber security training material/conduct organizational training;

  • Present analysis findings to client managers/stakeholders.

• Conduct HTRAs, including:

  • Develop assessment methodology and tools;

  • Conduct analysis and risk identification for cyber security assets/asset groups.

• Participate in cyber security R&D activities, including software and hardware development;

• Contribute to sales initiatives, including attending conferences, writing proposals, estimating, and meeting with potential clients;

• Contribute to the departmental cyber security strategy;

• Prepare and review technical documentation;

• Provide support for, and meet with clients;

• Work as a member of a team in a project-based environment;

• Some travel to client sites is expected.

When it just clicks!

Does this sound like you?

• At least three years of experience working in the field of cyber security or a post-secondary degree in computer science, engineering, information security, or any related field;

• Excellent spoken and written communication skills;

• Comfortable in client-facing environments;

• In-depth knowledge of OT systems/technologies and their attack vectors;

• Experience in Network Architecture and basic networking concepts (OSI model, TCP/IP, application protocols, networking technology);

• Knowledge of information security controls and principles;

• Knowledge of applicable standards – NERC CIP, NIST CSF, ISA/IEC 62443, ISO 27001;

• Experience authoring technical documentation.

Additional Qualifications:

• Professional Engineer designation in Ontario would be an asset;

• Experience in the Canadian nuclear industry would be an asset;

• Cyber security-specific certifications would be an asset (e.g., Security+, CISSP, GSEC, ISA/IEC 62443 certificates, etc.);

• Experience with Governance, Risk, and Compliance (GRC) as it relates to cyber security, including CSA N290.7, would be an asset;

• Experience with Harmonized Threat and Risk Assessment (HTRA) methodology would be an asset.