OT/ICS Security Analyst at MillerKnoll – MI – Zeeland Mainsite Computer Center

Why should you join us?

Our purpose is to design for the good of humanity. It’s the ideal we strive for every day in everything we do. Being part of MillerKnoll means being part of something bigger than your work team or even your brand. We’re redefining modern for the 21st century. And our success allows MillerKnoll to champion causes that align with our values, so we can build a more sustainable, fair, and beautiful future for everyone.

GENERAL PURPOSE

As an Operational Technology (OT) Security Analyst at MillerKnoll, you will help reduce business risk by protecting industrial equipment and processes from cyber threats. You will work closely with the Security Operations Center to monitor, analyze, and respond to security alerts and events related to the OT environment, which includes devices such as Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), Human Machine Interfaces (HMIs), and Internet of Things (IoT) devices. You will collaborate directly with the larger Information Security team to ensure compliance with industry regulations, standards, and best practices, and educate employees on proper cyber hygiene. You will help ensure the confidentiality, integrity, and availability of the organization’s critical infrastructure and help shape strategies to reduce cyber risk.

ESSENTIAL FUNCTIONS

• Act as the first responder to security incidents within the OT environment and coordinate with the broader organization to address cyber threats.
• Ensure timely detection and identification of potential attacks/intrusions and distinguish findings from innocent activities.
• Correlate incident data to identify specific vulnerabilities and make recommendations that enable rapid containment and remediation.
• Work closely with IT, engineering, and production support teams to integrate cybersecurity controls into the OT environment and processes.
• Provide technical summaries of findings in accordance with established reporting procedures.
• Escalate and triage incidents that could have a direct impact on the organization.
• Perform log analysis from various sources (for example, individual host logs, network traffic logs, firewall logs, and intrusion detection system logs) to identify potential threats.
• Perform event correlation to gain situational awareness and determine the effectiveness of an observed attack.
• Assist in the development and implementation of security policies and procedures, particularly those relevant to operational technology.
• Track and document cyber incidents from initial detection to final resolution.
• Help reduce risks by actively identifying areas of non-conformance and making recommendations for improvement.

Additional features

• Stay up to date on cybersecurity news and trends relevant to business and industry, as well as techniques to continually improve OT security measures.
• Participate in the information security on-call service and provide emergency support for security-related incidents.
• Provide input into the development of security policies and procedures.
• Collaborate with other business units, such as Governance, Risk and Compliance, to communicate program status and overall security posture.
• Promote a positive safety culture through knowledge sharing, influence and behavior.
• Create and manage role-specific documentation.
• Participate in the Change Advisory Board (CAB).

Knowledge, skills and abilities

• Knowledge of the Purdue model or other data flow reference models.
• Knowledge of system management concepts for operating systems such as Unix/Linux, iOS, Android and Windows, including those commonly used in OT environments.
• Knowledge of cloud service models and cloud security best practices.
• Knowledge of procedures used to document and retrieve reported incidents, problems and events.
• Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
• Knowledge of secure OT/ICS system design for critical infrastructure, including concepts such as network segmentation, access control and system hardening.
• Knowledge of auditing and logging procedures (including server-based logging).
• Knowledge of common software applications and their associated vulnerabilities, including those specific to operational technology and industrial control systems.
• Knowledge of host-based security products and how they reduce abuse.
• Knowledge of the approach, strategy and structure of exploitation tools (e.g. sniffers, keyloggers) and techniques (e.g. gaining backdoor access, collecting/exfiltrating data, performing vulnerability assessments).
• Knowledge of MITRE ATT&CK and similar cybersecurity frameworks.
• Knowledge of what constitutes a ‘threat’ to a network.
• Proficiency in identifying, capturing, containing and reporting malware.
• Proficiency in using incident handling methodologies.
• Proficiency in using security event correlation tools.
• Ability to develop analytical approaches to problems and situations for which information is incomplete or for which there is no precedent.
• Ability to identify unusual activities within a defined baseline.

QUALIFICATIONS

Education/Experience

• Bachelor’s degree in computer science, information systems, cyber security or software engineering.
• 3+ years of relevant experience in cybersecurity or information technology.
• 3+ years of hands-on experience with Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) systems, or other OT devices.
• Experience with a scripting language such as Python, PowerShell or VBA.
Licenses and Certifications
• One or more technical or cybersecurity certifications preferred (e.g., CISA, CCSP, CRISC, CEH, Security+, GSEC, SSCP)

Experience with an OT security solution such as Claroty, Dragos or Tenable OT.

Who do we hire?

Simply put, we hire everyone. MillerKnoll is made up of people of all abilities, gender identities and expressions, ages, ethnicities, sexual orientations, veterans from all branches of military service, and more. Here, you can bring your whole self to work. We are committed to equal employment opportunity, including veterans and people with disabilities.

This organization participates in E-Verify Employment Eligibility Verification. Generally, MillerKnoll positions are closed within 45 days and are open for applications for a minimum of 5 days. We encourage our potential candidates to submit their application(s) promptly so they do not miss our opportunities. We post new opportunities regularly and encourage potential candidates to check back often for new openings.

MillerKnoll complies with applicable disability laws and makes reasonable accommodations for applicants and employees with disabilities. If a reasonable accommodation is needed to participate in the application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact MillerKnoll Talent Acquisition at [email protected].