Saudi Aramco Careers

ICS Cybersecurity Specialist

Saudi Arabia
information technology


Job Description

Requisition ID: 1441701

Req Number: 17384BR

Position Description:
We are seeking an ICS Cybersecurity Specialist to join the Security Intelligence Center Division (SICD) of the Information Protection Department (IPD).

The Security Intelligence Center Division is responsible for providing the defense of Saudi Aramco systems and networks against worldwide adversaries. In addition, with the continued evolution of SICD and the need for adapting to the emerging adversaries/APT groups, dynamic threat landscape, and increased regional and global risk, SICD requires individuals with data science and cybersecurity experience and expertise.

Your primary role is to identify, analyze, and assess ICS cybersecurity defense-related problems and provide solutions as the ICS Cybersecurity Specialist technical lead and subject matter expert. You will protect industrial networks and ICS/SCADA systems. You will combine industry-leading security technologies and intelligence to deliver incident monitoring, response, and threat modeling for Saudi Aramco within the Industrial Control Systems space.

The risk profile of controls systems is continually changing as Operational Technology (OT) and IT networks become increasingly interconnected. The changing risk profile increases Saudi Aramco's need to assist in preventing, detecting, responding to, and recovering from cybersecurity incidents involving control systems. Additionally, the role includes exposing threats targeting power plants and other control systems. Be part of team to develop innovative analytics for detection, support investigations, and incident response solutions.

Minimum Requirements:
As the successful candidate, you will hold a bachelor’s degree in Computer Science, Computer Engineering, or an equivalent degree from a recognized and approved program. An advanced degree is preferred in a related Computer Science, Cybersecurity, Autonomic Computing, or Data Informatics field.

You will have at least 10 years of experience in IT, including at least 5 years in ICS/OT related to incident monitoring and response.

Technical skills
Have hands-on experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, RTUs, HMI, and Distributed Control Systems (DCS).

Well-versed in various control frameworks, including: IEC62443, NERC CIP, and NIST.

Fundamental understanding of IT and OT network communication protocols (e.g., TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.).

Familiarity with Unix and Windows operating systems and administrative tools.

Ability to document and explain technical details in a concise and understandable manner.
Self-motivated and results focused with an ability to strengthen the team and its mission.

Global Industrial Cybersecurity Professional (GICSP), Certified SCADA Security Architect (CSSA), or

Certified Information Systems Security Professional (CISSP) Certifications a plus.


Nontechnical skills

Technical writing and reporting

Verbal and nonverbal communication

Presentation and information delivery

Time management and prioritization

Duties & Responsibilities:
You will be required to perform the following:

Act as a subject matter expert (SME) on ICS matters.

Conduct log analysis, and host and network analysis, in support of incident response investigations.

Work with IT and OT client staff to conduct thorough investigations and implement effective remediation strategies.

Recognize attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied in current and future investigations.

Hunt for active threats and malicious activity within control systems and identify possible attack vectors.

Develop comprehensive and accurate reports and presentations for both technical and executive audiences.

Conduct tabletop exercises based on firsthand knowledge of real world attacks to help organizations better prepare for future attacks.

Effectively communicate investigative findings and strategy to client stakeholders, including technical staff, executive leadership, and legal counsel.

About us:
The Engineering & Project Management (E&PM) business line studies, plans and oversees the construction of the Company’s new facilities, including some of the biggest and most complex projects in the petroleum industry. Recently, Saudi Aramco completed the largest capital program in its history that included new or expanded oil, gas and petrochemical facilities, raising maximum sustainable crude oil production capacity to 12 million barrels per day and significantly increasing gas production and processing capacities. Among the recently completed projects was the largest crude oil increment in the history of the industry: Khurais, with a production capacity of 1.2 million barrels per day. More challenges lie ahead, with a slate of new or expanded oil, gas, refining and petrochemical projects in the works. E&PM also manages the Company’s Research & Development Center where scientists investigate topics such as the desulfurization of crude oil, advanced fuel formulations for next generation combustion engines, and reservoir nano-scale robots (Resbots™) for injection into reservoirs to record their properties.