We are seeking a professional to fill the position of Industrial Control System (ICS) Security Analyst in our Information Risk Management department.
The individual will have responsibilities in three areas dealing with ICS security: Governance; Architecture and Risk Assessments; and Incident Response. The ideal candidate will have experience in both information security and automation technologies, and fluently understand the differences between each field. The individual must be comfortable working in a geographically-dispersed team and capable of 25% travel. Responsibilities:
Required Knowledge / Skills, Education and Experience:
- Review current and future logical and physical network, system, and process designs for security concerns.
- Write, review, and maintain documents, policies, and standards governing the security operations and security considerations of manufacturing equipment and networks.
- Monitor and analyze information from security technologies such as firewall logs, IDS/IPS, patch management systems, anti-virus and anti-malware systems, access control systems, and other related security technologies.
- Be able to reasonably identify security or security-related events from a combination of systems, tools, and self-driven analysis.
- Work with manufacturing SMEs and plant staff to review abnormal network traffic and other events to rule-out security issues as a root cause.
- Lead and execute risk based methodologies for security assessments of ICS systems, both remote and physically on-site.
- Development and execution of ICS security training course curriculums, and building training material and activities as needed.
- Provide analysis to management regarding security trends.
- Create technical design documentation and write technical reports for both technical and management consumption and understanding.
- Be primary ICS security liaison for a geographical area. Build a full understanding of the systems, designs, and processes in place at the locations within geographical responsibility. In conjunction with other team members, provide input and expertise on systems, designs, and processes in place at locations outside of primary responsibility.
Preferred Knowledge / Skills, Education and Experience:
- Bachelor's or Master's Degree in Computer Engineering, Electric Engineering, Computer Science, Information Security or a related technical field with appropriate professional experience of 5+ years
- Acute understanding of differences between IT and OT networks, systems, designs, and approaches.
- Experience in the capabilities and/or configuration of cyber security controls.
- Familiarity with automation technologies and protocols, such as CIP, EtherNet/IP, Modbus, DNP3.
- Strong technical writing capabilities.
- Strong desire to question status-quo and think outside the box.
Leadership Behaviors:DRIVE INNOVATION
- Experience with SIEM, IDS/IPS and/or forensic analysis
- Well rounded automation and/or process knowledge including but not limited to: DCS, SCADA, Historian, Batch, HMI, and PLC
- CISSP or similar certification a strong plus
- Strong experience with cyber security vulnerability assessments, penetration tests, and the tools/techniques involved in both.
- Experience in assessing ICS environments for security vulnerabilities.
- Software development experience with one or more languages such as Python, PHP, JS, Ruby, C++, etc.
: Generate new or unique solutions and embrace new ideas that help sustain our business (encompassing everything from continuous improvement to new product and package innovation). COLLABORATE WITH SYSTEM, CUSTOMERS, AND OTHER STAKEHOLDERS
: Develop and leverage relationships with stakeholders to appropriately stretch and impact the System (Company and Bottler). ACT LIKE AN OWNER
: Deliver results, creating value for our brands, our System, our customers and key stakeholders. INSPIRE OTHERS
: Inspire people to deliver our mission and 2020 Vision, demonstrate passion for the business and give people a reason to believe anything is possible. DEVELOP SELF AND OTHERS
: Develop self and support others' development to achieve full potential.
Honesty and integrity have always been cornerstone values of The Coca-Cola Company. Our passion for people of integrity mirrors our spirited drive for total quality in our brands. These and other elements allow the company to sustain strategic practices and drive business performance. The Personnel Integrity Assurance Program is another step toward making The Coca-Cola Company the premier workplace. This process includes a pre-employment background investigation that applies to all applicants employees and contractors of the company. The scope of this inquiry may cover such elements as education employment history a criminal history check reference checks and a pre-employment drug screen. Designated countries or sensitive positions within the company may have more stringent standards.
At The Coca-Cola Company you can cultivate your career in a challenging and dynamic environment. We are the largest manufacturer and distributor of nonalcoholic drinks in the world-selling more than 1 billion drinks a day. Unlock your full potential with a future-focused company that is known and respected throughout the world.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state or local protected class.
Back to top
A little about us:
Coca-Cola’s success would not be possible without the world’s best employees. We invite you to challenge yourself, join us and prosper.