Introduction
IBM CIC delivers technical and industry expertise across public and private sectors, helping clients transform their hybrid cloud and AI journeys.
Role Overview
As a Senior Security Consultant specializing in Operational Technology (OT) & Industrial Security, you will protect critical national infrastructure, industrial control systems, and safety‑critical operational environments.
Key Responsibilities
* Assess OT/ICS security posture, including network architecture, access pathways, remote access, asset visibility, and control system exposures.
* Design and implement secure architectures for industrial networks, including segmentation, zoning/conduits, DMZ patterns, and secure access to SCADA, PLC, and DCS environments.
* Conduct risk assessments and threat modelling tailored to OT environments, ensuring alignment with NIS/NIS2, IEC 62443, NCSC CAF, and other industry frameworks.
* Integrate and uplift monitoring and logging across OT/ICS systems, supporting improved event visibility, anomaly detection, and incident response readiness.
* Support incident response for OT environments, including containment strategies, recovery planning, and coordination across operations, engineering, and security teams.
* Collaborate with engineering, plant operations, and vendor teams to embed secure‑by‑design principles into industrial systems, upgrades, and transformation programmes.
* Advise on OT‑specific vulnerabilities, patch management constraints, compensating controls, and risk‑based prioritisation suited to safety‑critical environments.
* Design secure remote access and vendor connectivity models, balancing operational requirements with robust authentication and segmentation controls.
* Guide clients through regulatory alignment, including NIS/NIS2, CAF assessments, audit preparation, and sector‑specific compliance expectations.
* Deliver workshops and technical briefings, translating complex OT security risks into clear, actionable, business‑aligned recommendations.
Required Education
None
Preferred Education
Bachelor’s Degree
Required Technical and Professional Expertise
* Hands‑on experience securing OT/ICS environments, including SCADA, PLCs, DCS, HMIs, and industrial networking components.
* Understanding of industrial protocols such as Modbus, DNP3, OPC, Profinet, BACnet, or equivalent.
* Strong knowledge of OT network architecture, including zoning, conduits, segmentation, DMZ patterns, firewalling, and secure remote access.
* Experience with industrial security frameworks such as IEC 62443, NIS/NIS2, NCSC CAF, NIST 800‑82, or sector‑specific regulatory guidance.
* Ability to perform OT‑specific risk assessments, threat modelling, and safety‑aligned security reviews.
* Exposure to OT‑friendly logging, monitoring, and anomaly detection approaches, including integration into SIEM/SOC ecosystems.
* Experience collaborating with OT engineers, plant operators, safety teams, and vendors, understanding both operational and technological constraints.
* Knowledge of compensating controls for unpatched or legacy OT assets, and practical approaches for risk reduction without system downtime.
* Understanding of OT remote access patterns, vendor maintenance pathways, MFA enforcement, and secure jump‑host/terminal server models.
* Consulting experience, including stakeholder engagement, requirements gathering, documentation delivery, and presenting risk‑based recommendations.
Preferred Technical and Professional Experience
* Experience securing OT systems in energy, utilities, transport, chemicals, manufacturing, or CNI sectors.
* Hands‑on exposure to OT monitoring tools or industrial detection platforms (e.g., Nozomi, Dragos, Claroty, Tenable.ot).
* Experience supporting CAF or NIS/NIS2 assessments, or leading remediation programmes against these frameworks.
* Knowledge of industrial wireless, safety systems (SIS), or building management systems (BMS) security considerations.
* Certifications such as GICSP, GRID, IEC 62443 qualifications, or vendor‑specific OT security training.
* Experience integrating OT telemetry into SOC/SIEM environments, with an understanding of constraints around logging, latency, and data sensitivity.
* Exposure to IoT and IIoT security, including device onboarding, identity, firmware assurance, and edge gateway security.
* Experience delivering secure‑by‑design guidance during IC upgrades, modernisation, or cloud‑connected industrial programmes.
Benefits
* Many training opportunities from classroom to e‑learning, mentoring and coaching programs and the chance to gain industry‑recognised certifications.
* Regular and frequent promotion opportunities to ensure you can drive and develop your career with us.
* Feedback and checkpoints throughout the year.
* Diversity & Inclusion as an essential component of our culture through our policies and support networks.
* A culture where your ideas for growth and innovation are always welcome.
* Internal recognition programs for peer‑to‑peer appreciation.
* Tools and policies to support your work‑life balance from flexible working approaches, sabbatical programmes, paid paternity leave, maternity leave and an innovative maternity returners scheme.
* More traditional benefits, such as 25 days holiday (in addition to public holidays), private medical, dental & optical cover, online shopping discounts, an Employee Assistance Program, life assurance and a group personal pension plan of an additional 5% of your base salary paid by us monthly.
Work Environment
This role requires eligibility for UK Government security clearance. Candidates who already hold clearance (SC or DV) are encouraged to apply, but we will fully consider applicants who meet the eligibility criteria and can obtain clearance.
Other Relevant Job Details
IBM wants you to bring your whole self to work. If you are interested in a flexible working pattern, please talk to our recruitment team to find out if this is possible in the current working environment.
Equal Opportunity Employer
IBM is proud to be an equal‑opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, neurodivergence, age, or other characteristics protected by the applicable law. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
J-18808-Ljbffr