Cyber Security Engineer IT/OT

Information Technology Suzhou, China


Description

Position at Logitech

The Role:

The Cyber Security Engineer IT/OT is responsible for design, implementation and support of security tools for both IT and OT environments. The role also includes the review of design and architectural documentation, remediation of infrastructure vulnerabilities, and educational outreach to other teams (such as partnerships with Compliance, Legal, Operations, and other organizations within the company). 

The role is based in Suzhou, where Logitech has its biggest factory, and will require close collaboration with IT staff and control systems experts.

This role will report directly to the Head of Cybersecurity and Network at Logitech. As a member of the team, you will take part in designing and implementing key security controls and monitoring technologies for company-wide initiatives. 

Your Contribution:

Be Yourself. Be Open. Stay Hungry and Humble. Collaborate. Challenge. Decide and just Do. These are the behaviors you’ll need for success at Logitech. In this role you will:

  • Assess security risks in the IT and OT environments, provide mitigation strategies to improve network, system and application security.

  • Design and build enterprise-class security systems for both production and corporate environments.

  • Design and review network security architecture including firewalls, WAFs, network segmentation, VLANs, VPNs.

  • Ensure the secure integration of production key management systems

  • Work with IT, control system experts and business partners to ensure that security is included in the evaluation, selection, installation and configuration of all hardware and software.

  • Create solutions that enhance cloud security using available cloud controls/products, third party products, and/or custom-developed systems.

  • Review and approve security architecture for new projects or changes to existing systems.

  • Design and implement security solutions, including continuous monitoring and making improvements to those solutions:

    • SIEM product such as LogRhythm.

    • Network Access Control systems and policy - Cisco ISE, ForeScout, switches, wireless AP.

  • Participate in security incident response in IT and OT environments through all phases.

  • Assist in responding to audits, penetration tests and vulnerability assessments.

  • Advise on any OT security matter.

  • Assist in the review and update of security policies, architectures and standards.

  • Act as a liaison between operations and the security team.

Key Qualifications:

For consideration, you must bring the following minimum skills and behaviors to our team:

  • Minimum of 3-5 years of relevant system and/or network security experience.

  • BS in Engineering or Science plus 3 years of experience in OT/Cyber Security in ICS/SCADA/OT environments.

  • Strong experience working with industrial automation and control systems (PLC, DCS, SCADA); systems design, integration and testing

  • Knowledge of IT and OT security best practices and understanding of the differences.

  • Broad knowledge across multiple domains including web applications, database technologies, server applications, storage applications, hardware engineering, business intelligence, test/QA engineering, deployment operations.

  • Knowledge in security engineering, security threat analysis.

  • Experience securing/operating large hardened Linux, Windows System Administration.

  • Ability to identify and prioritize risks to the business appropriately.

  • Knowledge of security tool sets including key management systems, firewalls, muti-factor authentication, intrusion detection systems.

  • Comprehension of network security and related technologies including intrusion detection and prevention, WAF, NGFW, DMZ design, network segmentation.

  • Knowledge of deploying, configuring, or administering cloud-based environments, with special attention to security.

  • English fluency.

  • Strong communication skills, especially explaining security issues to diverse audiences; excellent written skills.

  • Positive attitude to developing and improving the way things are done, working in collaboration with others.

  • Driving a culture of continuous improvement within own work and the work of others.

  • Strong critical thinking and analytical skills.

  • Leadership experience for security projects involving multi-disciplined teams.

In addition, preferable skills and behaviors include:

  • Security considerations of cloud computing including data breaches, broken authentication, account misconfiguration, account hijacking, malicious insiders, third parties, APTs, data loss, and cloud security standard methodologies.

Logitech is the sweet spot for people who are passionate about products, making a mark, and having fun doing it. As a company, we’re small and flexible enough for every person to take initiative and make things happen. But we’re big enough in our portfolio, and reach, for those actions to have a global impact. That’s a pretty sweet spot to be in and we’re always striving to keep it that way.

 “All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.”