Job Description
OT Security Engineer
At Kenvue, we believe there is extraordinary power in everyday care. Built on over a century of heritage and propelled forward by science, our iconic brands—including NEUTROGENA®, AVEENO®, TYLENOL®, LISTERINE®, JOHNSON’S® and BAND-AID® —are category leaders trusted by millions of consumers who use our products to improve their daily lives.Our employees share a digital-first mindset, an approach to innovation grounded in deep human insights, and a commitment to continually earning a place for our products in consumers’ hearts and homes. We put people first, care fiercely, earn trust with science, and solve with courage – and have brilliant opportunities waiting for you. Join us in shaping our future-and yours!
This role will be within our Cyber organization, working at the intersection of business strategy, network engineering and cybersecurity technology products. It is a hybrid office-based and remote position in Bangalore, India with the workday to overlap at least 3 hours into the summit, NJ business day.
As the engineer of Operational Technology (OT) Security, you will be responsible for serving as a senior-level individual contributor in OT security through independent engineering and deployment of security capabilities. This role requires technical expertise in ICS, SCADA, and IIOT security standards and frameworks like NIST-800-53/82 and ISA/IEC-62443 as well as an understanding of networking principles, infrastructure, cloud environments, and system integration. As an OT security engineer, you are responsible for providing specialized cybersecurity support across the operational business segments . You will collaborate with multiple groups across security, engineering and architecture, and IT operations as well as other non-IT technology owners. Additionally, you will support the operation of OT security tools to ensure they address risk and threat to the company.
Specific responsibilities-
- Contribute to and execute the strategy, vision, and architecture of the OT security product
- Demonstrate an understanding of security standards (ICS/SCADA and IIOT) and underlying principles of networking, infrastructure, cloud, and system integration.
- Contribute to the creation of OT-ICS cybersecurity guardrails to ensure all OT architectures, solutions and technologies across the company are built using the secure-by-design methodology
- Utilize industry standards and frameworks (e.g., NIST-800-53/82, ISA/IEC-62443) to identify capabilities and technologies to provide enhanced cyber defenses
- Provide recommendations and plans to mitigate identified issues from OT/ICS cybersecurity risk assessments, and ICS vulnerability assessments
- Work with Business Groups to craft modernization plans for legacy equipment and technologies
- Partner with security and enterprise architects and engineers to identify and evaluate emerging technologies
- Deliver high quality work outcomes and customer service in a high-pressure, fast paced setting to meet company needs.
- Stay up-to-date with emerging threats and security technologies to ensure the network remains secure and resilient.
- Provide technical expertise, guidance and support to junior security analysts to enhance their skills and knowledge.
- Maintain accurate documentation of network security design, procedures and incidents for future reference and analysis.
Qualifications - Required
- A bachelor’s degree or equivalent by track-record of successful enterprise experience.
- 4-6 years of experience with a strong background in OT security, network design and architecture, and experience working in a GxP regulated environment.
- Advanced understanding of network fundamentals and network security design, including the ability to develop network illustrations for industrial automation and control systems
- Experience working with SCADA/modern SCADA, , PLC, EMS-including connected technologies. Experience should cover communication protocols, such as TCP/IP, Modbus, IEC 61850, OPC, OPC UA and PROFINET
- Application of leading security standards and best practice guidelines (e.g. NIST CSF, ISO27001-2013-2022, (ISA)/IEC 62443 series of standards, NIS regulations, CIS Benchmarks
- Leading awareness of IT/OT security trends and common vulnerabilities. Experience should cover how to develop pragmatic remediation solutions and/or fixes against an organization’s threat landscape and cyber risk profile
- Demonstrated understanding of OT/ICS critical infrastructure in the Consumer Health, or similar industry including an understanding of threats, vulnerabilities, attack paths and exploits in an OT/ICS environment
- Experience with selecting, designing, architecting, and deploying security technologies to an OT/ICS environment
- Strong leadership presence, influencing, collaboration, communication information-sharing and organizational skills.
- Proven track record of innovation and continuous improvement.
- Expert at working with virtual, and diverse global teams of varied backgrounds and cultural experiences.
- Excellent written and oral communication skills with experience communicating highly conceptual designs to executives, mid-level management, and peer engineers.
- Customer service orientation, eye for business value, and a bias for action.
- Exercises independent judgment, strong decision making and problem solving for key processes.
- Experience with zero trust architecture.
- Good Manufacturing Practices (GMP)- Understanding of GMP regulations and how they impact OT cybersecurity practices in manufacturing.
- Data Integrity- Knowledge of regulatory requirements for data integrity, such as those outlined by FDA 21 CFR Part 11 or EU Annex 11.
Qualifications - Preferred
- A strong track record of working in cyber security and industrial automation
- Familiarity with cloud and OT/ICS integration
- Certifications in security (GICSP,CISSP, ISA/IEC 62443 Cybersecurity Expert)
- Knowledge of GAMP 5 Framework
Primary Location
Asia Pacific-India-Karnataka-Bangalore
Job Function
Development
Job Qualifications
A bachelor’s degree or equivalent by track-record of successful enterprise experience.
