Việc làm này đã được thêm vào mục Việc làm đã lưu.
Bạn đã lưu tối đa 20 việc làm. Nếu bạn muốn lưu mới, hãy cập nhật Việc làm đã lưu.
3 Lý do để gia nhập công ty
- Môi trường đẩy nhanh phát triển năng lực
- Nơi quy tụ nhân tài người Việt trên toàn cầu
- Văn hóa thành công, đề cao sáng kiến
Mô tả công việc
The OT Security Engineer is responsible for securing the airport's operational technology — baggage handling, building management, fire-safety interfaces, physical access control, CCTV, and supporting industrial systems — from design review through commissioning and into operations. Working on the owner's team, the role reviews and challenges the designs delivered by the systems integrator and M&E contractors, verifies security evidence before acceptance, and represents OT security at the project's Architecture Review Board.
The ideal candidate brings deep technical knowledge across ICS and building-automation systems, industrial networking, and OT security frameworks such as IEC 62443, NIST SP 800-82, and CIS Controls — with proven experience in greenfield deployments, design assurance, and security acceptance in critical infrastructure environments. Working proficiency in both Vietnamese and English is required.
Key Responsibilities
1. OT Security Architecture Review & Assurance
- Review the systems integrator's HLD/LLD network and security designs for the OT scope: zones and conduits per IEC 62443, firewall placement, and segmentation between IT, OT, and public-facing networks.
- Verify with L2/L3 evidence — VLAN, SVI, and routing records, management-plane and PAM design, wireless isolation proof — that no protected flow bypasses the designated firewalls.
- Review OT remote-access and patching paths (jump host, patch staging) to ensure no uncontrolled IT-to OT connectivity emerges.
- Track findings to closure through the project's decision and gap registers, distinguishing design risk from evidence gap.
2. Airport OT Systems & Safety Boundaries
- Own the OT security view of the airport systems: baggage handling (BHS), building management (BMS/HVAC), fire alarm (monitor-only integration), physical access control (PACS), CCTV, master clock, lifts and escalators, and power management.
- Defend safety boundaries: hardwired interlocks sit below the software layer and must remain independent of any network or command path.
- Participate in FAT/SAT/SIT and commissioning: witness command-verification, failuremode, and interlock override testing with the M&E contractors and the Commissioning Authority, and hold security acceptance criteria at each gate through ORAT.
3. Governance, Compliance & Regulatory Alignment
- Apply IEC 62443, NIST SP 800-82, and CIS Controls pragmatically to an airport OT environment.
- Operate within Vietnam's regulatory framework for critical information infrastructure: the Law on Cybersecurity, Decree 53, and personal data protection requirements, including reporting relationships with CAAV and the Ministry of Public Security.
- Prepare and defend OT security positions at the Architecture Review Board; produce documentation in both English and Vietnamese for the architecture team, contractors, and authorities.
4. OT Visibility, Monitoring & SOC Integration
- Build and maintain a comprehensive OT asset inventory (wired, wireless, and IIoT) as the foundation for segmentation and monitoring decisions.
- Define requirements and acceptance criteria for passive OT network monitoring and anomaly detection, evaluating platforms capability-first: asset-discovery depth, protocol coverage, and SIEM export quality.
- Integrate OT telemetry into the enterprise SIEM (Splunk-based), and define alert ownership together with the SOC and the operations team.
5. Secure Procurement & Supplier Gating
- Write capability-based security requirements for OT procurements and assess supplier responses.
- Operate device compliance questionnaires as procurement gates: protocol conformance, TLS support, authenticated access, safe-state behaviour on loss of communications, and interlock independence.
- Define proof-of-concept scope and acceptance criteria before any monitoring or enforcement platform is purchased.
6. Wireless & IIoT Security
- Review wireless designs for the OT estate and verify isolation evidence for guest and public Wi-Fi against corporate and OT networks (WLC placement, SSID/VLAN separation, 802.1X, WPA3-Enterprise).
- Assess IIoT and telemetry radio proposals (LoRa, private 5G) as they arise, including Vietnamese spectrum constraints.
7. Emerging OT Platform Security
- Contribute to security review of the next-phase OT platform: Unified Namespace (MQTT/Sparkplug B, OPC UA, Kafka), IT/OT Bridge with hardware data diode, and IEC 61499 software-defined automation — including engineering and deployment-plane security, recovery and IEC 61131-3 fallback, and autonomy governance.
Yêu cầu công việc
Qualifications & Requirements
Education
- Bachelor's or Master's in Computer Science, Electrical, Electronics, Industrial or Control Engineering, or equivalent experience.
Experience
- Min 3–5 years in OT/ICS security, industrial networking, or building-automation security.
- Experience in airports, critical infrastructure, or large campus environments strongly preferred; greenfield construction-phase experience is a significant advantage.
Languages
- Vietnamese and English at working proficiency (required).
Certifications (Preferred)
- ISA/IEC 62443 Expert / Practitioner, SANS GICSP, GRID, CISSP, CISM, CWSP / CWNA (for wireless OT).
Technical Competencies
- Proficient in BACnet/IP (mandatory building-systems protocol on this project), OPC UA, and IP networking and firewalling in segmented OT environments; TLS/PKI fundamentals.
- Working knowledge of MQTT/Sparkplug B, Modbus TCP (legacy-exception handling), and industrial wireless security.
- Hands-on experience with at least one passive OT monitoring / asset-discovery platform (e.g., Forescout, Nozomi Networks, Claroty, Dragos, Armis).
- Experience with enterprise SIEM (Splunk preferred), EDR in mixed IT/OT estates, and firewall review at both rulebase and architecture level.
- Familiarity with PLC/controller ecosystems (Schneider, Siemens, Rockwell) and exposure to IEC 61499 / IEC 61131-3 concepts.
- Familiar with risk management, threat modeling, and incident response for OT systems.
Soft Skills
- Evidence-driven mindset: comfortable withholding acceptance until proof is provided, and able to state precisely what evidence would close a finding.
- Able to hold a security position under pressure from vendors or contractors, and to revise it when the evidence changes.
- Balances security rigour with operational uptime and a fixed opening date.
- Strong documentation habits: registers, decision records, and review comments that others can act on.
- Clear communication and stakeholder coordination across engineering, operations, and regulatory audiences.
Tại sao bạn sẽ yêu thích làm việc tại đây
Salary & Allowances
- 13-month salary with annual performance bonus, project incentives, sales incentives (based on position)
- Lunch allowance: 730.000 VND/month
- Special occasion bonus: 2.500.000VND/year
- Annual leaves: Up to 20 days/year (based on levels)
- Health: Social insurance, premium health insurance, yearly health check
- Laptop, screen and other needed facilities/ accounts/ tools for work
Career Growth
- Yearly salary review and promotion
- Diverse career path: Management or Expert and functions rotation opportunity
- Free learning sources in Udemy, Coursera, O'relly platforms; internal workshop, certification sponsorship, and exclusive mentoring from C-levels
- Recognition and awards at team and organizational levels.
Working Environment
- Open & collaborative working space foster both individual focus and teamwork activities
- Young, dynamic, and collaborative working atmosphere
- Unwind zones: gaming, table tennis, yoga, gyms, bath rooms, sleep corner.
- Quarterly/yearly teambuilding & engaged internal events.
ONE MOUNT | GROW TOGETHER