Profinet / ProFibus
https://www.profibus.com/technology/profinet/#tab2-208895
Shell ICS
https://arcadvisorygroup.sharepoint.com/sites/extranets/client-portal/arc-forums/Orla
ndo2018/Shell’s%20ICS%20Security%20Strategy.pdf?slrid=56cfb99e-c09a-7000-c7
6c-a9485dcf0bf5
Google - secureplant profinet
fieldbus
https://docplayer.net/21447674-Profibus-profinet-system-design.html
https://www.cisco.com/c/en/us/td/docs/solutions/Verticals/CPwE/5-1/Network_Securi
ty/WP/CPwE-5-1-NetworkSecurity-WP/CPwE-5-1-NetworkSecurity-WP.pdf
You may recall I was in touch with you back in October/November last year
in regard to some potential IT Technician roles focussed around cyber
security of offshore equipment. I sent through your CV for review and had a
meeting with the Hiring Managers at the end of last year.
It now looks like the roles will be going ahead and these are likely to be a 3
year contract, commencing January 2019.
Can you advise me if this still might potentially be of interest?
Based primarily onshore at the Shell offices in Tullos, there will be a
requirement to travel offshore approximately 2-3 weeks a year. The job
description I have is as follows:
The successful candidate will be responsible for executing run and maintain cyber security
activities on ICS systems such as the security hardening, security patching, anti-virus
maintenance, backup/restore, access control reviews, asset inventory maintenance, and
server/desktop break/fix/configuration activities. Additionally, network support of the ICS
network firewalls, switches, routers, and cell modems is also required to configure new
network communication, fix broken communication, and review current device
configurations for cyber security risk. The CS-IT will also be called upon to assist with
project and discretionary work to design, build, and implement the IT solution for new
systems and deployments which may include network design, network equipment
configuration, system design, server building, and risk assessments.
The primary
working location is the Aberdeen office where work is executed remotely, however regular
on and offshore site travel is required.
Windows Server administration and networking
skills are required. GICSP and/or CCNA Industrial certifications are preferred along with
control & automation experience.
Hardening - closing ports (netstat, see what’s open etc). Closing services.
Removing unnecessary software (sccm to meter usage - Java / flash).
AV maintain - dat files. Into a DMZ the pushed to environment?
Backups - Veeam or similar?
Daily job. domain monitoring.
Reviewing reports from Threat Intel.
Reviewing alerts from Anomaly detection system and currently design
deployment into OT environment inc. switch reconfig for SPANs and
management console.
About to do a AV refresh looking at AEP options.
Working with SOC to investigate breaches of Use Cases using Splunk to
determine if threat or not.
Reviewing IPS / IDS rules (Fortigate) to maximise coverage.
Vulnerability management - designed process and rolling it out. Primarily
automated.
Managing Pentest vendors... talk about rubbish so far and intent.
planning Cyber response playbooks and simulations.
SecurePlant (Cisco and Yokogawa) with SecureSite used to control remote
access.
See my future in a hybrid engineering / CyberSec role - this is a great fit for
me.
Look forward to hearing from you
Kind Regards
Alan