Skip to main content
Login Contact us Visit ineos.com

Network Security Engineer - OT

Company:

INEOS Olefins & Polymers USA

Interested in joining a winning team? A team whose employees are empowered to make a difference?

INEOS Olefins and Polymers USA

Job title

Network Security Engineer - OT

Location

Chocolate Bayou Works – Alvin, TX

Organizational context
and job purpose

Business Context:The O&P USA business includes the product lines Ethylene, Propylene, Butadiene, Polypropylene and High Density Polyethylene.  Manufacturing sites include Chocolate Bayou Works (Alvin, TX), Battleground Manufacturing Complex (LA Porte, TX), and Carson, (Carson, CA), with a division office in League City, TX. 

How the Role Fits In

This Network Security Engineer role is part of the Process Control and Optimization group, part of the Process Technology organization. The Network Security Engineer is responsible for design (configuration) and maintenance (upgrades and migrations) of cybersecurity-related software and hardware (such as Anti-virus, Whitelisting, Backup and Restore, Monitoring Tools, Firmware and Patches). This position interfaces with Operations, Maintenance Capital Projects, Process Safety, Reliability and Mechanical Integrity Groups to ensure appropriate alignment in the delivery and sustainability of PLC & OT device security.This role will be the owner of all assigned sites OT Fiber optic infrastructure. This position reports to the DCS/Process Control Engineering Team Leader for day-to-day work coordination and implementation. The role will have a dotted line reporting to the OT Cybersecurity Advisor & I/E EA to address specific cybersecurity projects / activities. Network Security Engineer will work closely with the Network Specialist on a day to day basis.

Responsibilities AND Accountabilities

Accountability 1:

  • Maintain the effectiveness, reliability and security of the Process Control Network, the Process Information Network, and the Pipeline Scada Network
  • Develop, implement, communicate, and maintain plans and procedures for achieving high integrity and reliability of the networks
    • Includes disaster recovery plan, security plan, system and data back-ups
    • Plans and procedures are carried out by process control staff as well as the network administrator
    • Plans must be coordinated with Operations and IT
    • Review, update, and communicate plans/procedures annually
  • Monitor system performance indicators for potential problems
  • Serve as the Owner of OT Fiber infrastructure.

Accountability 2:

  • Provide support to clients in process control, I&E,  engineering, operations, capital projects, laboratory, and IT
  • Use knowledge of plant objectives and work processes together with knowledge of programming practices, software, and hardware to identify solutions to new needs
  • Lead in the development, implementation, and testing of interfaces and databases required for new applications
  • Use knowledge of databases and system communications to resolve problems within advanced process control applications
  • Work with IT and engineers to provide new data communications needs while still maintaining highly secure environment on networks.
  • Proactively seek permanent solutions to recurring problems experienced by users
  • Serve as a Windows Active Directory Admin

Accountability 3:

  • Identify, develop, and implement projects to improve the effectiveness, reliability, or the operating costs of the OT Networks
  • Recommend, develop and implement improvements based on industry best practices, addressing both opportunities and threats.
  • Recommend and implement upgrades of server and network devices, including in-depth cost-benefit analyses relative in accordance with site performance objectives.
  • Identify and implement changes in work practices, system architecture, and procedures which will improve network performance, reliability, or security.
  • Regularly assess software and hardware support status of network devices; recommend and implement upgrades when maintainability falls below target level for a device.
  • Regularly asses process control network for cyber security threats and identify projects to reduce likelihood and consequences of cyber-attacks
  • Maintain process control network including firewall to optimal standards
  • Maintain server and network documentation.
  • Implement and ensure compliance with company capital stage gate process and capital long range planning

Accountability 4:

Provide support for the virtualized environment:

  • Work closely with the Systems Group to provide support , maintain Virtualization Infrastructure.
    • Accountable for all Virtual switch configurations and network interfaces to Virtual environment.
    • Accountable for reviewing security
  • Proactively monitor virtualized storage and network performance and implement improvements
  • Serve as technical contact for projects

Accountability 5:

Implement and develop cyber security strategies within the OT networks.

  • Align security strategies to industry standards and frameworks
  • Research current OT cyber security trends and implement proven technologies to mitigate risks.
  • Coordinate audits and communicate results to management
  • Develop procedures and practices to strengthen the cyber security posture within the process control environments.
  • Work in conjunction with OT Cybersecurity advisor & I&E EA to develop a robust plan for Cybersecurity following the company corporate requirements and Industry Standard practices.
  • Monitor the security of an organization’s network from threats originating from inside and outside the organization.
  • Collect, and analyze data to make decisions and recommendations regarding security standards and controls.
  • Conduct continuous analysis of security threat information (viruses, malicious code, industry events, hackers and zero day exploits, OEM weaknesses, IDS/IPS and SIEM alerting, etc.) in order to proactively assess and investigate emerging threats and potential impact to INEOS.
  • Implementing enterprise and Industrial Control systems security controls
  • Ensure operational effectiveness of enterprise network security solutions by development and monitoring of operational metrics and key performance indicators.
  • Liaise with system and network administrators to assist with implementation and problem resolution for enterprise network security solutions.
  • Support relationship with Managed Security Services Provider for network monitoring and incident response services.
  • Configure and install firewalls and intrusion detection systems.
  • Manage firewall and intrusion detection systems policies.
  • Assist in the investigation of intrusion incidents, forensic investigations, and incident response.
  • Collaborate with colleagues on authentication, authorization, and other network security solutions.
  • Evaluate new technologies and processes that enhance security capabilities.
  • Assist on changes in software, hardware, network, and telecommunications.
  • Implement and execute INEOS security standards and policies.
  • Addressing security throughout the lifecycle of the architecture design from procurement to installation to maintenance to decommissioning.

Education:

  • Bachelor’s degree + 5 years or Associates degrees in IT / Process Control
  • Preferred  10 years of operational supporting experience in enterprise / OT infrastructure preferably with CISCO switches.
  • Cisco certification (CCNA)
  • PaloAlto PCNSE / GIAC GICSP certifications preferred.
  • Familiarity with I&E networked systems such as electrical protective relays, RTUs, analyzers, PLC’s etc
  • Working knowledge of information security standards, frameworks, risk assessment and best practices from ISA99, IEC62443, NIST882.

Key skills and competencies are:

Technical skills

  • Understands highly complex technical aspects of role and performs works without supervision
  • Experience in and understanding of petrochemical manufacturing processes
  • Disciplines in Change Management familiar with consequences of downtime in an industrial environment
  • Experience in Honeywell PHD, Familiarity with Honeywell DCS environment is preferred
  • Working knowledge with communication protocols such as Modbus and OPC
  • Experience with eBGP, iBGP, static routing and OSPF Network Quality of Service Network based IPS and IDS systems
  • Experience in Network Analysis tools (Wireshark); Next Generation Firewalls (Palo Alto,)
  • SD-WAN Experience in evaluating and responding to security threats across a variety of environments Vulnerability Scanning (Qualys) Endpoint Security, detection, and response (CrowdStrike) SIEM (Exabeam) CASB (Netskope) Wireless (Cisco and Meraki) Radius (Windows NPS) Administration of Network and Systems Monitoring software
  • Working knowledge with Windows Active Directory, Windows Remote Desktop Gateway, WSUS, McAfee EPO, and Acronis Backup & Recovery
  • Familiarity with SQL databases
  • Working knowledge of firewalls, intrusion prevention, and network security
  • Working knowledge of server virtualization and storage technologies including but not limited to Vmware, Veeam, and Equallogics
  • Understands both Programmable Logic Controllers (PLC) / Distributed control Systems (DCS), Windows based PC's and server VM's and industrial network architectures and how to effectively support these technologies
  • Understanding of Cyber Security within process control environments, Familiar with Industrial Automation Cyber Security Standards and requirements (ISA 99, IEC62443, …)
  • Experience deploying CTD ( Continuous threat detection) like Claroty , Dragos , Tenable or Nozomi

Behavioural skills

  • Client Service Oriented, Skill in partnering with internal customers at all levels to define problems, identify solutions, and facilitate change
  • Impact and influence, able to persuade others to a particular course of action
  • Teamwork, shares accountability for team results and utilizes interpersonal skills to improve team performance
  • Analytical and conceptual thinking, able to understand both the details and the underlying systemic issues in order to plan and implement creative and effective solutions to business challenges
  • Innovative and information seeking, monitors internal and industry trends to identify new opportunities. Organizes work effectively and uses available resources
  • Anticipate problems and adjusts accordingly
  • Demonstrated ability to manage progress and deliver multiple and competing priorities.
  • Demonstrated problem solver, seen as a primary resource for improving performance
  • Ability to work easily across organizational boundaries
  • Actively seeks input from others.
  • Ability to work with colleagues and clients in different disciplines

This position will be required to respond and travel back to site for after hour request. This would infrequently occur as we try to resolve remotely if possible.

Our culture is one of honesty and integrity with an emphasis on safety, health and environmental performance.On our team, people are acknowledged for embracing new practices that help create real value for customers.