Senior Security Engineer, IoT and OT Security - Delta Air Lines Inc.
Atlanta, GA
About the Job
How you'll help us Keep Climbing (overview & key responsibilities)
Are you ready to work on a team of innovative professionals responsible for protecting one of the world’s largest global air lines? As a Sr. Cyber Security Engineer at Delta Air Lines, you’ll be collaborating with teams across Delta to identify and assess vulnerabilities, reduce risk, and detect threats on IoT/OT and IT assets. You’ll have the opportunity to contribute to a growing team, build high visibility and cutting-edge cybersecurity programs, drive IoT/OT security strategy, and cultivate Delta’s IoT/OT/ICS security culture.
As a Sr. Cyber Security Engineer, you will work and collaborate with teams across Delta’s entire organization to provide guidance on asset, vulnerability, and risk management related to IoT/OT devices. These groups include, but are not limited to: Network Engineering, IT, Information Security, IoT/OT system owner, and vendor/third-party teams, as well as Delta’s additional business units. You will be responsible for owning, optimizing, and reporting on IoT/OT security and vulnerability scanning and consolidation solutions to help advance Delta’s overall security mission. The Cyber Assurance team seeks a self-motivated individual who thrives in a fast-paced environment and proactively improves existing processes, identifies and builds new security capabilities, and wants to ensure that IoT/OT/ICS assets are protected with the same rigor and fabric of controls as Delta’s IT assets. This position requires knowledge of IoT/OT/ICS security controls and program components, including Security Strategy, Security Operations, Network Security, Security Governance and Policy, Security Training and Awareness, General Controls Compliance and Audit Management, and Risk Management for IoT/OT/ICS. A high-level or working knowledge of IoT/OT/ICS systems, operational and engineering priorities, and networking principles is necessary.
Your Responsibilities in this Role:
- Lead and mature Delta’s IoT (Internet of Things)/OT (Operational Technology) program, including strategy, governance, implementation, operations and continuous alignment with compliance and regulatory requirements.
- Engage with system owners, business teams, and IT stakeholders in strategic discussions to provide best in class IoT/OT security strategy and industry guidance to maximize long-term business objectives.
- Ensure ongoing asset management, risk management, and vulnerability management of Delta’s IoT/OT assets, while working with business and system owners to reduce risk identified on IT/IoT/OT assets and implement proactive security measures.
- Coordinate with Vulnerability Management team to create analysis of scheduled and on-demand vulnerability assessments, exploit techniques, mitigation strategies, and asset and vulnerability information to identify risks that were not discovered via automated scanning.
- Troubleshoot technical issues that may occur during automated network scanning, agent scans, and/or logging and provide guidance to other team members on IoT/OT security and VM area and industry leading practices.
- Curate and support a Delta-wide culture of IoT/OT Security by driving greater visibility, awareness, and opportunities for training across Delta, tailored to different audience types, and ensuring leadership is aware of imminent IoT/OT risk or threat vectors.
- Configure and maintain IoT/OT solutions to ensure data visibility and accuracy and identify opportunities to operationalize IT/OT security management.
Benefits and Perks to Help You Keep Climbing
Our culture is rooted in a shared dedication to living our values – Care, Integrity, Resilience and Servant Leadership – every day, in everything we do. At Delta, our people are our success. At the heart of what we offer is our focus on Sharing Success with Delta employees. Exploring a career at Delta gives you a chance to see the world while earning great compensation and benefits to help you keep climbing along the way:
- Competitive salary, industry-leading profit sharing program, and performance incentives
- 401(k) with generous company contributions up to 9%
- New hires are eligible for up to 2-weeks of vacation. This is earned for use in the following vacation year (April 1 – March 31)
- In addition to vacation, new hires are eligible for up to 56 hours of paid personal time within a 12-month period
-
- 10 paid holidays per calendar year
- Birthing parents are eligible for 12-weeks of paid maternity/parental leave
- Non-birthing parents are eligible for 2-weeks of paid parental leave
- Comprehensive health benefits including medical, dental, vision, short/long term disability and life insurance benefits
- Family care assistance through fertility support, surrogacy and adoption assistance, lactation support, subsidized back-up care, and programs that help with loved ones in all stages
- Holistic Wellbeing programs to support physical, emotional, social, and financial health, including access to an employee assistance program offering support for you and anyone in your household, free financial coaching, and extensive resources supporting mental health
- Domestic and International space-available flight privileges for employees and eligible family members
- Career development programs to achieve your long-term career goals
- World-wide partnerships to engage in community service and innovative goals created to focus on sustainability and reducing our carbon footprint
- Business Resource Groups created to connect employees with common interests to promote inclusion, provide perspective and help implement strategies
- Recognition rewards and awards through the platform Unstoppable Together
- Access to over 500 discounts, specialty savings and voluntary benefits through Deltaperks such as car and hotel rentals and auto, home, and pet insurance, legal services, and childcare
What you need to succeed (minimum qualifications)
- 3+ years of cyber security experience working in IoT/OT technology, Vulnerability Management, Industrial Control Systems (ICS) security, management, and/or engineering, Network Security or Engineering.
- Experience with automated vulnerability management (including scanning and consolidation) and IoT and/or OT (Operational Technology) tools (including network monitoring, asset management, and secure remote access).
- Work experience and/or bachelor’s degree in Information Security, Information Technology, Computer Science, Management in Information Systems (MIS), or Networking Administration/Network Security.
- Working knowledge or experience with OT/ICS engineering including
- Ability to clearly communicate and present to various levels of the organization, concisely report upon top risks to IoT/OT security, and provide thorough analysis on security or networking topics.
- Possesses strong organizational and analytical skills with attention to detail and the ability to think strategically and drive long-term strategic planning, effective resource allocation, and continuous improvement.
- Demonstrates ability to be independent and self-motivated, while able to pivot quickly to emerging priorities, and navigate through ambiguous situations.
- Consistently prioritizes safety and security of self, others, and personal data.
- Embraces diverse people, thinking, and styles.
- Possesses a high school diploma, GED, or high school equivalency.
- Is at least 18 years of age and has authorization to work in the United States.
What will give you a competitive edge (preferred qualifications)
- Demonstrated proficiency with OT systems, along with hands-on experience in system maintenance, including installing cybersecurity and secure networking solutions, ensuring system reliability and uptime, troubleshooting for OT systems, and executing routine maintenance tasks, updates, and patching.
- Understanding of Distributed control systems (DCS) and supervisory control & data acquisition (SCADA) architecture, network and communication protocols common in ICS environments, ICS design considerations with emphasis on human safety and the availability/security of operating environment.
- Experience coordinating with Threat Intelligence teams, Penetration Testing teams, and/or reviewing public and private vulnerability notifications/disclosures, consuming research findings and prioritizing remediation efforts.
- Experience with the implementation of cyber solutions/tools, network deployments of technology, operation/management of operational, cyber physical, or industrial control systems, and/or network segmentation.
- Experience working in and integrating vulnerability and IoT/OT solutions with other systems, such as CMDB, SIEM, Archer, and PowerBI and operational and security tooling.
- Strong technical writing skills, scripting experience with Bash, PowerShell, or Python, and comfortable with Excel, and data analytics.
- Demonstrated history of creative and adaptive work ethic, with a strong customer-oriented attitude.
- Working knowledge of cloud environments such as AWS, GCP, and Azure and business requirements and priorities attributed to cloud migration journeys.
Source : Delta Air Lines Inc.
