AMS PSR

On behalf of UKAEA (UK Atomic Energy Authority) we are looking for an OT Cyber Security Analyst (INSIDE IR35) for a 6 month contract based Hybrid in Abingdon, Oxfordshire.

The OT Cyber Security Analyst is responsible for the implementation, operation, and continuous improvement of OT security controls and monitoring capabilities across UKAEA environments. The role delivers hands-on security engineering and operational support, ensuring OT systems are protected in line with defined strategy, standards, and risk priorities. This includes implementing an OT Security Strategy, contributing to the development of policies and standards, and applying appropriate security controls across OT environments.

You will ensure both technical and governance compliance of OT security, ensuring alignment with industry frameworks (IEC 62443, NIST CSF, CAF, ISO 27001) and with enterprise cyber security objectives.

The role will combine hands-on implementation and the creation of governance artefacts. You will also engage with engineering teams and managed service providers (MSPs) to ensure that OT security controls are effectively implemented and sustained. Experience with SIEM/SOC integration is valuable and considered desirable.

As an OT Cyber Security Analyst, your main responsibilities will be:

• Implement and maintain OT security controls - Deploy practical security measures across industrial environments, including network segmentation (zones/conduits) and secure remote access, aligned to OT security standards.
• Integrate OT environments with monitoring platforms - Connect OT systems into SIEM/SOC tooling, ensuring effective logging, visibility, and coverage of industrial control environments.
• Develop and manage threat detection capabilities - Create, tune, and optimise detection rules for OT-specific threats, leveraging SIEM and other monitoring tools to identify risks early.
• Investigate and respond to OT security events - Perform alert triage, log analysis, and initial incident response, coordinating with SOC teams to contain and remediate threats.
• Support OT asset visibility and security assurance - Maintain asset inventories, conduct hands-on security assessments, and validate control effectiveness against recognised security frameworks.
• Identify vulnerabilities and support risk remediation - Assess OT environments for vulnerabilities and misconfigurations, working closely with engineering teams to prioritise and implement fixes.
• Collaborate with engineering and operational teams - Work directly with OT engineers and facility teams in industrial/process environments to ensure secure system design and minimise operational disruption.
• Drive continuous improvement and reporting - Track security maturity, control coverage, and detection capability, contributing to ongoing improvements in OT security strategy, standards, and tooling.

Essential:

• Demonstrable experience in maturing OT security within ICS or critical infrastructure environments.
• Proven ability to implement OT security strategies, policies, and standards.
• Strong knowledge of OT security frameworks and standards (IEC 62443, NIST CSF, CAF, ISO 27001).
• Experience conducting OT security risk assessments, gap analysis, and remediation planning.
• Knowledge of OT networks, segmentation, and common industrial protocols.
• Experience working with operations and engineering teams in OT environments.
• Ability to provide technical recommendations for MSPs or third-party security service providers.
• Strong communication and documentation skills, particularly in policy/standards creation.

SC Clearance is an essential requirement for this role, as a minimum you must be willing & eligible to undergo checks. Please note, due to the exceptional requirements of this position (short-term nature of this role and speed at which we require a postholder in situ) preference may be given to candidates who meet all of the essential criteria and hold active security clearance.

Desirable:

• Experience with OT security tools (e.g. Nozomi, Claroty, Dragos, Splunk, Sentinel) is beneficial.
• Familiarity with SIEM/SOC integration for OT environments.
• Experience with OT asset discovery, monitoring, and security tool deployment.
• Exposure to regulatory compliance in critical infrastructure (e.g., NIS Directive, UK CAF).
• Knowledge of project and service delivery lifecycles and ITSM controls.

Please be aware that this role can only be worked within the UK and not Overseas.

In applying for this role, you acknowledge the following "this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different".