Apply now »

DRSC Risk Advisory - Senior OT Security Consultant

Date:  25 Apr 2024
Service Line / Portfolios: 

Kuala Lumpur, MY

What impact will you make?

At Deloitte, we offer a unique and exceptional career experience to inspire and empower talents like you to make an impact that matters for our clients, people and community. Whatever your aspirations, Deloitte offers you a highly inclusive, collaborative workplace and unrivalled opportunities to realize your full potential. We are always looking for people with the relentless energy to push themselves further, and to find new avenues and unique ways to reach our shared goals.

So what are you waiting for? Join the winning team now.

Work you’ll do


  • Provide advisory and risk assessment services to external clients.
  • Perform network vulnerability assessment, penetration testing, red teaming, threat modeling, security architecture and design review, configuration and compliance review.
  • Designing and implementing security solutions for industrial control Systems (ICS) in critical infrastructure, manufacturing sectors, power and utilities, oil & gas, chemical, and/or consumer products manufacturing.
  • Apply relevant standards such as NIST 800-82, IEC 62443, ISO 27001, OWASP Top 10.
  • Apply and utilise security tools and solutions to conduct risk assessment and understanding of the threat landscape on OT systems.

Your role as a leader

At Deloitte, we believe in the importance of empowering our people to be leaders at all levels. We expect our people to embrace and live our purpose and shared values, challenging themselves everyday to identify issues that are most important to our clients, our people and the communities, and to make an impact that matters. In addition to living our purpose, Associates / Analysts / Consultants across our Firm are expected to:


  • Understand the expectations set and demonstrates personal accountability for keeping own performance on track.
  • Understand how our daily work contributes to the priorities of the team and the business.
  • Demonstrate strong commitment to personal learning and development.
  • Actively focus on developing effective communication and relationship-building skills, with stakeholders, clients and team.
  • Work effectively in diverse teams within a highly inclusive team culture where everyone is supported, respected and recognized for their contribution.



  • Degree in Computer Science, Engineering, Information Systems or equivalent.
  • Minimum of 3-5 years work experience in IT/OT Security.
  • Possess an understanding of ICS/OT fundamentals.
  • Understanding OT related systems such as programmable logic controller (PLC), distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems.
  • Understanding of Network and communication protocols common in ICS environments.
  • Understanding of ICS design considerations with emphasis on human and environmental safety, and the availability/reliability and security of the operational environment.
  • Understanding of policies, procedures and standards governing the security operations for ICS systems and networks.
  • Knowledge of various threat modeling frameworks such as MITRE ATT&CK, Lockheed Martin Cyber Kill Chain, STRIDE Threat Modeling
  • In-depth knowledge of CSA’s CCOP and SBD Framework
  • Demonstrates knowledge and/or proven record of success in security technologies such as firewalls, IDS/IPS, endpoint security solutions, access control systems, and other related security technologies within an ICS environment:
  • In-depth understanding of operating systems, network/system architecture, and architecture design aligned to engineering design methodologies.
  • Ability to learn new tools and techniques to automate manual effort and leverage digital solutions where possible.
  • Understanding of threats, vulnerabilities, and exploits in OT/ICS environments and appropriate mitigation techniques.
  • Good to have at least 1 of the following professional certifications
    • GICSP (Global Industrial Cyber Security Professional
    • Certified in Risk and Information Systems Control (CRISC)
    • OSCP (Offensive Security Certified Professional)
    • CRT (CREST Registered Pentester)
    • CISM (Certified Information Security Manager)
    • CISSP (Certified Information Systems Security Professional)
    • ISO27001 Lead Auditor/Implementer Certificate
    • CISA (Certified Information Security Auditor)
  • Excellent presentation, written and verbal communication skills; ability to clearly communicate and excellent consulting skills.
  • Fluent language skills in English is a must.
  • Ability to interact with high profile clients.


Due to volume of applications, we regret that only shortlisted candidates will be notified.

Please note that Deloitte will never reach out to you directly via messaging platforms to offer you employment opportunities or request for money or your personal information. Kindly apply for roles that you are interested in via this official Deloitte website.


Requisition ID:  100141

In Malaysia, the services are provided by Deloitte and other related entities in Malaysia ("Deloitte in Malaysia"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Malaysia, which is within the Deloitte Network, is the entity that is providing this Website.

Apply now »