Cybersecurity Senior Technician wanted by SERCO – Dubai

Serco logo


Serco logo
Serco logo
Rail OT Cybersecurity Senior Technician – Success Profile
Reporting to: Rail OT Cyber security Team Leader
Division/Function: Transport / Dubai Metro
Base location: Engineering and Maintenance

The purpose of this Rail OT Cyber security Senior Technician position is to:
perform responsibilities for the Cyber Security and Rail Systems Team (CSRST) covering all of Engineering (ATC, Combs, AFC, MEPs, RSK, TRK & Cavils, Depot);
run an on-call system to be point of contact outside of the 24/7 running of the network;
Participate actively to the 5 main cyber security functions: Identify, Protect, Detect, Respond and Recover;
deliver its core objectives, but not limited to:
Cyber security Preventative and Corrective Maintenance of Rail OT machines;
System wide back up of Rail OT machines;

Upgrade of the virus definitions of Rail OT machines;
Log and report on the Cyber security posture and conditioning of Rail OT machines;
Responsible for working in a 24×7 Cyber security Operation Centre (CSOC) environment;
Investigate, document, and report on information security issues and emerging trends;
Provide Incident Response (IR) support when analysis confirms actionable cyber-incident;
Respond to previously undisclosed software and hardware vulnerabilities.

Structure and reporting relationship

This position as Rail OT Cyber security Senior Technicianwill:

report to Rail OT Cybersecurity Team Leader.

Based on the specific requirement of the role

Key accountabilities

Carry out all OT-related cybersecurity preventive maintenance (PM) and corrective maintenance (CM) activities and minor modifications on Rail OT Systems machines to include but limited to, servers, workstations, desktops and laptops. Some of these systems are installed along trackside, whilst others can be found in stations and still some others in depots;
Respond to Cyber Threats from the Cyber Security Operations Center (CSOC), NMOC or Maintenance Centre and control the impact;
Audit the Rail Systems to provide reports on IT/OT misuse under the guidance of Engineering department;
Competent in Cybersecurity threat Management;
Able to run full scenarios for system lock downs due to Cyber threat;
Audits of all Rail Systems and its use within Engineering;
Follow the relevant procedures and work instructions to ensure compliance with the required requirements;
Ensure the maintenance tools & equipment are in good condition;
Produce and maintain accurate maintenance records of Rail Systems machines, equipment performance, work accomplished and other information using a computerized maintenance management system;
Assist the Engineering Systems and/or other technical support staff to implement complex systems or new projects;
Drive work vehicles when responding to emergencies and when required on duty;
Perform shift and emergency duties when required;
Perform and carry out duties as instructed/ directed by theRail OT Cybersecurity Team Leader or/and theRail OT Cybersecurity Manager.

SAE Responsibilities and Information Security Responsibilities

Awareness of the Integrated Management System and the content of the Health, Safety, Quality & Environment and Information Security Policy Statements;
Understanding of personal responsibilities and contribution to achieving compliance with the Integrated Management System requirements, (including but not limited to competence to perform safety critical roles, legal requirements, control measures arisen from environmental impacts and aspects, job safety analysis and information security risk assessment) and the potential consequences of departure from the arrangements in place to deliver the commitments stated in the policies statements above;
To exercise a personal duty of care for their own health, safety and welfare and for those affected by their acts or omissions;
To use safety equipment (including PPE) as required and intended and observe that this is also enforced among subcontractors and third parties working in Serco’s controlled premises/systems
Promote a good HSQE and Information Security culture among their peers, subcontractors and third parties;
Look at ways to conserve energy, water and resources and minimize the generation of waste through personal performance and raise recommendations on how to improve existing processes on this regard within/outside their departments through their Line Manager, Departmental Safety Meetings and any other appropriate available channels;
Protect information assets and data including both electronic and paper based from all threats whether internal, external, deliberate or accidental;
Promote a good HSQE and Information Security culture among their peers, subcontractors and third parties.

Essential technical and professional skills , knowledge and qualifications


Vocational trade certificate or diploma in Information Technology discipline or equivalent;
Working knowledge in maintaining Rail OT Systems machines (servers, workstations, desktops and laptops) and installing third party software would be an advantage;
Good technical knowledge in Operational technology, Industrial controls systems and Cybersecurity;
Basic knowledge in database tables (SQL Server, Oracle or MySQL).


Must have good eyesight and normal color vision;
Ability to compile simple technical reports, routine business correspondence, prepare method statements and drawings as required;
Possess good communication skills and the ability to manage multiple tasks efficiently and work productively in a fast-paced, team-oriented environment;
Detail oriented, and the ability to handle multiple priorities;
Hold a valid UAE driving license with good driving skill and experience;
Keen interest in IT and OT and its related discipline;
Basic Cybersecurity incident handling skills.


Minimum 1-year work experience as a computer/systems/cybersecurity technician in Rail OT environment (ICS, SCADA and operations control systems);

Additional/special features of the role

Ensure compliance with the Serco Management System and all relevant business processes, procedures and work instructions to deliver all work with appropriate quality and governance standards;
Act as part of the Cybersecurity and Rail Systems Teamand conduct tasks during the various stages of project management, procurement and FAT/SAT testing as instructed;
Perform all procedures necessary to ensure the safety of information systems assets and to protect systems from intention or inadvertent access or destruction;
Review log files for security products;
Support the Cybersecurity Incident Response activities, support the coordination with other departments to record and report cyber-incidents;
Ensure safety, availability and integrity of all data provided including reporting performance, finance and customer information; reference Serco non-disclosure policy
Perform Cybersecurity Incident Response activities, coordinate with other departments to record and report incidents;
Conduct operating systems, application, and database vulnerability assessments (to include system configuration checks);
Assist in security awareness activities;
Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information;
Analyze audit security incident logs for individual or multiple networked devices for sensitive information, unauthorized processes and unauthorized network connections;
Perform security analysis and risk management assessments with guidance;
Maintains current knowledge of relevant technology as assigned;
Participate actively to the Serco Dubai Metro Computer emergency response team activities
Ensures achievement of operational and day to day goals and plans for days ahead;
Decisions impacting own specific area, although made within an existing framework; adapts own knowledge/experience to the situation;
Communicating with Control Centre Controllers;
Communicating with persons responsible for a Track Possession, Worksite or movements of rail vehicles within a Possession;
Establishing, supervising and removing a safe system of work to protect the safety of persons working on or near the track;
Must obtain qualification as Line-Person-In-Charge.