Senior Consultant-OT Security

Your key responsibilities

• Monitor and analyze ICS/OT alerts generated by IDS tools (Nozomi, Claroty, D4IoT, etc.). Identify any unusual or suspicious activity, security breaches, or indicators of compromise.
• Triage and prioritize alerts based on severity and potential impact.
• Collaborate with other SOC analysts and incident response teams to address and mitigate security incidents, including the analysis of network traffic, logs, and system configurations to determine the root cause and scope of security incidents.
• Perform pcap analysis to investigate and validate OT alerts and experience in analysing OT protocol and OT device behaviours.
• Develop and maintain standard operating procedures (SOPs) for OT alert analysis and triage.
• Conduct regular security assessments and use cases validations to assure evolving threat coverage and remediation controls in OT systems.
• Conduct threat hunting activities to identify potential security threats within the OT environment.
• Provide expert guidance on ICS/OT security best practices and contribute to the continuous improvement of SOC processes.
• Document all security incidents comprehensively, providing detailed analysis and subsequent recommendations to prevent future occurrences.
• Design and maintain incident response plans and recovery procedures specific to OT incidents.
• Collaborate closely with IT security counterparts to ensure a cohesive security posture across both IT and OT domains.
• Stay updated with the latest trends and developments in ICS/OT security.
• Develop and deliver OT cybersecurity awareness training programs for operational staff.

Skills and attributes for success

• Strong knowledge of industrial control systems (ICS), SCADA systems, and other OT technologies.
• Good understanding of how OT and IT devices interact with each other and how OT devices work.
• Experience with SIEM tools and log management.
• Good to have knowledge of regulatory requirements and standards related to ICS/OT security (e.g., NERC CIP, IEC 62443) but not mandatory.
• Experience with network security solutions, including firewalls, intrusion detection systems (IDS) etc.
• Analytical skills to screen through data and logs to identify the patterns indicative of cyber threats or threat actor methods.
• Effective communication skills for interacting with technical and non-technical colleagues and stakeholders.
• Problem-solving attitude, with the ability to manage incidents under pressure (OT infra is generally noise, need to stay focussed and capable of handling large volume of alert and logs).
• Prevailing knowledge of OT-specific malware, Mitre ICS tactics & techniques, and procedures used by threat actors.
• Relevant certifications are desirable.