Responsible for monitoring cyber security solutions in support of detection and analysis of potentially compromised systems, performing root cause analysis, and supporting remediation efforts.
Has a good technical knowledge of IT and OT cyber security and an interest in becoming an expert in OT security.
Possess hands-on experience with SIEM solutions, and creating detectors; experience performing, and managing, threat hunting and Incident Response activities, and maintain an awareness of latest threats within industry.
Responsible for researching the potential impact of threats to the customer organizations and communicating the risks.
Closely cooperate with operational staff on a customer site(s).
Required Skills :
Total Experience : 5 (or more) years in cyber security operations and a minimum of 2-years in an Operational Technology environment
Experience with operational technologies such as Programmable Logic Controllers (PLCs),
Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS)
Understanding of IT and OT network communication protocols (including TCP / IP, UDP, DNP3, Modbus, OPC) and ability to perform packet analysis
Experience with building IT / OT Security capabilities inside SOC
Experience working in security operations environments, and experience with key SOC technologies such as SIEM and log aggregation (E.
g., ArcSight, Splunk ES, IBM QRadar etc.)
Understanding of threats, vulnerabilities, and exploits in ICS environments and appropriate mitigation techniques
In depth understanding of operating systems, network / system architecture, and IT architecture design
Experience with OT Cyber Security Solution (E.g., Dragos, Claroty, Nozomi, Indegy, etc.)
Excellent written and oral communication skills
Experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources
Experience with security technologies such as firewall logs, IDS / IPS, endpoint security solutions, proxies, and other related security technologies
Security Operations Center OT Security Analyst Role Profile
Educational Qualifications :
Additionally, one or more relevant industry certification.
Familiarity and experience working within the region
Experience working as part of a MSSP or MDR provider
Experience working with continuous operations (24 / 7)
Familiarity and experience with multiple SIEM and EDR solutions
One or more of the following certifications GICSP, GRID, GCIP
Roles and Responsibilities :
Act as Subject Matter Expert (SME) on OT cyber security related issues providing advice and support to Clients and the business as necessary
Provide On-Call support to identify and manage cyber security incidents
Assists in the development and knowledge transfer to team members
Serves as the escalation point for security issues related to OT Cyber Security.
Recommend necessary corrective and preventive actions to reduce risk
Participate in OT security incident response through all phases
Conduct hunt for Indicators of Compromise (IOC) and APT (Advanced persistent Threat) Tactics, Techniques, and Procedures (TTP)
Analyze threat intelligence and communicate findings to relevant groups
Provide clear and repeatable hunt tactics and techniques to Monitoring and Detection teams
Revise, enhance and develop processes and procedures to strengthen the current Security Operations Framework
Supports operational excellence through identifying opportunities for continuous improvement and automation
Perform threat management, threat modeling, identify threat vectors and develop use cases for security monitoring
Responsible for integration of standard and non-standard logs into SIEM solution(s)
Conduct Post-Incident Reviews and create ad-hoc reports, dashboards, metrics to measure SOC operations effectiveness and presentation to Senior Management and Client stakeholders as necessary
Co-ordinate with stakeholders to build and maintain positive working relationships