SOC OT ANALYST

Responsible for monitoring, analysing, and responding to OT security alerts triggered by QatarEnergy Cyber Defence Platforms and Threat intelligence feeds. Primary responsibilities detect anomaly and potential security threats within the OT environment. Filtering false positive alerts, determine if a critical OT system or data set has been impacted; provides technical analysis; provides recommendations on contamination and remediation; and escalates incidents to OT SMEs when deep technical analyses required. Will use variety of OT/IT tools to analyse and investigate incidents and take immediate action or recommend a course of action to safeguard QatarEnergy OT environments.

Bachelor’s degree in information security, computer science, or systems engineering.

5+ years of experience working in a large-scale OT environment with focus on Information Security, and knowledge of Operational Technology.
• 1-3 years previous Security Operations Centre Experience in conducting IT/OT security monitoring or investigations.
• Demonstrated ability to analyze, triage and remediate security incidents and strong understanding of security incident management, malware management processes.
• Good knowledge of OT including multiple operating systems and system administration skills (Windows, Unix, SCADA)
• Good knowledge SIEM, SOAR, FW, Sandboxing, VPNs, and enterprise level cyber security products.
• Understanding on the latest current IT/OT cyber security intrusions, attacks, hacking techniques, vulnerability disclosures, data breach incidents and security analysis techniques is a big plus.
• Good understanding on cloud, client-server applications, multi-tier web applications, relational databases.
• Good awareness of IT/OT Support processes, such as COBIT, ITIL.
• Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols and OT segmentations. 
• Knowledge on IT/OT security best practices and concepts Vulnerability Assessment & Penetration Testing.
• Possession of Industry Certifications (GCIA, SANS, ICS2, EC-Council, other relevant cyber security technical certifications).
• Good understanding of Windows logs, Linux logs, SCADA logs and Firewall logs.