Job Summary :

The Cybersecurity Consultant – L2 is responsible for delivering advanced ICS/OT cybersecurity monitoring, analysis, and incident response services for critical industrial environments. The role involves hands-on operation and optimization of Nozomi Networks, Industrial Defender, and Microsoft Sentinel, supporting managed security services, threat detection, vulnerability management, and compliance monitoring across OT environments. The consultant acts as a key escalation point between L1 analysts and L3 specialists, ensuring secure and resilient plant operations.

Key Responsibilities:

1. ICS/OT Managed Security Monitoring

• Deliver 8x5 managed cybersecurity monitoring services for ICS/OT environments.

• Monitor, analyze, and triage security events and alerts using Nozomi Networks, Industrial Defender, and Microsoft Sentinel.

• Identify anomalous behavior, unauthorized changes, baseline deviations, and potential cyber threats.

• Validate alerts, reduce false positives, and perform alert tuning and suppression.

2. OT Security Platform Consulting & Operations

Nozomi Networks

• Monitor OT network traffic, asset discovery, vulnerabilities, and behavioral anomalies.

• Analyze ICS protocol traffic (Modbus, DNP3, Profinet, OPC-UA/DA, etc.).

• Identify dominant risks, unsafe commands, and abnormal process behavior.

Industrial Defender

• Manage OT asset inventory, configuration baselines, vulnerability data, and compliance reporting.

• Detect unauthorized configuration or firmware changes across ICS assets.

• Support compliance activities aligned with IEC 62443, NIST, and internal standards.

Microsoft Sentinel

• Integrate OT security logs and alerts into Sentinel.

• Develop and tune analytics rules, correlation logic, workbooks, and alert workflows.

• Correlate IT and OT security telemetry to enhance threat visibility.

3. Security Event Management & Use Case Development

• Design and implement custom detection use cases and event processing rules.

• Develop advanced correlation scenarios for:

• Plant process data

• Network sensors

• Endpoint and anti-malware telemetry

• Policy, compliance, and vulnerability monitoring

• IOC-based detections

• Fine-tune alerts, baselines, and thresholds to optimize detection accuracy.

4. Threat Intelligence & IOC Management

• Manage OT threat intelligence and IOC feeds using STIX, SNORT, and YARA formats.

• Ingest advisories from ICS-CERT, US-CERT, vendors, and threat intelligence sources.

• Identify known bad behavior, rogue devices, suspicious accounts, and malicious indicators.

5. Vulnerability, Risk & Compliance Consulting

• Identify and classify ICS/OT critical assets and their cyber risk exposure.

• Monitor vulnerabilities across PLCs, RTUs, HMIs, servers, and OT network devices.

• Identify non-compliant assets, insecure configurations, and process deviations.

• Support remediation and mitigation planning aligned with Work Permit (WP) and Management of Change (MOC) processes.

6. Asset, Log Source & Integration Management

• Onboard new OT assets using agentless (Nozomi) and agent-based (Industrial Defender) methods.

• Retire decommissioned assets from monitoring platforms.

• Onboard, normalize, and optimize OT and IT log sources in Microsoft Sentinel.

• Improve event parsing, detection logic, and rule libraries.

• Configure advanced monitoring features such as process, registry, and socket monitoring.

7. ICS/OT Protocol & Process Security

• Monitor and analyze industrial protocols:

• Modbus

• DNP3

• Profinet

• OPC-UA / OPC-DA

• Identify unsafe control commands, process manipulation risks, and industrial-specific attack patterns.

• Detect incompliant operational processes and unauthorized control activities.

8. Incident Response, Investigation & Threat Hunting

• Perform continuous security monitoring and risk assessment.

• Handle and analyze:

• Up to 10 ICS/OT cybersecurity incidents, including root cause analysis

• Up to 15 investigation requests from Information Security teams

• Conduct proactive threat hunting and report at least 5 significant ICS/OT risk findings.

• Collect forensic artifacts and support Tier 3 teams during complex investigations.

• Escalate incidents with clear risk, impact, and remediation recommendations.

9. Reporting, Documentation & Stakeholder Support

• Prepare operational, security, and compliance reports.

• Maintain documentation for:

• Compliance and audits

• Disaster Recovery (DR)

• SOPs and operational procedures

• Support customer and internal stakeholder requests related to OT cybersecurity posture.

Required Skills & Qualifications

Technical Skills

• Hands-on experience with Nozomi Networks, Industrial Defender, and Microsoft Sentinel

• Strong understanding of ICS/OT architecture, Purdue model, and industrial environments

• Experience in SIEM correlation, alert tuning, and use case development

• Knowledge of ICS protocols, OT threat vectors, and vulnerability management

• Incident response and forensic analysis experience in OT environments

Soft Skills

• Consulting mindset with strong analytical and problem-solving abilities

• Ability to communicate complex OT security risks to technical and non-technical stakeholders

• Comfortable working in 24x7 operational environments

Experience

• 10–12 years in cybersecurity

• 5+ years in ICS/OT cybersecurity or industrial environments

Preferred Certifications

• GICSP

• IEC 62443 (Foundation / Practitioner)

• GCIA / GRID

• CISSP / CISM

• Microsoft Sentinel / SC-200