Operational Technology CSIRT SME
We are seeking a highly skilled and experienced OT CSIRT Consultant to enhance a Cyber Security Incident Response Team (CSIRT) capabilities in managing and responding to security events generated by Operational Technology (OT). The ideal candidate will have a strong background in OT security, incident management, and SOC/CSIRT environments, with hands-on experience in handling and responding to cyber security incidents. This role requires a deep understanding of OT systems, integration of OT security alerts into existing cyber security frameworks, and the ability to provide expert-level guidance in managing OT-related threats.
Key Responsibilities
-
Incident Response for OT Environments:
- Lead the investigation and response to cyber security incidents affecting Operational Technology (OT) systems.
- Analyse OT-specific security alerts, including those generated by SCADA, ICS, and other industrial systems, and determine their impact.
- Collaborate with SOC and CSIRT teams to develop and execute response plans tailored to OT environments.
-
OT Alert Integration and Monitoring:
- Design and implement processes for incorporating OT security events into existing SOC and CSIRT workflows.
- Ensure OT-specific alerts are properly tuned, monitored, and triaged within SIEM and other security monitoring tools.
- Work with SOC analysts to train and guide them on understanding and responding to OT-related threats.
-
Threat Analysis and Vulnerability Management:
- Conduct root cause analysis of OT security incidents and recommend measures to prevent recurrence.
- Stay updated on OT-specific threats, vulnerabilities, and attack techniques to enhance incident detection and response.
- Work with operational teams to identify and mitigate vulnerabilities in OT environments.
-
Process Development and Documentation:
- Develop playbooks, runbooks, and procedures for responding to OT security incidents.
- Create comprehensive incident reports for OT-related events, detailing findings, actions taken, and recommendations for improvement.
- Assist in aligning OT incident response processes with industry frameworks such as NIST CSF, IEC 62443, or ISO 27001.
-
Collaboration and Stakeholder Management:
- Act as a liaison between IT, OT, and security teams to ensure seamless communication during incident response efforts.
- Provide expert advice to operational and executive teams on OT security risks and mitigation strategies.
- Coordinate with third-party vendors and government agencies, where necessary, during significant OT-related incidents.
-
Training and Knowledge Sharing:
- Mentor and train SOC/CSIRT teams on OT security concepts and incident handling.
- Conduct tabletop exercises and simulations to test and refine OT incident response capabilities.
Qualifications and Experience
-
Education:
- Bachelor's degree in Cybersecurity, Information Technology, Engineering, or a related field.
- Relevant certifications such as GICSP, GCIP, CISSP, or CISM preferred.
-
Experience:
- Minimum [X years, eg, 5+] of experience in cyber security incident management, including direct involvement in SOC/CSIRT environments.
- Hands-on experience managing OT security incidents and integrating OT alerts into cyber security frameworks.
- In-depth knowledge of Operational Technology systems, including SCADA, DCS, PLCs, and ICS environments.
-
Skills and Knowledge:
- Strong understanding of OT protocols (eg, Modbus, OPC, BACnet) and their security implications.
- Familiarity with SIEM platforms, EDR tools, and OT security solutions such as Nozomi Networks, Claroty, or Dragos.
- Advanced incident response skills, including malware analysis, forensics, and threat hunting.
- Knowledge of regulatory and compliance standards relevant to OT environments, such as NERC CIP and IEC 62443.
Personal Attributes
- Strong problem-solving skills and ability to work under pressure during critical incidents.
- Excellent communication and interpersonal skills to collaborate with cross-functional teams.
- Detail-oriented and analytical, with the ability to distill complex security issues into actionable recommendations.
- Adaptable and willing to stay ahead of emerging OT threats and trends.
*OUTSIDE IR35*
Reference: 2876718261
Operational Technology CSIRT SME
Posted on Jan 7, 2025 by Talent Smart Limited
We are seeking a highly skilled and experienced OT CSIRT Consultant to enhance a Cyber Security Incident Response Team (CSIRT) capabilities in managing and responding to security events generated by Operational Technology (OT). The ideal candidate will have a strong background in OT security, incident management, and SOC/CSIRT environments, with hands-on experience in handling and responding to cyber security incidents. This role requires a deep understanding of OT systems, integration of OT security alerts into existing cyber security frameworks, and the ability to provide expert-level guidance in managing OT-related threats.
Key Responsibilities
-
Incident Response for OT Environments:
- Lead the investigation and response to cyber security incidents affecting Operational Technology (OT) systems.
- Analyse OT-specific security alerts, including those generated by SCADA, ICS, and other industrial systems, and determine their impact.
- Collaborate with SOC and CSIRT teams to develop and execute response plans tailored to OT environments.
-
OT Alert Integration and Monitoring:
- Design and implement processes for incorporating OT security events into existing SOC and CSIRT workflows.
- Ensure OT-specific alerts are properly tuned, monitored, and triaged within SIEM and other security monitoring tools.
- Work with SOC analysts to train and guide them on understanding and responding to OT-related threats.
-
Threat Analysis and Vulnerability Management:
- Conduct root cause analysis of OT security incidents and recommend measures to prevent recurrence.
- Stay updated on OT-specific threats, vulnerabilities, and attack techniques to enhance incident detection and response.
- Work with operational teams to identify and mitigate vulnerabilities in OT environments.
-
Process Development and Documentation:
- Develop playbooks, runbooks, and procedures for responding to OT security incidents.
- Create comprehensive incident reports for OT-related events, detailing findings, actions taken, and recommendations for improvement.
- Assist in aligning OT incident response processes with industry frameworks such as NIST CSF, IEC 62443, or ISO 27001.
-
Collaboration and Stakeholder Management:
- Act as a liaison between IT, OT, and security teams to ensure seamless communication during incident response efforts.
- Provide expert advice to operational and executive teams on OT security risks and mitigation strategies.
- Coordinate with third-party vendors and government agencies, where necessary, during significant OT-related incidents.
-
Training and Knowledge Sharing:
- Mentor and train SOC/CSIRT teams on OT security concepts and incident handling.
- Conduct tabletop exercises and simulations to test and refine OT incident response capabilities.
Qualifications and Experience
-
Education:
- Bachelor's degree in Cybersecurity, Information Technology, Engineering, or a related field.
- Relevant certifications such as GICSP, GCIP, CISSP, or CISM preferred.
-
Experience:
- Minimum [X years, eg, 5+] of experience in cyber security incident management, including direct involvement in SOC/CSIRT environments.
- Hands-on experience managing OT security incidents and integrating OT alerts into cyber security frameworks.
- In-depth knowledge of Operational Technology systems, including SCADA, DCS, PLCs, and ICS environments.
-
Skills and Knowledge:
- Strong understanding of OT protocols (eg, Modbus, OPC, BACnet) and their security implications.
- Familiarity with SIEM platforms, EDR tools, and OT security solutions such as Nozomi Networks, Claroty, or Dragos.
- Advanced incident response skills, including malware analysis, forensics, and threat hunting.
- Knowledge of regulatory and compliance standards relevant to OT environments, such as NERC CIP and IEC 62443.
Personal Attributes
- Strong problem-solving skills and ability to work under pressure during critical incidents.
- Excellent communication and interpersonal skills to collaborate with cross-functional teams.
- Detail-oriented and analytical, with the ability to distill complex security issues into actionable recommendations.
- Adaptable and willing to stay ahead of emerging OT threats and trends.
*OUTSIDE IR35*
Reference: 2876718261
Alert me to jobs like this:
Amplify your job search:
Expert career advice
Increase interview chances with our downloads and specialist services.
Visit Blog