Dell OT Security Senior Advisor - Rotating shifts 

Romania, Bucharest 

197076773

Key Responsibilities

This role will function asOperational TechnologyIncident ResponseSenior Advisor. You will receive investigations and respond to activity within theenvironment detected bythe customeManaged Security Services.

In this position you will own the investigation of high incidents, performing root cause investigations, determining the source of the threat, the extent to which client assets have been compromised, making recommendations for remediation, and assisting in the implementation.

• Perform tuning on the alerts generated by OT Security controls

• Focus on safety and reliability of operations

• Act as a Subject Matter Expert (SME) for OT specific cyber-security incidents

• Support the detection, response, mitigation, and reporting of cyber threats affecting client OT networks

• Assist in improving OT security program processes, procedures, and training

• Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in OT cyber security space

• Analyze and report cyber threats as well as assist in deterring, identifying, monitoring,investigating,and analyzing computer network intrusions

• Participate in the design and implementation of proactive OT security controls as needed

• Incident response support including event discovery, alert notification, investigation, facilitation of containment, facilitation of resolution, and event reporting

• Utilize in-depth technical knowledge to design complex detection procedures for the detection of threat actor’s behavior

• Work as an internal subject matter expert for other departments, including internal teams

• Create and submit advanced recommendations (technical/process)

Requirements:

• Typically requires5+ years of related experience in a professional role with aBachelor’sdegree

• Minimum2yearssupporting PLC, RTU, DCS, SIS, MES, Historians,HMIor SCADA systems for different vendors

• Global Industrial Cybersecurity Professional (GICSP) or Global Response and Industrial Defense (GRID) certificationsare preferred

• Experience in leading and delivering end-to-end solutions, which could include strategy, design, development, testing and training, and implementation

• Experience around the SIEM processes, monitoring & collecting, escalation strategies, data source normalization, event reduction, threshold tuning, alert triggers, threat Intelligence, threat modeling, triage

• Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, intrusion detection systems, system logs)

• Fundamental understanding of IT and OT network communication protocols (TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, HART, Foundation Fieldbus, PROFINET, etc.)

• Deep understanding of the MITRE ICS Attack Framework

• Deep understanding of the Purdue Model

• Proficiency in conducting network traffic analysis and the detection of malicious code on the ICS environments

• Familiarity with one of the major OT specific vendor technologies

• Knowledge of tactics, techniques, and procedures associated with malicious activity

• Able to correlate and aggregate information from all available data sources, security tools, and threat trends to identify attacks against the client network

• Knowledge of forensic tools to identify anomalous and potentially malicious behavior

• Able to perform network traffic analysis and design use cases based on the findings

• Ability to work with senior business leaders to understand business objectives, identify risk factors

• Ability to research about targeted OT specific threat groups and their tactics,techniques,and procedures (TTP)

• Performing analysis of security and infrastructure logs

• Researching targeted threat groups and their tactics,techniques,and procedures (TTP)

• Programming with Python, C, C++, IA32/64 Assembly

• Experience developing tools for malicious code analysis, network traffic analysis and the detection of malicious code on endpoint systems is a strong plus

• Performing vulnerability and exploit research and analysis

• Thorough knowledge ofOTsecurity components, principles, practices, and procedures

• You will work on a 24/7 rotating shifts pattern (12/24, 12/48, between 7am-7pm and 7pm-7am)