EY GMS-Threat Responder-SecOps-OT Security-Senior 

India, Karnataka, Bengaluru 

593820777

The OT Security Analyst role encompasses proactive and reactive measures to secure OT environments, including detection, investigation and response to security incidents and recommending prevent controls, maintenance of system integrity across industrial control systems (ICS) and SCADA infrastructures. The job involves setting up necessary security and monitoring controls, forensic investigation process and workflows, and data protocols, demanding a thorough grasp of the unique cyber risks associated with OT systems. The analyst's core duties focus on the comprehensive protection of critical infrastructure systems and require strong technical skills, analytical thinking, and specialized knowledge of OT cybersecurity challenges.

We’re looking for Senior consultant with expertise in OT/IOT security solutions. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering.

• The role requires an analyst proficient in OT alert analysis/triage. Experience with OT monitoring solutions such as Nozomi, D4IoT, Claroty etc. Knowledge or experience in pcap analysis for identifying suspicious activities within network traffic, including OT protocols/processes, logon attempts and file transfers, ransomware or malware incidents etc. A comprehensive understanding of both OT and IT traffic.
• As for tool-specific skills, the candidate should possess strong knowledge of on how to correlate OT alerts with EDR and other tools. Knowledge of Microsoft products, such as MS Sentinel and MS Defender for IoT and proficiency in writing queries for log analysis and searches within SIEM tool is also necessary.

Your key responsibilities

• Monitor and analyze ICS/OT alerts generated by IDS tools (Nozomi, Claroty, D4IoT, etc.). Identify any unusual or suspicious activity, security breaches, or indicators of compromise.
• Triage and prioritize alerts based on severity and potential impact.
• Collaborate with other SOC analysts and incident response teams to address and mitigate security incidents, including the analysis of network traffic, logs, and system configurations to determine the root cause and scope of security incidents.
• Perform pcap analysis to investigate and validate OT alerts and experience in analysing OT protocol and OT device behaviours.
• Develop and maintain standard operating procedures (SOPs) for OT alert analysis and triage.
• Conduct regular security assessments and use cases validations to assure evolving threat coverage and remediation controls in OT systems.
• Conduct threat hunting activities to identify potential security threats within the OT environment.
• Provide expert guidance on ICS/OT security best practices and contribute to the continuous improvement of SOC processes.
• Document all security incidents comprehensively, providing detailed analysis and subsequent recommendations to prevent future occurrences.
• Design and maintain incident response plans and recovery procedures specific to OT incidents.
• Collaborate closely with IT security counterparts to ensure a cohesive security posture across both IT and OT domains.
• Stay updated with the latest trends and developments in ICS/OT security.
• Develop and deliver OT cybersecurity awareness training programs for operational staff.

Skills and attributes for success

• Strong knowledge of industrial control systems (ICS), SCADA systems, and other OT technologies.
• Good understanding of how OT and IT devices interact with each other and how OT devices work.
• Experience with SIEM tools and log management.
• Good to have knowledge of regulatory requirements and standards related to ICS/OT security (e.g., NERC CIP, IEC 62443) but not mandatory.
• Experience with network security solutions, including firewalls, intrusion detection systems (IDS) etc.
• Analytical skills to screen through data and logs to identify the patterns indicative of cyber threats or threat actor methods.
• Effective communication skills for interacting with technical and non-technical colleagues and stakeholders.
• Problem-solving attitude, with the ability to manage incidents under pressure (OT infra is generally noise, need to stay focussed and capable of handling large volume of alert and logs).
• Prevailing knowledge of OT-specific malware, Mitre ICS tactics & techniques, and procedures used by threat actors.
• Relevant certifications are desirable.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.