We are seeking a highly skilled and experienced OT CSIRT Consultant to enhance a Cyber Security Incident Response Team (CSIRT) capabilities in managing and responding to security events generated by Operational Technology (OT). The ideal candidate will have a strong background in OT security, incident management, and SOC/CSIRT environments, with hands-on experience in handling and responding to cyber security incidents. This role requires a deep understanding of OT systems, integration of OT security alerts into existing cyber security frameworks, and the ability to provide expert-level guidance in managing OT-related threats.

Key Responsibilities

• Incident Response for OT Environments:

  • Lead the investigation and response to cyber security incidents affecting Operational Technology (OT) systems.
  • Analyse OT-specific security alerts, including those generated by SCADA, ICS, and other industrial systems, and determine their impact.
  • Collaborate with SOC and CSIRT teams to develop and execute response plans tailored to OT environments.

• OT Alert Integration and Monitoring:

  • Design and implement processes for incorporating OT security events into existing SOC and CSIRT workflows.
  • Ensure OT-specific alerts are properly tuned, monitored, and triaged within SIEM and other security monitoring tools.
  • Work with SOC analysts to train and guide them on understanding and responding to OT-related threats.

• Threat Analysis and Vulnerability Management:

  • Conduct root cause analysis of OT security incidents and recommend measures to prevent recurrence.
  • Stay updated on OT-specific threats, vulnerabilities, and attack techniques to enhance incident detection and response.
  • Work with operational teams to identify and mitigate vulnerabilities in OT environments.

• Process Development and Documentation:

  • Develop playbooks, runbooks, and procedures for responding to OT security incidents.
  • Create comprehensive incident reports for OT-related events, detailing findings, actions taken, and recommendations for improvement.
  • Assist in aligning OT incident response processes with industry frameworks such as NIST CSF, IEC 62443, or ISO 27001.

• Collaboration and Stakeholder Management:

  • Act as a liaison between IT, OT, and security teams to ensure seamless communication during incident response efforts.
  • Provide expert advice to operational and executive teams on OT security risks and mitigation strategies.
  • Coordinate with third-party vendors and government agencies, where necessary, during significant OT-related incidents.

• Training and Knowledge Sharing:

  • Mentor and train SOC/CSIRT teams on OT security concepts and incident handling.
  • Conduct tabletop exercises and simulations to test and refine OT incident response capabilities.

Qualifications and Experience

• Education:

  • Bachelor's degree in Cybersecurity, Information Technology, Engineering, or a related field.
  • Relevant certifications such as GICSP, GCIP, CISSP, or CISM preferred.

• Experience:

  • Minimum [X years, eg, 5+] of experience in cyber security incident management, including direct involvement in SOC/CSIRT environments.
  • Hands-on experience managing OT security incidents and integrating OT alerts into cyber security frameworks.
  • In-depth knowledge of Operational Technology systems, including SCADA, DCS, PLCs, and ICS environments.

• Skills and Knowledge:

  • Strong understanding of OT protocols (eg, Modbus, OPC, BACnet) and their security implications.
  • Familiarity with SIEM platforms, EDR tools, and OT security solutions such as Nozomi Networks, Claroty, or Dragos.
  • Advanced incident response skills, including malware analysis, forensics, and threat hunting.
  • Knowledge of regulatory and compliance standards relevant to OT environments, such as NERC CIP and IEC 62443.

Personal Attributes

• Strong problem-solving skills and ability to work under pressure during critical incidents.
• Excellent communication and interpersonal skills to collaborate with cross-functional teams.
• Detail-oriented and analytical, with the ability to distill complex security issues into actionable recommendations.
• Adaptable and willing to stay ahead of emerging OT threats and trends.

*OUTSIDE IR35*