OT SOC Detection and Incident Response - L2

Title: OT SOC Detection and Incident Response - Level 2

Location: Riyadh, Saudi Arabia

About Accenture

Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Song, Technology and Operations services — all powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. Our 738,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities. Visit us at www.accenture.com.

About Accenture Security

Join Accenture Security to pioneer security solutions that blend risk strategy, digital identity, cyber defense, application security and managed services. Using the coolest next-gen tech, you’ll have every chance to stay one step ahead of cybercrime and out-hack the hackers.

Accenture Security provides comprehensive security services – from security strategy development to business transformation, to managed security services – on demand and at a global scale to help mitigate risks and take full advantage of advanced technologies and proven risk management models. Our experienced team of global security professionals helps businesses understand their risks and build resilience from the inside out, giving them the confidence to focus on what matters most: innovation and business growth.

Responsibilities and Accountabilities

• Able to assess current state capabilities, identify gaps, and plan initiatives to address gaps and accomplish project goals. Building out cybersecurity monitoring & response functions in operational environments.

• Assessing OT security capabilities—specifically security operations and SOC capabilities.

• Develop An integrated communication Plans between OTSOC, ITSCO and business.

• Security Event Monitoring & alerting using Splunk (Level 1) and leverage the OT Cybersecurity Viability Tool (Nozomi) for detailed, analysis, and improvement (Level 2) Cyber Security Incident management.

• Liaise with IT /OT Cyber security teams, site teams.

• Manage support tickets raised by L1. And Security event analysis and recommendations related to OT and Help confirm incident tickets are updated and closed with all actions performed.

• Build and maintain operating procedures & documentation (playbooks & IR plan).

• Re-classify security incidents based on their impact.

• Operational reports and dashboards will be out of the box from OT platform.

• SOP and KB documentation update and maintenance which will be stored and maintained in the customer provided SharePoint site.

• Monitoring and triage of OT security alerts (enrichment, log analysis, false positive suppression) Incident identification & prioritization

• Log qualified incidents into client’s ITSM and coordinate with client CSIRT and resolver groups across the full lifecycle.

• Provide remediation recommendations based on reaction plans.

• Incident Management and escalation to Client CSIRT and/or external Incident Response teams according to playbooks

• Categorize, document, measure, and report security incidents.

• Familiar with SIEM Solution and OT Security Products SIEM integration.

• Familiar with OT Asset Inventory and Vulnerability Management solution such as “Nozomi – Dragos, etc” certified is added value.

• Use case development and tuning for OT sec threat detections.

• Familiar with OT SOAR solution integration and content playbooks development / improvement.

• Familiar with OT Forensics Tools and PCAP analysis.

• Familiar with OT Threat Intelligence, Threat Hunting reports for major and well-known OT Cyber Incident. and provide SMART recommendation to organization.

• GRID Certificate or official training is added value and plus to candidate.

Skills and Qualifications:

• Have more than 7 years of experience overall (mixed between mainstream Automation Systems exposure and OT Cybersecurity exposure).

• Proven track in IT/OT Cybersecurity general management consulting with stakeholder engagement and relationship management skills.

• Excellent communication (written and oral) and interpersonal skills

• Ability to work creatively and analytically in a problem-solving environment.

• Fluent in Arabic and English language.

• Ability to effectively communicate insights relating to an organization’s threat environment to improve its risk management posture.

• Ability to work with the organization's leadership to provide a comprehensive, organization wide approach to address OT Cybersecurity risk and compliance.

• Ability to develop and maintain IR OT Cybersecurity policies, standards, and related documentations.

• Ability to communicate technical and planning information at the same level as a stakeholder’s understanding.

• Knowledge and understanding of risk assessment, mitigation, and treatment methods.

• Knowledge of relevant OT Cybersecurity aspects of legislative and regulatory requirements, relating to ethics and privacy.

• Knowledge of OT Cybersecurity threats and vulnerabilities posed by new technologies and malicious actors.

• Knowledge of Supervisory control and data acquisition system components.

• Knowledge of ICS operating environments and functions.

• Knowledge of ICS network architectures and communication protocols.

• Knowledge of ICS devices and industrial programming languages.

• Knowledge of intrusion detection methodologies and techniques for detecting ICS intrusions.

• Knowledge of the likely operational impact on an organization of OT Cybersecurity breaches.

• Knowledge of OT Cybersecurity authentication, authorization, and access control methods.

• Knowledge of vulnerabilities in applications and their likely impact.

• Knowledge of national OT Cybersecurity laws and regulations such as NCA ECC, OTCC, etc.

• Knowledge of common information security standards, such as: IEC-62443, NCA, NERC-CIP, C2M2, ISO 27001/27002, NIST, etc.

Preferred Qualifications:

• Bachelor’s degree in engineering, information security or relevant.

• 7+ years of experience overall (mixed between mainstream Automation Systems exposure and OT Cybersecurity exposure).

• Certified in GICSP, GRID or equal certifications are added value.

• Why join us?

• We offer a transparent, fast paced approach career progression, with a focus on your strengths and continuous coaching from senior colleagues.

• You will benefit from working alongside Accenture experts who are solving some of the biggest industry challenges with innovative thinking and pioneering tools.

• Flexible work arrangements and a range of benefits including competitive rewards.

• You will have access to state-of-the-art technology that will give you the opportunity to deepen your existing skills even as you help create the latest business trends.

• You will also have opportunities to make a difference to the communities in which we work and live.

Why join us?

• We offer a transparent, fast paced approach career progression, with a focus on your strengths and continuous coaching from senior colleagues.

• You will benefit from working alongside Accenture experts who are solving some of the biggest industry challenges with innovative thinking and pioneering tools.

• Flexible work arrangements and a range of benefits including competitive rewards.

• You will have access to state-of-the-art technology that will give you the opportunity to deepen your existing skills even as you help create the latest business trends.

• You will also have opportunities to make a difference to the communities in which we work and live.

Next Steps

If this sounds like the ideal role, career, and company for you, click below to apply.

To learn more about life @AccentureMiddleEast, follow us on social media and keep up with our latest news.

Accenture Middle East: LinkedIn, Instagram, Facebook, Twitter, YouTube