Find The RightJob.
OT Cyber Security Consultant
The Role
The OT Cybersecurity Consultant – L2 is responsible for delivering advanced ICS/OT cybersecurity monitoring, analysis, and incident response services for critical industrial environments. The role involves hands-on operation and optimization of Nozomi Networks, Industrial Defender, and Microsoft Sentinel, supporting managed security services, threat detection, vulnerability management, and compliance monitoring across OT environments. The consultant acts as a key escalation point between L1 analysts and L3 specialists, ensuring secure and resilient plant operations. Key Responsibilities: 1. ICS/OT Managed Security Monitoring • Deliver 8x5 managed cybersecurity monitoring services for ICS/OT environments. • Monitor, analyze, and triage security events and alerts using Nozomi Networks, Industrial Defender, and Microsoft Sentinel. • Identify anomalous behavior, unauthorized changes, baseline deviations, and potential cyber threats. • Validate alerts, reduce false positives, and perform alert tuning and suppression. 2. OT Security Platform Consulting & Operations Nozomi Networks • Monitor OT network traffic, asset discovery, vulnerabilities, and behavioral anomalies. • Analyze ICS protocol traffic (Modbus, DNP3, Profinet, OPC-UA/DA, etc.). • Identify dominant risks, unsafe commands, and abnormal process behavior. Industrial Defender • Manage OT asset inventory, configuration baselines, vulnerability data, and compliance reporting. • Detect unauthorized configuration or firmware changes across ICS assets. • Support compliance activities aligned with IEC 62443, NIST, and internal standards. Microsoft Sentinel • Integrate OT security logs and alerts into Sentinel. • Develop and tune analytics rules, correlation logic, workbooks, and alert workflows. • Correlate IT and OT security telemetry to enhance threat visibility. 3. Security Event Management & Use Case Development • Design and implement custom detection use cases and event processing rules. • Develop advanced correlation scenarios for: • Plant process data • Network sensors • Endpoint and anti-malware telemetry • Policy, compliance, and vulnerability monitoring • IOC-based detections • Fine-tune alerts, baselines, and thresholds to optimize detection accuracy. 4. Threat Intelligence & IOC Management • Manage OT threat intelligence and IOC feeds using STIX, SNORT, and YARA formats. • Ingest advisories from ICS-CERT, US-CERT, vendors, and threat intelligence sources. • Identify known bad behavior, rogue devices, suspicious accounts, and malicious indicators. 5. Vulnerability, Risk & Compliance Consulting • Identify and classify ICS/OT critical assets and their cyber risk exposure. • Monitor vulnerabilities across PLCs, RTUs, HMIs, servers, and OT network devices. • Identify non-compliant assets, insecure configurations, and process deviations. • Support remediation and mitigation planning aligned with Work Permit (WP) and Management of Change (MOC) processes. 6. Asset, Log Source & Integration Management • Onboard new OT assets using agentless (Nozomi) and agent-based (Industrial Defender) methods. • Retire decommissioned assets from monitoring platforms. • Onboard, normalize, and optimize OT and IT log sources in Microsoft Sentinel. • Improve event parsing, detection logic, and rule libraries. • Configure advanced monitoring features such as process, registry, and socket monitoring. 7. ICS/OT Protocol & Process Security • Monitor and analyze industrial protocols: • Modbus • DNP3 • Profinet • OPC-UA / OPC-DA • Identify unsafe control commands, process manipulation risks, and industrial-specific attack patterns. • Detect incompliant operational processes and unauthorized control activities. 8. Incident Response, Investigation & Threat Hunting • Perform continuous security monitoring and risk assessment. • Handle and analyze: • Up to 10 ICS/OT cybersecurity incidents, including root cause analysis • Up to 15 investigation requests from Information Security teams • Conduct proactive threat hunting and report at least 5 significant ICS/OT risk findings. • Collect forensic artifacts and support Tier 3 teams during complex investigations. • Escalate incidents with clear risk, impact, and remediation recommendations. 9. Reporting, Documentation & Stakeholder Support • Prepare operational, security, and compliance reports. • Maintain documentation for: • Compliance and audits • Disaster Recovery (DR) • SOPs and operational procedures • Support customer and internal stakeholder requests related to OT cybersecurity posture.
Requirements
Required Skills & Qualifications Technical Skills • Hands-on experience with Nozomi Networks, Industrial Defender, and Microsoft Sentinel • Strong understanding of ICS/OT architecture, Purdue model, and industrial environments • Experience in SIEM correlation, alert tuning, and use case development • Knowledge of ICS protocols, OT threat vectors, and vulnerability management • Incident response and forensic analysis experience in OT environments Soft Skills • Consulting mindset with strong analytical and problem-solving abilities • Ability to communicate complex OT security risks to technical and non-technical stakeholders • Comfortable working in 24x7 operational environments Experience • 10–12 years in cybersecurity • 5+ years in ICS/OT cybersecurity or industrial environments Preferred Certifications • GICSP • IEC 62443 (Foundation / Practitioner) • GCIA / GRID • CISSP / CISM • Microsoft Sentinel / SC-200
About the company
Capgemini is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided everyday by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of 350,000 team members in more than 50 countries. With its strong 55-year heritage and deep industry expertise, Capgemini is trusted by its clients to address the entire breadth of their business needs, from strategy and design to operations, fueled by the fast evolving and innovative world of cloud, data, AI, connectivity, software, digital engineering and platforms. The Group reported in 2022 global revenues of 22 billion.
The OT Cybersecurity Consultant – L2 is responsible for delivering advanced ICS/OT cybersecurity monitoring, analysis, and incident response services for critical industrial environments. The role involves hands-on operation and optimization of Nozomi Networks, Industrial Defender, and Microsoft Sentinel, supporting managed security services, threat detection, vulnerability management, and compliance monitoring across OT environments. The consultant acts as a key escalation point between L1 analysts and L3 specialists, ensuring secure and resilient plant operations. Key Responsibilities: 1. ICS/OT Managed Security Monitoring • Deliver 8x5 managed cybersecurity monitoring services for ICS/OT environments. • Monitor, analyze, and triage security events and alerts using Nozomi Networks, Industrial Defender, and Microsoft Sentinel. • Identify anomalous behavior, unauthorized changes, baseline deviations, and potential cyber threats. • Validate alerts, reduce false positives, and perform alert tuning and suppression. 2. OT Security Platform Consulting & Operations Nozomi Networks • Monitor OT network traffic, asset discovery, vulnerabilities, and behavioral anomalies. • Analyze ICS protocol traffic (Modbus, DNP3, Profinet, OPC-UA/DA, etc.). • Identify dominant risks, unsafe commands, and abnormal process behavior. Industrial Defender • Manage OT asset inventory, configuration baselines, vulnerability data, and compliance reporting. • Detect unauthorized configuration or firmware changes across ICS assets. • Support compliance activities aligned with IEC 62443, NIST, and internal standards. Microsoft Sentinel • Integrate OT security logs and alerts into Sentinel. • Develop and tune analytics rules, correlation logic, workbooks, and alert workflows. • Correlate IT and OT security telemetry to enhance threat visibility. 3. Security Event Management & Use Case Development • Design and implement custom detection use cases and event processing rules. • Develop advanced correlation scenarios for: • Plant process data • Network sensors • Endpoint and anti-malware telemetry • Policy, compliance, and vulnerability monitoring • IOC-based detections • Fine-tune alerts, baselines, and thresholds to optimize detection accuracy. 4. Threat Intelligence & IOC Management • Manage OT threat intelligence and IOC feeds using STIX, SNORT, and YARA formats. • Ingest advisories from ICS-CERT, US-CERT, vendors, and threat intelligence sources. • Identify known bad behavior, rogue devices, suspicious accounts, and malicious indicators. 5. Vulnerability, Risk & Compliance Consulting • Identify and classify ICS/OT critical assets and their cyber risk exposure. • Monitor vulnerabilities across PLCs, RTUs, HMIs, servers, and OT network devices. • Identify non-compliant assets, insecure configurations, and process deviations. • Support remediation and mitigation planning aligned with Work Permit (WP) and Management of Change (MOC) processes. 6. Asset, Log Source & Integration Management • Onboard new OT assets using agentless (Nozomi) and agent-based (Industrial Defender) methods. • Retire decommissioned assets from monitoring platforms. • Onboard, normalize, and optimize OT and IT log sources in Microsoft Sentinel. • Improve event parsing, detection logic, and rule libraries. • Configure advanced monitoring features such as process, registry, and socket monitoring. 7. ICS/OT Protocol & Process Security • Monitor and analyze industrial protocols: • Modbus • DNP3 • Profinet • OPC-UA / OPC-DA • Identify unsafe control commands, process manipulation risks, and industrial-specific attack patterns. • Detect incompliant operational processes and unauthorized control activities. 8. Incident Response, Investigation & Threat Hunting • Perform continuous security monitoring and risk assessment. • Handle and analyze: • Up to 10 ICS/OT cybersecurity incidents, including root cause analysis • Up to 15 investigation requests from Information Security teams • Conduct proactive threat hunting and report at least 5 significant ICS/OT risk findings. • Collect forensic artifacts and support Tier 3 teams during complex investigations. • Escalate incidents with clear risk, impact, and remediation recommendations. 9. Reporting, Documentation & Stakeholder Support • Prepare operational, security, and compliance reports. • Maintain documentation for: • Compliance and audits • Disaster Recovery (DR) • SOPs and operational procedures • Support customer and internal stakeholder requests related to OT cybersecurity posture.
Requirements
Required Skills & Qualifications Technical Skills • Hands-on experience with Nozomi Networks, Industrial Defender, and Microsoft Sentinel • Strong understanding of ICS/OT architecture, Purdue model, and industrial environments • Experience in SIEM correlation, alert tuning, and use case development • Knowledge of ICS protocols, OT threat vectors, and vulnerability management • Incident response and forensic analysis experience in OT environments Soft Skills • Consulting mindset with strong analytical and problem-solving abilities • Ability to communicate complex OT security risks to technical and non-technical stakeholders • Comfortable working in 24x7 operational environments Experience • 10–12 years in cybersecurity • 5+ years in ICS/OT cybersecurity or industrial environments Preferred Certifications • GICSP • IEC 62443 (Foundation / Practitioner) • GCIA / GRID • CISSP / CISM • Microsoft Sentinel / SC-200
About the company
Capgemini is a global leader in partnering with companies to transform and manage their business by harnessing the power of technology. The Group is guided everyday by its purpose of unleashing human energy through technology for an inclusive and sustainable future. It is a responsible and diverse organization of 350,000 team members in more than 50 countries. With its strong 55-year heritage and deep industry expertise, Capgemini is trusted by its clients to address the entire breadth of their business needs, from strategy and design to operations, fueled by the fast evolving and innovative world of cloud, data, AI, connectivity, software, digital engineering and platforms. The Group reported in 2022 global revenues of 22 billion.
Similar jobs
No similar jobs found
© 2026 Qureos. All rights reserved.