Skip to main content Skip to footer

OT SOC Detection and Incident Response - L2

Security Delivery Team Lead/Consultant | Mid-Level | Full time
Job No. 12371175 | Riyadh
Register for Job alerts
Apply for this job

Title: OT SOC Detection and Incident Response - Level 2

Location: Riyadh, Saudi Arabia

About Accenture  

Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Song, Technology and Operations services — all powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. Our 799,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities. Visit us at www.accenture.com.

About Accenture Security

Join Accenture Security to pioneer security solutions that blend risk strategy, digital identity, cyber defense, application security and managed services. Using the coolest next-gen tech, you’ll have every chance to stay one step ahead of cybercrime and out-hack the hackers.    

Accenture Security provides comprehensive security services – from security strategy development to business transformation, to managed security services – on demand and at a global scale to help mitigate risks and take full advantage of advanced technologies and proven risk management models. Our experienced team of global security professionals helps businesses understand their risks and build resilience from the inside out, giving them the confidence to focus on what matters most: innovation and business growth.

Responsibilities and Accountabilities

  • Able to assess current state capabilities, identify gaps, and plan initiatives to address gaps and accomplish project goals. Building out cybersecurity monitoring & response functions in operational environments.

  • Assessing OT security capabilities—specifically security operations and SOC capabilities.

  • Develop An integrated communication Plans between OTSOC, ITSCO and business.

  • Security Event Monitoring & alerting using Splunk (Level 1) and leverage the OT Cybersecurity Viability Tool (Nozomi) for detailed, analysis, and improvement (Level 2) Cyber Security Incident management.

  • Liaise with IT /OT Cyber security teams, site teams.

  • Manage support tickets raised by L1. And Security event analysis and recommendations related to OT and Help confirm incident tickets are updated and closed with all actions performed.

  • Build and maintain operating procedures & documentation (playbooks & IR plan).

  • Re-classify security incidents based on their impact.

  • Operational reports and dashboards will be out of the box from OT platform.

  • SOP and KB documentation update and maintenance which will be stored and maintained in the customer provided SharePoint site.

  • Monitoring and triage of OT security alerts (enrichment, log analysis, false positive suppression) Incident identification & prioritization

  • Log qualified incidents into client’s ITSM and coordinate with client CSIRT and resolver groups across the full lifecycle.

  • Provide remediation recommendations based on reaction plans.

  • Incident Management and escalation to Client CSIRT and/or external Incident Response teams according to playbooks

  • Categorize, document, measure, and report security incidents.

  • Familiar with SIEM Solution and OT Security Products SIEM integration.

  • Familiar with OT Asset Inventory and Vulnerability Management solution such as “Nozomi – Dragos, etc” certified is added value.

  • Use case development and tuning for OT sec threat detections.

  • Familiar with OT SOAR solution integration and content playbooks development / improvement.

  • Familiar with OT Forensics Tools and PCAP analysis.

  • Familiar with OT Threat Intelligence, Threat Hunting reports for major and well-known OT Cyber Incident. and provide SMART recommendation to organization.

  • GRID Certificate or official training is added value and plus to candidate.

Skills and Qualifications:

  • Have more than 7 years of experience overall (mixed between mainstream Automation Systems exposure and OT Cybersecurity exposure).

  • Proven track in IT/OT Cybersecurity general management consulting with stakeholder engagement and relationship management skills.

  • Excellent communication (written and oral) and interpersonal skills

  • Ability to work creatively and analytically in a problem-solving environment.

  • Fluent in Arabic and English language.

  • Ability to effectively communicate insights relating to an organization’s threat environment to improve its risk management posture.

  • Ability to work with the organization's leadership to provide a comprehensive, organization wide approach to address OT Cybersecurity risk and compliance.

  • Ability to develop and maintain IR OT Cybersecurity policies, standards, and related documentations.

  • Ability to communicate technical and planning information at the same level as a stakeholder’s understanding.

  • Knowledge and understanding of risk assessment, mitigation, and treatment methods.

  • Knowledge of relevant OT Cybersecurity aspects of legislative and regulatory requirements, relating to ethics and privacy.

  • Knowledge of OT Cybersecurity threats and vulnerabilities posed by new technologies and malicious actors.

  • Knowledge of Supervisory control and data acquisition system components.

  • Knowledge of ICS operating environments and functions.

  • Knowledge of ICS network architectures and communication protocols.

  • Knowledge of ICS devices and industrial programming languages.

  • Knowledge of intrusion detection methodologies and techniques for detecting ICS intrusions.

  • Knowledge of the likely operational impact on an organization of OT Cybersecurity breaches.

  • Knowledge of OT Cybersecurity authentication, authorization, and access control methods.

  • Knowledge of vulnerabilities in applications and their likely impact.

  • Knowledge of national OT Cybersecurity laws and regulations such as NCA ECC, OTCC, etc.

  • Knowledge of common information security standards, such as: IEC-62443, NCA, NERC-CIP, C2M2, ISO 27001/27002, NIST, etc.

Preferred Qualifications:

  • Bachelor’s degree in engineering, information security or relevant.

  • 7+ years of experience overall (mixed between mainstream Automation Systems exposure and OT Cybersecurity exposure).

  • Certified in GICSP, GRID or equal certifications are added value.

  • Make a difference to the communities in which we work and live. 

Why join us?

  • We offer a transparent, fast paced approach career progression, with a focus on your strengths and continuous coaching from senior colleagues.

  • You will benefit from working alongside Accenture experts who are solving some of the biggest industry challenges with innovative thinking and pioneering tools.

  • Flexible work arrangements and a range of benefits including competitive rewards.

  • You will have access to state-of-the-art technology that will give you the opportunity to deepen your existing skills even as you help create the latest business trends.

  • You will also have opportunities to make a difference to the communities in which we work and live.

Next Steps

If this sounds like the ideal role, career, and company for you, click below to apply. 
 

To learn more about life @AccentureMiddleEast, follow us on social media and keep up with our latest news.
 

Accenture Middle EastLinkedInInstagramFacebookTwitterYouTube

Riyadh

Equal Employment Opportunity Statement

All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.

Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.

Accenture is committed to providing veteran employment opportunities to our service men and women.

Please read Accenture’s Recruiting and Hiring Statement for more information on how we process your data during the Recruiting and Hiring process.

We work with one shared purpose: to deliver on the promise of technology and human ingenuity. Every day, more than 775,000 of us help our stakeholders continuously reinvent. Together, we drive positive change and deliver value to our clients, partners, shareholders, communities, and each other.

We believe that delivering value requires innovation, and innovation thrives in an inclusive and diverse environment. We actively foster a workplace free from bias, where everyone feels a sense of belonging and is respected and empowered to do their best work.

At Accenture, we see well-being holistically, supporting our people’s physical, mental, and financial health. We also provide opportunities to keep skills relevant through certifications, learning, and diverse work experiences. We’re proud to be consistently recognized as one of the World’s Best Workplaces™.

Join Accenture to work at the heart of change. Visit us at www.accenture.com.

Discover where this job fits at Accenture

Operations & delivery jobs: Get transformational

Use data, insights and tech to reimagine how people work, moving operations from transactional to transformational.

Learn more

Cybersecurity jobs: Outsmart threats

Use your expertise and start-up mentality to help clients build secure, resilient businesses in a complex and ever-changing threat landscape, addressing the growing careers in cybersecurity.

Learn more

Technology jobs: Be the catalyst

Get hands-on with the technologies that our clients need to reinvent, work in new ways and change the world for the better.

Learn more