OT Cyber Security Consultant

Job description / Role Job Type Full Time Job Location Abu Dhabi, UAE Nationality Any Nationality Salary Not Specified Gender Not Specified Arabic Fluency Not Specified Job Function IT - Network Administration Company Industry IT, Software & Internet Services The OT Cybersecurity Consultant

• L2 is responsible for delivering advanced ICS/OT cybersecurity monitoring, analysis, and incident response services for critical industrial environments. The role involves hands-on operation and optimization of Nozomi Networks, Industrial Defender, and Microsoft Sentinel, supporting managed security services, threat detection, vulnerability management, and compliance monitoring across OT environments. The consultant acts as a key escalation point between L1 analysts and L3 specialists, ensuring secure and resilient plant operations. Key Responsibilities:

1. ICS/OT Managed Security Monitoring • Deliver 8x5 managed cybersecurity monitoring services for ICS/OT environments. • Monitor, analyze, and triage security events and alerts using Nozomi Networks, Industrial Defender, and Microsoft Sentinel. • Identify anomalous behavior, unauthorized changes, baseline deviations, and potential cyber threats. • Validate alerts, reduce false positives, and perform alert tuning and suppression.
2. OT Security Platform Consulting & Operations Nozomi Networks • Monitor OT network traffic, asset discovery, vulnerabilities, and behavioral anomalies. • Analyze ICS protocol traffic (Modbus, DNP3, Profinet, OPC-UA/DA, etc.). • Identify dominant risks, unsafe commands, and abnormal process behavior. Industrial Defender • Manage OT asset inventory, configuration baselines, vulnerability data, and compliance reporting. • Detect unauthorized configuration or firmware changes across ICS assets. • Support compliance activities aligned with IEC 62443, NIST, and internal standards. Microsoft Sentinel • Integrate OT security logs and alerts into Sentinel. • Develop and tune analytics rules, correlation logic, workbooks, and alert workflows. • Correlate IT and OT security telemetry to enhance threat visibility.
3. Security Event Management & Use Case Development • Design and implement custom detection use cases and event processing rules. • Develop advanced correlation scenarios for: • Endpoint and anti-malware telemetry • Policy, compliance, and vulnerability monitoring • IOC-based detections • Fine-tune alerts, baselines, and thresholds to optimize detection accuracy.
4. Threat Intelligence & IOC Management • Manage OT threat intelligence and IOC feeds using STIX, SNORT, and YARA formats. • Ingest advisories from ICS-CERT, US-CERT, vendors, and threat intelligence sources.