OT SOC Analyst Level 2

Job description / Role

About Accenture

Accenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer strategy and consulting, Song, technology and operations services - all powered by the world's largest network of advanced technology and intelligent operations centers. Our 791,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities.

About Accenture Security

Join Accenture Security to pioneer security solutions that blend risk strategy, digital identity, cyber defense, application security and managed services. Using the coolest next-gen tech, you'll have every chance to stay one step ahead of cybercrime and out-hack the hackers.

Accenture Security provides comprehensive security services - from security strategy development to business transformation, to managed security services - on demand and at a global scale to help mitigate risks and take full advantage of advanced technologies and proven risk management models. Our experienced team of global security professionals helps businesses understand their risks and build resilience from the inside out, giving them the confidence to focus on what matters most: innovation and business growth.

Responsibilities and Accountabilities

• Able to assess current state capabilities, identify gaps, and plan initiatives to address gaps and accomplish project goals.
• Building out cybersecurity monitoring and response functions in operational environments.
• Assessing OT security capabilities—specifically security operations and SOC capabilities.
• Develop integrated communication plans between OT SOC, IT SOC and business.
• Security event monitoring and alerting using Splunk (Level 1) and leverage the OT cybersecurity viability tool (Nozomi) for detailed analysis and improvement (Level 2).
• Cyber security incident management.
• Liaise with IT/OT cybersecurity teams and site teams.
• Manage support tickets raised by Level 1 and security event analysis and recommendations related to OT.
• Help confirm incident tickets are updated and closed with all actions performed.
• Build and maintain operating procedures and documentation (playbooks and incident response plan).
• Re-classify security incidents based on their impact.
• Operational reports and dashboards will be out of the box from OT platform.
• Standard operating procedure and knowledge base documentation update and maintenance, which will be stored and maintained in the customer-provided SharePoint site.
• Monitoring and triage of OT security alerts (enrichment, log analysis, false positive suppression).
• Incident identification and prioritization.
• Log qualified incidents into client's ITSM and coordinate with client CSIRT and resolver groups across the full lifecycle.
• Provide remediation recommendations based on reaction plans.
• Incident management and escalation to client CSIRT and/or external incident response teams according to playbooks.
• Categorize, document, measure, and report security incidents.
• Familiar with SIEM solutions and OT security products SIEM integration.
• Familiar with OT asset inventory and vulnerability management solutions such as Nozomi, Dragos, etc.; certification is an added value.
• Use case development and tuning for OT security threat detections.
• Familiar with OT SOAR solution integration and content playbooks development and improvement.
• Familiar with OT forensics tools and PCAP analysis.
• Familiar with OT threat intelligence and threat hunting reports for major and well-known OT cyber incidents and provide SMART recommendations to the organization.
• GRID certificate or official training is an added value and a plus for the candidate.

Skills and Qualifications

• More than 7 years of experience overall (mixed between mainstream automation systems exposure and OT cybersecurity exposure).
• Proven track record in IT/OT cybersecurity general management consulting with stakeholder engagement and relationship management skills.
• Excellent communication (written and oral) and interpersonal skills.
• Ability to work creatively and analytically in a problem-solving environment.
• Fluent in Arabic and English.
• Ability to effectively communicate insights relating to an organization's threat environment to improve its risk management posture.
• Ability to work with the organization's leadership to provide a comprehensive, organization-wide approach to address OT cybersecurity risk and compliance.
• Ability to develop and maintain incident response OT cybersecurity policies, standards, and related documentation.
• Ability to communicate technical and planning information at the same level as a stakeholder's understanding.
• Knowledge and understanding of risk assessment, mitigation, and treatment methods.
• Knowledge of relevant OT cybersecurity aspects of legislative and regulatory requirements, relating to ethics and privacy.
• Knowledge of OT cybersecurity threats and vulnerabilities posed by new technologies and malicious actors.
• Knowledge of supervisory control and data acquisition system components.
• Knowledge of ICS operating environments and functions.
• Knowledge of ICS network architectures and communication protocols.
• Knowledge of ICS devices and industrial programming languages.
• Knowledge of intrusion detection methodologies and techniques for detecting ICS intrusions.
• Knowledge of the likely operational impact on an organization of OT cybersecurity breaches.
• Knowledge of OT cybersecurity authentication, authorization, and access control methods.
• Knowledge of vulnerabilities in applications and their likely impact.
• Knowledge of national OT cybersecurity laws and regulations such as NCA ECC, OTCC, etc.
• Knowledge of common information security standards, such as IEC-62443, NCA, NERC-CIP, C2M2, ISO 27001/27002, NIST, etc.

Preferred Qualifications

• Bachelor's degree in engineering, information security or relevant field.
• 7+ years of experience overall (mixed between mainstream automation systems exposure and OT cybersecurity exposure).
• Certification in GICSP, GRID or equivalent certifications is an added value.

Why Join Us?

We offer a transparent, fast-paced approach to career progression, with a focus on your strengths and continuous coaching from senior colleagues. You will benefit from working alongside Accenture experts who are solving some of the biggest industry challenges with innovative thinking and pioneering tools. Flexible work arrangements and a range of benefits including competitive rewards.

You will have access to state-of-the-art technology that will give you the opportunity to deepen your existing skills even as you help create the latest business trends. You will also have opportunities to make a difference to the communities in which we work and live.

About Accenture

Accenture is a leading global professional services company that helps the world's leading businesses, governments and other organizations build their digital core, optimize their operations, accelerate revenue growth and enhance citizen services—creating tangible value at speed and scale. We are a talent- and innovation-led company with approximately 791,000 people serving clients in more than 120 countries.

Technology is at the core of change today, and we are one of the world's leaders in helping drive that change, with strong ecosystem relationships. We combine our strength in technology and leadership in cloud, data and AI with unmatched industry experience, functional expertise and global delivery capability.

Our broad range of services, solutions and assets across strategy and consulting, technology, operations, Industry X and Song, together with our culture of shared success and commitment to creating 360° value, enable us to help our clients reinvent and build trusted, lasting relationships. We measure our success by the 360° value we create for our clients, each other, our shareholders, partners and communities.

Equal Employment Opportunity Statement

We believe that no one should be discriminated against because of their differences. All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, sexual orientation, gender identity or expression, marital status, citizenship status or any other basis as protected by applicable law.

Our rich diversity makes us more innovative, more competitive, and more creative, which helps us better serve our clients and our communities.