Cyber Security Consultant

<div><p>Capgemini is a global business and technology transformation partner, helping organizations to accelerate their dual transition to a digital and sustainable world, while creating tangible impact for enterprises and society. It is a responsible and diverse group of 340,000 team members in more than 50 countries. With its strong over 55-year heritage, Capgemini is trusted by its clients to unlock the value of technology to address the entire breadth of their business needs. It delivers end-to-end services and solutions leveraging strengths from strategy and design to engineering, all fueled by its market leading capabilities in AI, cloud and data, combined with its deep industry.</p><h3>Job Summary :-</h3><p>The<b>OT Cybersecurity Consultant – L2</b>is responsible for delivering advanced Industrial Control Systems (ICS) and Operational Technology (OT) cybersecurity monitoring, analysis, and incident response services for critical industrial environments. This role involves hands‑on operation, optimization, and consulting across<b>Nozomi Networks, Industrial Defender, and Microsoft Sentinel</b>platforms.</p><p>Acting as a key<b>technical escalation point between L1 analysts and L3 specialists</b>, the consultant ensures secure, compliant, and resilient plant operations while supporting managed security services, threat detection, vulnerability management, and regulatory compliance across OT landscapes.</p><h3>Key Responsibilities</h3><h3>1.ICS/OT Managed Security Monitoring</h3><ul><li>Deliver<b>8x5 managed cybersecurity monitoring services</b>for<b>ICS/OT environments</b>.</li><li>Monitor, analyze, and triage security events using<b>Nozomi Networks, Industrial Defender, and Microsoft Sentinel</b>.</li><li>Identify anomalous behaviors, unauthorized changes, baseline deviations, and potential cyber threats.</li><li>Validate alerts, reduce false positives, and continuously tune and optimize alerting mechanisms.</li></ul><h3>2. OT Security Platform Consulting&Operations</h3><ul><li>Monitor OT network traffic, asset discovery, vulnerabilities, and behavioral anomalies.</li><li>Analyze industrial protocol traffic including<b>Modbus, DNP3, Profinet, OPC-UA/DA</b>, and others.</li><li>Identify dominant cyber risks, unsafe commands, and abnormal process behaviors.</li><li>Manage OT asset inventories, configuration baselines, vulnerability data, and compliance reporting.</li><li>Detect unauthorized configuration or firmware changes across<b>ICS assets</b>.</li><li>Support compliance initiatives aligned with<b>IEC 62443, NIST</b>, and internal organizational standards.</li></ul><h3>Microsoft Sentinel</h3><ul><li>Integrate OT security logs and alerts into<b>Microsoft Sentinel</b>.</li><li>Develop, tune, and optimize<b>analytics rules, correlation logic, workbooks, and alert workflows</b>.</li><li>Correlate IT and OT telemetry to enhance threat detection and situational awareness.</li></ul><h3>3. Security Event Management&Use Case Development</h3><ul><li>Design and implement custom OT security detection use cases.</li><li>Network sensor telemetry</li><li>Endpoint and anti-malware logs</li><li>Policy, compliance, and vulnerability data</li><li>IOC-based detections</li><li>Fine‑tune alert thresholds and baselines to improve detection accuracy and operational relevance.</li></ul><h3>4. Threat Intelligence&IOC Management</h3><ul><li>Manage OT threat intelligence and IOC feeds using<b>STIX, SNORT, and YARA</b>formats.</li><li>Ingest and analyze advisories from<b>ICS-CERT, US-CERT, OEM vendors</b>, and intelligence providers.</li><li>Identify known malicious activity, rogue devices, suspicious accounts, and threat indicators in OT environments.</li></ul><h3>5. Vulnerability, Risk&Compliance Consulting</h3><ul><li>Identify and classify critical<b>ICS/OT assets</b>and determine their cyber risk exposure.</li><li>Monitor vulnerabilities across<b>PLCs, RTUs, HMIs, servers, and OT network devices</b>.</li><li>Identify non‑compliant assets, insecure configurations, and process deviations.</li><li>Support remediation planning aligned with<b>Work Permit (WP)</b>and<b>Management of Change (MOC)</b>processes.</li><li>Onboard OT assets using:</li><li><b>Agentless methods</b>(Nozomi Networks)</li><li>Decommission and retire obsolete assets from monitoring platforms.</li><li>Onboard and normalize OT and IT log sources into<b>Microsoft Sentinel</b>.</li><li>Enhance event parsing, detection logic, and rule libraries.</li><li>Configure advanced monitoring such as<b>process, registry, and socket-level monitoring</b>.</li></ul><h3>7.ICS/OT Protocol&Process Security</h3><ul><li>Monitor and analyze industrial communication protocols including:</li><li>Modbus</li><li>DNP3</li><li>Profinet</li><li>OPC-UA / OPC-DA</li><li>Detect unsafe control commands, process manipulation risks, and industrial‑specific attack patterns.</li><li>Identify non‑compliant operational processes and unauthorized control activities.</li><li>Perform continuous cyber