OT Cybersecurity Consultant: ICS/OT Monitoring & Response

Capgemini is a global business and technology transformation partner, helping organizations to accelerate their dual transition to a digital and sustainable world, while creating tangible impact for enterprises and society. It is a responsible and diverse group of 340,000 team members in more than 50 countries. With its strong over 55-year heritage, Capgemini is trusted by its clients to unlock the value of technology to address the entire breadth of their business needs. It delivers end-to-end services and solutions leveraging strengths from strategy and design to engineering, all fueled by its market leading capabilities in AI, cloud and data, combined with its deep industry.Job Summary :-The OT Cybersecurity Consultant – L2 is responsible for delivering advanced Industrial Control Systems (ICS) and Operational Technology (OT) cybersecurity monitoring, analysis, and incident response services for critical industrial environments. This role involves hands-on operation, optimization, and consulting across Nozomi Networks, Industrial Defender, and Microsoft Sentinel platforms.Acting as a key technical escalation point between L1 analysts and L3 specialists, the consultant ensures secure, compliant, and resilient plant operations while supporting managed security services, threat detection, vulnerability management, and regulatory compliance across OT landscapes.Key Responsibilities1. ICS/OT Managed Security MonitoringDeliver 8x5 managed cybersecurity monitoring services for ICS/OT environments.Monitor, analyze, and triage security events using Nozomi Networks, Industrial Defender, and Microsoft Sentinel.Identify anomalous behaviors, unauthorized changes, baseline deviations, and potential cyber threats.Validate alerts, reduce false positives, and continuously tune and optimize alerting mechanisms.2. OT Security Platform Consulting & OperationsMonitor OT network traffic, asset discovery, vulnerabilities, and behavioral anomalies.Analyze industrial protocol traffic including Modbus, DNP3, Profinet, OPC-UA/DA, and others.Identify dominant cyber risks, unsafe commands, and abnormal process behaviors.Manage OT asset inventories, configuration baselines, vulnerability data, and compliance reporting.Detect unauthorized configuration or firmware changes across ICS assets.Support compliance initiatives aligned with IEC 62443, NIST, and internal organizational standards.Microsoft SentinelIntegrate OT security logs and alerts into Microsoft Sentinel.Develop, tune, and optimize analytics rules, correlation logic, workbooks, and alert workflows.Correlate IT and OT telemetry to enhance threat detection and situational awareness.3. Security Event Management & Use Case DevelopmentDesign and implement custom OT security detection use cases.Network sensor telemetryEndpoint and anti-malware logsPolicy, compliance, and vulnerability dataIOC-based detectionsFine-tune alert thresholds and baselines to improve detection accuracy and operational relevance.4. Threat Intelligence & IOC ManagementManage OT threat intelligence and IOC feeds using STIX, SNORT, and YARA formats.Ingest and analyze advisories from ICS-CERT, US-CERT, OEM vendors, and intelligence providers.Identify known malicious activity, rogue devices, suspicious accounts, and threat indicators in OT environments.5. Vulnerability, Risk & Compliance ConsultingIdentify and classify critical ICS/OT assets and determine their cyber risk exposure.Monitor vulnerabilities across PLCs, RTUs, HMIs, servers, and OT network devices.Identify non-compliant assets, insecure configurations, and process deviations.Support remediation planning aligned with Work Permit (WP) and Management of Change (MOC) processes.Onboard OT assets using:Agentless methods (Nozomi Networks)Decommission and retire obsolete assets from monitoring platforms.Onboard and normalize OT and IT log sources into Microsoft Sentinel.Enhance event parsing, detection logic, and rule libraries.Configure advanced monitoring such as process, registry, and socket-level monitoring.7. ICS/OT Protocol & Process SecurityMonitor and analyze industrial communication protocols including:ModbusDNP3ProfinetOPC-UA / OPC-DADetect unsafe control commands, process manipulation risks, and industrial-specific attack patterns.Identify non-compliant operational processes and unauthorized control activities.Perform continuous cyber monitoring and risk assessments.Handle and analyze:Up to 10 ICS/OT cybersecurity incidents, including root cause analysisUp to 15 investigation requests from Information Security teamsConduct proactive threat hunting and report a minimum of 5 significant OT risk findings.Collect forensic artifacts and support L3 teams during complex investigations.Escalate incidents with clear risk, impact, and remediation recommendations.9. Reporting, Documentation & Stakeholder SupportProduce operational, security, and compliance reports.Maintain accurate documentation to support:Compliance and auditsDisaster Recovery (DR)SOPs a