OT Cybersecurity Consultant: ICS/OT Monitoring&Response

<p>Capgemini is a global business and technology transformation partner, helping organizations to accelerate their dual transition to a digital and sustainable world, while creating tangible impact for enterprises and society. It is a responsible and diverse group of 340,000 team members in more than 50 countries. With its strong over 55-year heritage, Capgemini is trusted by its clients to unlock the value of technology to address the entire breadth of their business needs. It delivers end-to-end services and solutions leveraging strengths from strategy and design to engineering, all fueled by its market leading capabilities in AI, cloud and data, combined with its deep industry.</p><p><strong>Job Summary :-</strong></p><p>The<strong>OT Cybersecurity Consultant – L2</strong>is responsible for delivering advanced Industrial Control Systems (ICS) and Operational Technology (OT) cybersecurity monitoring, analysis, and incident response services for critical industrial environments. This role involves hands-on operation, optimization, and consulting across<strong>Nozomi Networks, Industrial Defender, and Microsoft Sentinel</strong>platforms.</p><p>Acting as a key<strong>technical escalation point between L1 analysts and L3 specialists</strong>, the consultant ensures secure, compliant, and resilient plant operations while supporting managed security services, threat detection, vulnerability management, and regulatory compliance across OT landscapes.</p><p><strong>Key Responsibilities</strong></p><p><strong>1. ICS/OT Managed Security Monitoring</strong></p><ul><li>Deliver<strong>8x5 managed cybersecurity monitoring services</strong>for ICS/OT environments.</li><li>Monitor, analyze, and triage security events using<strong>Nozomi Networks, Industrial Defender, and Microsoft Sentinel</strong>.</li><li>Identify anomalous behaviors, unauthorized changes, baseline deviations, and potential cyber threats.</li><li>Validate alerts, reduce false positives, and continuously tune and optimize alerting mechanisms.</li></ul><p><strong>2. OT Security Platform Consulting&Operations</strong></p><ul><li>Monitor OT network traffic, asset discovery, vulnerabilities, and behavioral anomalies.</li><li>Analyze industrial protocol traffic including<strong>Modbus, DNP3, Profinet, OPC-UA/DA</strong>, and others.</li><li>Identify dominant cyber risks, unsafe commands, and abnormal process behaviors.</li><li>Manage OT asset inventories, configuration baselines, vulnerability data, and compliance reporting.</li><li>Detect unauthorized configuration or firmware changes across ICS assets.</li><li>Support compliance initiatives aligned with<strong>IEC 62443, NIST</strong>, and internal organizational standards.</li></ul><p><strong>Microsoft Sentinel</strong></p><ul><li>Integrate OT security logs and alerts into<strong>Microsoft Sentinel</strong>.</li><li>Develop, tune, and optimize<strong>analytics rules, correlation logic, workbooks, and alert workflows</strong>.</li><li>Correlate IT and OT telemetry to enhance threat detection and situational awareness.</li></ul><p><strong>3. Security Event Management&Use Case Development</strong></p><ul><li>Design and implement custom OT security detection use cases.</li><li>Network sensor telemetry</li><li>Endpoint and anti-malware logs</li><li>Policy, compliance, and vulnerability data</li><li>IOC-based detections</li><li>Fine-tune alert thresholds and baselines to improve detection accuracy and operational relevance.</li></ul><p><strong>4. Threat Intelligence&IOC Management</strong></p><ul><li>Manage OT threat intelligence and IOC feeds using<strong>STIX, SNORT, and YARA</strong>formats.</li><li>Ingest and analyze advisories from<strong>ICS-CERT, US-CERT, OEM vendors</strong>, and intelligence providers.</li><li>Identify known malicious activity, rogue devices, suspicious accounts, and threat indicators in OT environments.</li></ul><p><strong>5. Vulnerability, Risk&Compliance Consulting</strong></p><ul><li>Identify and classify critical ICS/OT assets and determine their cyber risk exposure.</li><li>Monitor vulnerabilities across<strong>PLCs, RTUs, HMIs, servers, and OT network devices</strong>.</li><li>Identify non-compliant assets, insecure configurations, and process deviations.</li><li>Support remediation planning aligned with<strong>Work Permit (WP)</strong>and<strong>Management of Change (MOC)</strong>processes.</li><li>Onboard OT assets using:</li><li><strong>Agentless methods</strong>(Nozomi Networks)</li><li>Decommission and retire obsolete assets from monitoring platforms.</li><li>Onboard and normalize OT and IT log sources into Microsoft Sentinel.</li><li>Enhance event parsing, detection logic, and rule libraries.</li><li>Configure advanced monitoring such as<strong>process, registry, and socket-level monitoring</strong>.</li></ul><p><strong>7. ICS/OT Protocol&Process Security</strong></p><ul><li>Monitor and analyze industrial communication protocols including:</li><li>Modbus</li><li>DNP3</li>