Lead Analyst - Sector Domain OT Cybersecurity

Overview

OT Lead Analyst Sector Domain is the liaison officer of the sector in OT SOC and vice versa. Communicate activities, decision, etc. to the sector stakeholders.

Responsibilities

• Hold and provide all sector specific knowledge for all activities (incident response, threat hunting and etc.)
• Coordinate mutual efforts between the OT SOC and the sector. For example, mutual incident response investigation
• Establishing and maintaining relationships with internal and external stakeholders like suppliers, customers and incident response and security teams.
• Creating and maintaining a comprehensive understanding of global/sector related cybersecurity risks and market requirements, including regulations and standards.
• Supporting customer and teams with customer/sector cybersecurity questions and questionnaires
• Representing OT SOC as a thought leader and expert in customer discussions regarding cybersecurity and sector related discussions
• Perform assessment to monitor the adherence to applicable cybersecurity policies and industry best practices
• Actively contributing to identify, manage and reduce cyber security risks.
• Support and to drive internal cybersecurity awareness and training programs.
• Active involvement in management discussions
• Must be an articulate and persuasive leader who is able to communicate security related concepts to a broad range of technical and non-technical staff.
• Coordinated efforts in line with the bigger picture to maximize the overall value of SOC delivery.
• Collaborate and build relationship with internal and external parties to support SOC operations and sector related initiatives
• Self-motivated, curious, knowledgeable pertaining to information security news and current events.
• Highly result oriented and able to work independently.
• Ability to build relationships and interact effectively with internal and external parties.
• Comfortable with high-tech work environment, and constant learning of new tools and innovations
  
  

• Overall 8+ years’ experience working in a large-scale OT environment with focus on Information Security.
• Overall 8+ years’ experience working in specific sector (Healthcare, Critical Infrastructure, Transportation, Finance, UtilitiesMinimum 5 years’ experience in Information and Cyber Security.
• Any Bachelor’s Degree in Computer Science or Information Technology
• ISC2 Certified Information Systems Security Professional (CISSP) and/or
• GIAC Certification
• Sector related certification(s)
• Possess strong people and process management skills.
• Proven skills in program management including project initiation, scoping, resourcing, scheduling, budgeting, risk management and communication.
• Excellent interpersonal, presentation and facilitation skills.
• Good analytical, technical, written and verbal communication skills.
• Ability to multi-task in a fast paced and demanding work environment.
• Ability to lead team with good co-ordination skills.
• Good working knowledge of Office tools.
• Ability to work effectively in a team and to lead a team to accomplish SOC goals and objective.
• Knowledge of current and emerging threats/threat vectors.
• Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
• Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.
• Knowledge of new and emerging information technology (IT) and information security technologies.
• Knowledge of Information security GRC, standards, best practices and concepts.
• Knowledge of applicable Information and cyber security related laws and regulations.
• Knowledge of disaster recovery and continuity of operations plans.
• Knowledge of Cyber kill chain and other frameworks such as NIST, ISO, SANS, etc.
• Knowledge of defense-in-depth techniques and of different classes of attacks (e.g., passive, active, insider, close-in, distribution)
• Knowledge of different operational threat environments (e.g., first generation [script kiddies], second generation [non-nation state sponsored], and third generation [nation state sponsored]).
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Knowledge of hacking methodologies in Windows or Unix/Linux environment Surveillance and of penetration testing principles, tools, and techniques (e.g., metasploit, neosploit).
• Knowledge of programming language structures and logic.
• Knowledge of webmail collection, searching/analyzing techniques, tools, and cookies Web Technology.
• Skill in performing damage assessments.
• Skill in performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump)
• Knowledge of malware and malware analysis tools (e.g., Olly Debug, Ida Pro).
• Skill in analyzing anomalous code as malicious or benign.
• Knowledge of types and collection of persistent data and of basic concepts and practices of processing digital forensic data.
• Skill in analyzing memory dumps to extract information and in analyzing volatile data and identifying obfuscation techniques.
• Knowledge of forensic processes for seizing and preserving digital evidence (e.g., chain of custody).
• Skill in preserving evidence integrity according to standard operating procedures or national standards
• Knowledge of OT Sensors ( Nozomi, Dragos, Claroty )
• Knowledge of IEC 62443