Job Description

Overview

As a Lead Incident Response – OT Cyber Security, you bring deep expertise in industrial control systems and a strong foundation in enterprise security to lead complex incident response engagements across OT and IT environments.

The role involves conducting threat hunting (across IT and OT), forensic investigations (across IT and OT), and industrial protocol analysis to support safe and effective incident containment and recovery, particularly within critical operational environments.

In addition, the role includes delivering technical reports and executive briefings, contributing to incident response playbooks, and supporting the continuous improvement of OT cybersecurity services.

Responsibilities

Key Responsibilities :-

Act as the technical lead for IT and OT/ICS incident response engagements and support customers across industrial sectors (energy, utilities, manufacturing, oil & gas, transport).

Independently execute assigned tasks following an initial onboarding period, demonstrating accountability and technical ownership.

Conduct proactive threat hunting across IT and OT/ICS environments, including SCADA servers, historians, HMIs, and engineering workstations.

Perform host-based and network-based forensic investigations across OT and IT environments (Windows HMIs/EWS, Linux-based SCADA systems, enterprise endpoints).

Analyze industrial network traffic and protocols (e.g., Modbus, DNP3, EtherNet/IP, OPC-UA/DA, PROFINET, IEC 61850) to determine attack scope and root cause.

Lead and support digital forensic investigations (IT and OT), including evidence acquisition, artifact analysis, and timeline reconstruction for IT and OT environments.

Assess IT/OT segmentation, Purdue Model alignment, and DMZ configurations during incident scoping and post-incident reviews.

Coordinate with operations, engineering, and safety teams to implement containment and recovery actions without impacting critical physical processes.

Provide expert guidance on OT security hardening, ICS architecture improvements, and defensive control enhancements.

Contribute to OT incident response playbooks, procedures, and documentation, driving continuous service improvement.

Produce detailed technical reports and executive briefings, effectively communicating findings to both technical and non-technical stakeholders.

Demonstrate thought leadership through knowledge sharing, blog publication, and participation in industry forums.

Support on-call incident response activities, including cross-time-zone engagements.

Mentor junior team members and contribute to a collaborative, high-performance team culture.

Strong understanding of OT/ICS architectures and the Purdue Reference Model (Levels 0–4).

Strong understand of IT incident response life cycle.

Hands-on experience with industrial platforms, including PLCs (Siemens, Allen-Bradley, Schneider), HMIs, DCS, RTUs, and SCADA systems.

Deep knowledge of industrial communication protocols, including Modbus TCP/RTU, DNP3, IEC 61850/60870, EtherNet/IP, OPC-UA/DA, PROFINET, and BACnet.

Familiarity with Safety Instrumented Systems (SIS) and safety constraints during incident response operations.

Understanding of OT asset lifecycle challenges, including patching limitations, legacy systems, and operational constraints.

Technical Skills : -

Strong working knowledge of the MITRE ATT&CK for ICS framework.

Solid understanding of enterprise networking concepts, TCP/IP, and network architectures.

Proficiency in host-based forensics across Windows and Linux systems.

Working knowledge of Active Directory, authentication systems, and Windows event logging.

Experience with network analysis tools (e.g., Wireshark, Zeek, Suricata, RITA).

Ability to perform log analysis across SIEM platforms and OT security monitoring solutions (e.g., Claroty, Dragos, Nozomi, Tenable OT).

Basic understanding of malware analysis techniques, including both static and dynamic approaches, with exposure to OT-targeted malware.

Strong organizational and prioritization skills, with the ability to work independently in high-pressure environments.

Excellent technical report writing and communication skills, delivering both detailed analysis and executive-level summaries.

Qualifications

Skills/Certifications (Technical & Non-Technical) : -

GIAC Global Industrial Cyber Security Professional (GICSP) — primary OT certification requirement

GIAC Response and Industrial Defense (GRID) — highly desirable

CREST Registered Intrusion Analyst (CRIA) or equivalent — desirable

GIAC Certified in a minimum of one IT discipline: GCIH, GCFE, GCFA, GNFA, GCIA, GDAT, or equivalent

Any other certification with proven relevance to incident response and OT cybersecurity

Minimum Work Experience : -

8 Years

Education : -

Bachelor’s degree in computer science or engineering is desirable but not mandatory


Job Details

Role Level: Not Applicable Work Type: Full-Time
Country: United Arab Emirates City: Abu Dhabi
Company Website: https://cpx.net/ Job Function: Cybersecurity
Company Industry/
Sector:
Other

What We Offer


About the Company

Searching, interviewing and hiring are all part of the professional life. The TALENTMATE Portal idea is to fill and help professionals doing one of them by bringing together the requisites under One Roof. Whether you're hunting for your Next Job Opportunity or Looking for Potential Employers, we're here to lend you a Helping Hand.

Report

Disclaimer: talentmate.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@talentmate.com.


Recent Jobs
View More Jobs
Talentmate Instagram Talentmate Facebook Talentmate YouTube Talentmate LinkedIn