About Capgemini
Capgemini is a global business and technology transformation partner, helping organizations to accelerate their dual transition to a digital and sustainable world, while creating tangible impact for enterprises and society. It is a responsible and diverse group of 340,000 team members in more than 50 countries. With its strong over 55-year heritage, Capgemini is trusted by its clients to unlock the value of technology to address the entire breadth of their business needs. It delivers end-to-end services and solutions leveraging strengths from strategy and design to engineering, all fueled by its market leading capabilities in AI, cloud and data, combined with its deep industry.
Job Summary :-
The OT Cybersecurity Consultant – L2 is responsible for delivering advanced Industrial Control Systems (ICS) and Operational Technology (OT) cybersecurity monitoring, analysis, and incident response services for critical industrial environments. This role involves hands-on operation, optimization, and consulting across Nozomi Networks, Industrial Defender, and Microsoft Sentinel platforms.
Acting as a key technical escalation point between L1 analysts and L3 specialists, the consultant ensures secure, compliant, and resilient plant operations while supporting managed security services, threat detection, vulnerability management, and regulatory compliance across OT landscapes.
Key Responsibilities
1. ICS/OT Managed Security Monitoring
- Deliver 8x5 managed cybersecurity monitoring services for ICS/OT environments.
- Monitor, analyze, and triage security events using Nozomi Networks, Industrial Defender, and Microsoft Sentinel.
- Identify anomalous behaviors, unauthorized changes, baseline deviations, and potential cyber threats.
- Validate alerts, reduce false positives, and continuously tune and optimize alerting mechanisms.
2. OT Security Platform Consulting & Operations
Nozomi Networks
- Monitor OT network traffic, asset discovery, vulnerabilities, and behavioral anomalies.
- Analyze industrial protocol traffic including Modbus, DNP3, Profinet, OPC-UA/DA, and others.
- Identify dominant cyber risks, unsafe commands, and abnormal process behaviors.
Industrial Defender
- Manage OT asset inventories, configuration baselines, vulnerability data, and compliance reporting.
- Detect unauthorized configuration or firmware changes across ICS assets.
- Support compliance initiatives aligned with IEC 62443, NIST, and internal organizational standards.
Microsoft Sentinel
- Integrate OT security logs and alerts into Microsoft Sentinel.
- Develop, tune, and optimize analytics rules, correlation logic, workbooks, and alert workflows.
- Correlate IT and OT telemetry to enhance threat detection and situational awareness.
3. Security Event Management & Use Case Development
- Design and implement custom OT security detection use cases.
- Develop advanced correlation scenarios using:
- Plant process data
- Network sensor telemetry
- Endpoint and anti-malware logs
- Policy, compliance, and vulnerability data
- IOC-based detections
- Fine-tune alert thresholds and baselines to improve detection accuracy and operational relevance.
4. Threat Intelligence & IOC Management
- Manage OT threat intelligence and IOC feeds using STIX, SNORT, and YARA formats.
- Ingest and analyze advisories from ICS-CERT, US-CERT, OEM vendors, and intelligence providers.
- Identify known malicious activity, rogue devices, suspicious accounts, and threat indicators in OT environments.
5. Vulnerability, Risk & Compliance Consulting
- Identify and classify critical ICS/OT assets and determine their cyber risk exposure.
- Monitor vulnerabilities across PLCs, RTUs, HMIs, servers, and OT network devices.
- Identify non-compliant assets, insecure configurations, and process deviations.
- Support remediation planning aligned with Work Permit (WP) and Management of Change (MOC) processes.
6. Asset, Log Source & Integration Management
- Onboard OT assets using:
- Agentless methods (Nozomi Networks)
- Agent-based methods (Industrial Defender)
- Decommission and retire obsolete assets from monitoring platforms.
- Onboard and normalize OT and IT log sources into Microsoft Sentinel.
- Enhance event parsing, detection logic, and rule libraries.
- Configure advanced monitoring such as process, registry, and socket-level monitoring.
7. ICS/OT Protocol & Process Security
- Monitor and analyze industrial communication protocols including:
- Modbus
- DNP3
- Profinet
- OPC-UA / OPC-DA
- Detect unsafe control commands, process manipulation risks, and industrial-specific attack patterns.
- Identify non-compliant operational processes and unauthorized control activities.
8. Incident Response, Investigation & Threat Hunting
- Perform continuous cyber monitoring and risk assessments.
- Handle and analyze:
- Up to 10 ICS/OT cybersecurity incidents, including root cause analysis
- Up to 15 investigation requests from Information Security teams
- Conduct proactive threat hunting and report a minimum of 5 significant OT risk findings.
- Collect forensic artifacts and support L3 teams during complex investigations.
- Escalate incidents with clear risk, impact, and remediation recommendations.
9. Reporting, Documentation & Stakeholder Support
- Produce operational, security, and compliance reports.
- Maintain accurate documentation to support:
- Compliance and audits
- Disaster Recovery (DR)
- SOPs and operational procedures
- Support internal and external stakeholders on OT cybersecurity posture and risk assessments.
Required Skills & Qualifications
Technical Skills
- Hands-on experience with Nozomi Networks, Industrial Defender, and Microsoft Sentinel
- Strong knowledge of ICS/OT architecture, Purdue Model, and industrial control environments
- Experience in SIEM correlation, alert tuning, and detection use case development
- Solid understanding of ICS protocols, OT threat vectors, and vulnerability management
- Incident response and forensic analysis experience in OT environments
Soft Skills
- Strong consulting mindset with analytical and problem-solving abilities
- Ability to articulate complex OT security risks to both technical and non-technical stakeholders
- Comfortable working in 24x7 operational and escalated support environments
Experience :
- 10–12 years of cybersecurity experience
- 5+ years in ICS/OT cybersecurity or industrial control environments
Preferred Certifications
- GICSP
- IEC 62443 (Foundation / Practitioner)
- GCIA / GRID
- CISSP / CISM
- Microsoft Sentinel / SC-200
Why Capgemini is unique
At Capgemini we don’t just believe in Diversity & Inclusion, we actively go out to making it a working reality. Driven by our core values and Active Inclusion Campaign, we build environments where you can bring you whole self to work.
We aim to build an environment where employees can enjoy a positive work-life balance. Through our New Normal campaign, we are looking to embed hybrid working in all that we do and make flexible working arrangements the day-to-day reality for our people.
