SOC OT ANALYST
Job details
Responsible for monitoring, analysing, and responding to OT security alerts triggered by QatarEnergy Cyber Defence Platforms and Threat intelligence feeds. Primary responsibilities include detecting anomalies and potential security threats within the OT environment. This involves filtering false positive alerts, determining if a critical OT system or data set has been impacted, providing technical analysis, recommending contamination and remediation measures, and escalating incidents to OT SMEs when deep technical analyses are required. The role will utilize a variety of OT/IT tools to analyse and investigate incidents and take immediate action or recommend a course of action to safeguard QatarEnergy OT environments. Minimum Requirements:
- Bachelor's degree in information security, computer science, or systems engineering.
- 5+ years of experience working in a large-scale OT environment with a focus on Information Security, and knowledge of Operational Technology.
- 1-3 years previous Security Operations Centre experience in conducting IT/OT security monitoring or investigations.
- Demonstrated ability to analyze, triage, and remediate security incidents with a strong understanding of security incident management and malware management processes.
- Good knowledge of OT, including multiple operating systems and system administration skills (Windows, Unix, SCADA).
- Good knowledge of SIEM, SOAR, FW, Sandboxing, VPNs, and enterprise-level cyber security products.
- Understanding of the latest IT/OT cyber security intrusions, attacks, hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques is a big plus.
- Good understanding of cloud, client-server applications, multi-tier web applications, and relational databases.
- Good awareness of IT/OT support processes, such as COBIT and ITIL.
- Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols and OT segmentations.
- Knowledge of IT/OT security best practices and concepts, including Vulnerability Assessment & Penetration Testing.
- Possession of industry certifications (GCIA, SANS, ICS2, EC-Council, or other relevant cyber security technical certifications).
- Good understanding of Windows logs, Linux logs, SCADA logs, and Firewall logs.
Apply safely
To stay safe in your job search, information on common scams and to get free expert advice, we recommend that you visit SAFERjobs, a non-profit, joint industry and law enforcement organization working to combat job scams.
