G42
A s a Lead Incident Response \u2013 OT Cyber Security, you bring deep expertise in industrial control systems and a strong foundation in enterprise security to lead complex incident response engagements across OT and IT environments. The role involves conducting threat hunting (across IT and OT), forensic investigations (across IT and OT), and industrial protocol analysis to support safe and effective incident containment and recovery, particularly within critical operational environments. In addition, the role includes delivering technical reports and executive briefings, contributing to incident response playbooks, and supporting the continuous improvement of OT cybersecurity services. Act as the technical lead for IT and OT/ICS incident response engagements and support customers across industrial sectors (energy, utilities, manufacturing, oil & gas, transport). Independently execute assigned tasks following an initial onboarding period, demonstrating accountability and technical ownership. Conduct proactive threat hunting across IT and OT/ICS environments, including SCADA servers, historians, HMIs, and engineering workstations. Perform host-based and network-based forensic investigations across OT and IT environments (Windows HMIs/EWS, Linux-based SCADA systems, enterprise endpoints). Analyze industrial network traffic and protocols (e.g., Modbus, DNP3, EtherNet/IP, OPC-UA/DA, PROFINET, IEC 61850) to determine attack scope and root cause. Lead and support digital forensic investigations (IT and OT), including evidence acquisition, artifact analysis, and timeline reconstruction for IT and OT environments. Assess IT/OT segmentation, Purdue Model alignment, and DMZ configurations during incident scoping and post-incident reviews. Coordinate with operations, engineering, and safety teams to implement containment and recovery actions without impacting critical physical processes. Provide expert guidance on OT security hardening, ICS architecture improvements, and defensive control enhancements. Contribute to OT incident response playbooks, procedures, and documentation, driving continuous service improvement. Produce detailed technical reports and executive briefings, effectively communicating findings to both technical and non-technical stakeholders. Demonstrate thought leadership through knowledge sharing, blog publication, and participation in industry forums. Support on-call incident response activities, including cross-time-zone engagements. Mentor junior team members and contribute to a collaborative, high-performance team culture. Strong understanding of OT/ICS architectures and the Purdue Reference Model (Levels 0\u20134). Strong understand of IT incident response life cycle. Hands-on experience with industrial platforms, including PLCs (Siemens, Allen-Bradley, Schneider), HMIs, DCS, RTUs, and SCADA systems. Deep knowledge of industrial communication protocols, including Modbus TCP/RTU, DNP3, IEC 61850/60870, EtherNet/IP, OPC-UA/DA, PROFINET, and BACnet. Familiarity with Safety Instrumented Systems (SIS) and safety constraints during incident response operations. Understanding of OT asset lifecycle challenges, including patching limitations, legacy systems, and operational constraints. Strong working knowledge of the MITRE ATT&CK for ICS framework. Solid understanding of enterprise networking concepts, TCP/IP, and network architectures. Proficiency in host-based forensics across Windows and Linux systems. Working knowledge of Active Directory, authentication systems, and Windows event logging. Experience with network analysis tools (e.g., Wireshark, Zeek, Suricata, RITA). Ability to perform log analysis across SIEM platforms and OT security monitoring solutions (e.g., Claroty, Dragos, Nozomi, Tenable OT). Basic understanding of malware analysis techniques, including both static and dynamic approaches, with exposure to OT-targeted malware. Strong organizational and prioritization skills, with the ability to work independently in high-pressure environments. Excellent technical report writing and communication skills, delivering both detailed analysis and executive-level summaries. Skills/Certifications (Technical & Non-Technical) : - GIAC Global Industrial Cyber Security Professional (GICSP) \u2014 primary OT certification requirement GIAC Response and Industrial Defense (GRID) \u2014 highly desirable CREST Registered Intrusion Analyst (CRIA) or equivalent \u2014 desirable GIAC Certified in a minimum of one IT discipline: GCIH, GCFE, GCFA, GNFA, GCIA, GDAT, or equivalent Any other certification with proven relevance to incident response and OT cybersecurity Bachelor\u2019s degree in computer science or engineering is desirable but not mandatory A s a Lead Incident Response \u2013 OT Cyber Security, you bring deep expertise in industrial control systems and a strong foundation in enterprise security to lead complex incident response engagements across OT and IT environments. The role involves co
GIAC Global Industrial Cyber Security Professional (GICSP) — primary OT certification requirement; GIAC Response and Industrial Defense (GRID) — highly desirable; CREST Registered Intrusion Analyst (CRIA) or equivalent — desirable; GIAC Certified in a minimum of one IT discipline: GCIH, GCFE, GCFA, GNFA, GCIA, GDAT, or equivalent; Any other certification with proven relevance to incident response and OT cybersecurity; Bachelor’s degree in computer science or engineering is desirable but not mandatory.
Lead and act as technical lead for IT and OT/ICS incident response engagements across industrial sectors (energy, utilities, manufacturing, oil & gas, transport). Conduct threat hunting across IT and OT, forensic investigations across IT and OT, and industrial protocol analysis to support containment and recovery in critical environments. Deliver technical reports and executive briefings, contribute to incident response playbooks, and drive continuous service improvement. Independently execute tasks after onboarding, coordinate with operations, engineering, and safety teams to implement containment and recovery actions without disrupting critical processes. Proactively hunt threats in IT/OT/ICS environments (SCADA servers, historians, HMIs, engineering workstations). Perform host-based and network-based forensics on Windows HMIs/EWS, Linux SCADA, and enterprise endpoints. Analyze industrial networks and protocols (Modbus, DNP3, EtherNet/IP, OPC-UA/DA, PROFINET, IEC 61850) to determine attack scope and root cause. Lead and support digital forensics investigations, including evidence acquisition, artifact analysis, and timeline reconstruction. Assess IT/OT segmentation, Purdue Model alignment, and DMZ configurations during scoping and post-incident reviews. Provide guidance on OT security hardening, ICS architecture improvements, and defensive controls. Contribute to OT incident response playbooks, procedures, and documentation. Produce detailed technical reports and executive summaries for technical and non-technical stakeholders. Share knowledge through blogs and industry forums; support on-call incident response across time zones; mentor junior team members and foster a collaborative, high-performance culture. Maintain strong understanding of OT/ICS architectures, Purdue Model Levels 0-4, and IT incident response lifecycle; hands-on experience with PLCs (Siemens, Allen-Bradley, Schneider), HMIs, DCS, RTUs, SCADA systems; deep knowledge of Modbus TCP/RTU, DNP3, IEC 61850/60870, EtherNet/IP, OPC-UA/DA, PROFINET, BACnet; familiarity with SIS and safety constraints; understanding of OT asset lifecycle challenges; strong networking, Windows/Linux forensics, Active Directory, SIEM tooling (Claroty, Dragos, Nozomi, Tenable OT); malware analysis basics with OT focus; ability to work independently in high-pressure environments; excellent technical writing and communication skills.
AED 8,000 – 15,000/mo