Cyber Security Consultant

About Capgemini

OT Cybersecurity Consultant – L2

Nozomi Networks, Industrial Defender, and Microsoft Sentinel

1. ICS And OT Managed Security Monitoring

• Deliver
• 8x5 managed cybersecurity monitoring services
• for ICS/OT environments.
• Monitor, analyze, and triage security events using

Nozomi Networks, Industrial Defender, and Microsoft Sentinel

• .
• Identify anomalous behaviors, unauthorized changes, baseline deviations, and potential cyber threats.
• Validate alerts, reduce false positives, and continuously tune and optimize alerting mechanisms.

Nozomi Networks

• Monitor OT network traffic, asset discovery, vulnerabilities, and behavioral anomalies.
• Analyze industrial protocol traffic including

Modbus, DNP3, Profinet, OPC-UA And DA

• , and others.
• Identify dominant cyber risks, unsafe commands, and abnormal process behaviors.

Industrial Defender

• Manage OT asset inventories, configuration baselines, vulnerability data, and compliance reporting.
• Detect unauthorized configuration or firmware changes across ICS assets.
• Support compliance initiatives aligned with

IEC 62443, NIST

Microsoft Sentinel

• Integrate OT security logs and alerts into

Microsoft Sentinel

• .
• Develop, tune, and optimize
• analytics rules, correlation logic, workbooks, and alert workflows
• .
• Correlate IT and OT telemetry to enhance threat detection and situational awareness.
• 3.
• Security Event Management & Use Case Development
• Design and implement custom OT security detection use cases.
• Develop advanced correlation scenarios using:
• Plant process data
• Network sensor telemetry
• Endpoint and anti-malware logs
• Policy, compliance, and vulnerability data
• IOC-based detections
• Fine-tune alert thresholds and baselines to improve detection accuracy and operational relevance.

4. Threat Intelligence & IOC Management

• Manage OT threat intelligence and IOC feeds using

STIX, SNORT, and YARA

• formats.
• Ingest and analyze advisories from

ICS-CERT, US-CERT, OEM vendors

• , and intelligence providers.
• Identify known malicious activity, rogue devices, suspicious accounts, and threat indicators in OT environments.

5. Vulnerability, Risk & Compliance Consulting

• Identify and classify critical ICS/OT assets and determine their cyber risk exposure.
• Monitor vulnerabilities across
• PLCs, RTUs, HMIs, servers, and OT network devices
• .
• Identify non-compliant assets, insecure configurations, and process deviations.
• Support remediation planning aligned with

Work Permit (Wp)

Management Of Change (Moc)

6. Asset, Log Source & Integration Management

• Onboard OT assets using:
• **Agentless methods**

(Nozomi Networks)

• **Agent-based methods**

(Industrial Defender)

• Decommission and retire obsolete assets from monitoring platforms.
• Onboard and normalize OT and IT log sources into Microsoft Sentinel.
• Enhance event parsing, detection logic, and rule libraries.
• Configure advanced monitoring such as
• process, registry, and socket-level monitoring
• .

7. ICS And OT Protocol & Process Security

• Monitor and analyze industrial communication protocols including:
• Modbus
• DNP3
• Profinet

• OPC-UA And OPC-DA

• Detect unsafe control commands, process manipulation risks, and industrial-specific attack patterns.
• Identify non-compliant operational processes and unauthorized control activities.

8. Incident Response, Investigation & Threat Hunting

• Perform continuous cyber monitoring and risk assessments.
• Handle and analyze:
• Up to
• 10 ICS/OT cybersecurity incidents
• , including root cause analysis
• Up to
• 15 investigation requests
• from Information Security teams
• Conduct proactive threat hunting and report a minimum of
• 5 significant OT risk findings
• .
• Collect forensic artifacts and support
• L3 teams
• during complex investigations.
• Escalate incidents with clear
• risk, impact, and remediation recommendations
• .

9. Reporting, Documentation & Stakeholder Support

• Produce operational, security, and compliance reports.
• Maintain accurate documentation to support:
• Compliance and audits

• Disaster Recovery (DR)

• SOPs and operational procedures
• Support internal and external stakeholders on OT cybersecurity posture and risk assessments.

Technical Skills

• Hands-on experience with

Nozomi Networks, Industrial Defender, and Microsoft Sentinel

• Strong knowledge of
• ICS/OT architecture
• , Purdue Model, and industrial control environments
• Experience in
• SIEM correlation, alert tuning, and detection use case development
• Solid understanding of
• ICS protocols, OT threat vectors, and vulnerability management
• Incident response and forensic analysis experience in OT environments

Soft Skills

• Strong consulting mindset with analytical and problem-solving abilities
• Ability to articulate complex OT security risks to both technical and non-technical stakeholders
• Comfortable working in
• 24x7 operational and escalated support environments

Experience

• **10–12 years**
• of cybersecurity experience
• **5+ years**
• in ICS/OT cybersecurity or industrial control environments

Preferred Certifications

• **GICSP**
• **IEC 62443 (Foundation / Practitioner)**
• **GCIA / GRID**
• **CISSP / CISM**
• **Microsoft Sentinel / SC-200**
• Why Capgemini is unique
• At Capgemini we don’t just believe in Diversity & Inclusion, we actively go out to making it a working reality.
• Driven by our core values and Active Inclusion Campaign, we build environments where you can bring you whole self to work.
• We aim to build an environment where employees can enjoy a positive work-life balance.
• Through our New Normal campaign, we are looking to embed hybrid working in all that we do and make flexible working arrangements the day-to-day reality for our people.