OT Incident Response
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Role: OT Incident Response Location: Riyadh, Saudi Arabia Role Summary The OT SOC L3 Analyst is the senior technical authority within the OT SOC, responsible for advanced threat hunting, OT aware digital forensics and incident response (DFIR), detection engineering, and mentoring of L1/L2 analysts.
Key Skills for This Role
Full Job Posting
Role Summary
- The OT SOC L3 Analyst is the senior technical authority within the OT SOC, responsible for advanced threat hunting, OT aware digital forensics and incident response (DFIR), detection engineering, and mentoring of L1/L2 analysts.
- The role leads the response to complex and high-severity OT incidents, develops the SOC's OT detection capability, and serves as the escalation point and subject matter expert for industrial threat scenarios.
- The analyst translates OT threat intelligence into actionable detections and drives continuous improvement of the SOC's OT defenses.
- **Responsibilities**- Lead investigation and response for complex, high severity and suspected targeted attacks against OT/ICS environments.
- Perform proactive, hypothesis-driven threat hunting across OT networks and assets; design and run hunt campaigns.
- Conduct OT aware DFIR forensic acquisition and analysis of ICS hosts, engineering workstations, HMIs, controllers and network captures using methods that preserve process safety and evidence integrity.
- Design, build and tune detection content and correlation rules; own the detection engineering lifecycle for the OT SOC.
- Operationalize OT threat intelligence (e.g., threat groups such as ELECTRUM/Sandworm and XENOTIME; malware such as TRITON/TRISIS, Industroyer and PIPEDREAM) and map it to detections via MITRE ATT&CK for ICS.
- Define, document and continuously improve OT incident-response playbooks and runbooks.
- Serve as senior escalation point and mentor for L1/L2 analysts; provide technical coaching and quality review of investigations.
- Lead and support OT tabletop exercises and purple team / adversary-emulation activities.
- Advise on OT network architecture, segmentation and monitoring placement to close detection gaps.
- Produce executive and technical incident reports; brief stakeholders on root cause, impact and remediation.
- Support compliance, audit and regulatory reporting aligned to NCA OTCC-1:2022, ECC and ISA/IEC 62443, including incident-notification expectations to the NCA.
- **Qualifications**- Bachelor's degree in Cybersecurity, Computer/Electrical/Instrumentation Engineering or a related field (Master's a plus).
- 6–10+ years of cybersecurity experience, with a minimum of 4 years in OT/ICS security operations, DFIR or threat hunting.
- Deep expertise in OT protocols and ICS architectures (DCS, SCADA, PLC, SIS) and the Purdue model.
- Proven experience leading OT/ICS incident response and forensic investigations.
- Strong command of OT monitoring platforms (Nozomi, Claroty, Dragos, Tenable OT, Defender for IoT) and SIEM detection engineering (Splunk, QRadar, Sentinel).
- Advanced working knowledge of MITRE ATT&CK for ICS, NIST SP 800-82, ISA/IEC 62443 and NCA OTCC.
Preferred Certifications
- GRID, GCIP, GICSP, GCFA or GREM (GIAC) strongly preferred
- Vendor expert-level certifications (Dragos, Claroty, Nozomi).
- **Skills & Attributes**- Expert analytical, forensic and reverse-engineering / malware-analysis aptitude in an OT context.
- Strong leadership, mentoring and stakeholder-management skills.
- Sound judgment in balancing cybersecurity response against process safety and operational availability.
- Excellent written and verbal communication in English; Arabic strongly preferred for regulator and executive engagement.
- Available for on-call escalation and incident leadership outside normal hours.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Accenture Middle East
Cyber Defense Associate
Riyadh, KSA
Monitor security alerts from tools such as SIEM, antivirus, endpoint protection, firewall, and email security systems. Review and escalate suspicious activities, phishing emails...
Sales Capture Associate Director-Products
Qatar, QAT
Role Overview As a Sales Capture Associate Director within Accenture s Products Client Group, you will drive growth by originating, shaping, and closing large-scale transformati...
Sales Capture Associate Director-Resources
Qatar, QAT
Role Overview As a Sales Capture Associate Director within Accenture s Resources Client Group, you will originate, shape, and close large-scale transformation deals across the o...
Microsoft Purview Engieer
Riyadh, KSA
Design and implement auto-labeling policies in Microsoft Purview to automatically classify sensitive data based on content and context - Develop and fine-tune trainable classifiers to improve detection of business-specif
Identity Management Consultant - SME
Riyadh, KSA
Collaborate with clients to gather and analyze requirements for Identity Governance and Administration solutions. - Building polices, processes and frameworks related to identity and Access management (e.g. identity life
Cyber Defense Associate
Riyadh, KSA
Monitor security alerts from tools such as SIEM, antivirus, endpoint protection, firewall, and email security systems. - Review and escalate suspicious activities, phishing emails, malware alerts, and unauthorized access
Security Delivery Lead (SOC)
Jiddah, KSA
Transform your passion for security into impactful solutions! As a Security Delivery Lead, you will serve as a subject matter expert, collaborating with cross-functional teams to make critical decisions and manage the de
Sales Capture Associate Director-Resources
Doha, QAT
Role Overview As a Sales Capture Associate Director within Accenture’s Resources Client Group, you will originate, shape, and close large-scale transformation deals across the oil & gas industry in Qatar and the broader
Cyber Defense Associate
Riyadh, KSA
Sales Capture Associate Director-Products
Qatar, QAT
Sales Capture Associate Director-Resources
Qatar, QAT
Microsoft Purview Engieer
Riyadh, KSA
Identity Management Consultant - SME
Riyadh, KSA
Cyber Defense Associate
Riyadh, KSA
Security Delivery Lead (SOC)
Jiddah, KSA
Sales Capture Associate Director-Resources
Doha, QAT