GMS-Senior-OT Analyst

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

EY-Cyber Security-CMS TDR – Senior OT Analyst

The OT Security Analyst role encompasses the proactive and reactive measures to secure OT environments, including detection, investigation and response to security incidents and recommending prevent controls, maintenance of system integrity across industrial control systems (ICS) and SCADA infrastructures. The job involves setting up necessary security and monitoring controls, forensic investigation process and workflows, and data protocols, demanding a thorough grasp of the unique cyber risks associated with OT systems. The analyst's core duties focus on the comprehensive protection of critical infrastructure systems and require strong technical skills, analytical thinking, and specialized knowledge of OT cybersecurity challenges.

The opportunity

• We’re looking for Senior consultant with expertise in OT/IOT security solutions. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering.
  • The role requires an analyst proficient in Pcap analysis for identifying suspicious activities within network traffic, including logon attempts and file transfers, and determining their success based on pcap verification. A comprehensive understanding of both OT and IT traffic is essential for tracing threats or deviations related to OT assets.
  • As for tool-specific skills, the candidate should possess strong knowledge of Microsoft products, such as MS Sentinel and MS Defender for IoT. Proficiency in writing KQL queries for log analysis and searches within Sentinel is also necessary. This expertise will enable the pinpointing of specific activities and anomalies observed in D4IOT alerts.

Your key responsibilities

• Monitor OT security incidents and alerts, identify any unusual or suspicious activity, security breaches, or indicators of compromise.
• Perform thorough security incident investigations, including the analysis of network traffic, logs, and system configurations to determine the root cause and scope of security incidents.
• Develop, implement, and manage security monitoring tools and controls to improve visibility and response capabilities within the OT environment.
• Initiate incident response protocols, effectively containing and resolving security incidents, coordinating with different vendors and teams as needed.
• Conduct regular security assessments and use cases validations to assure evolving threat coverage and remediation controls in OT systems.
• Collaborate closely with IT security counterparts to ensure a cohesive security posture across both IT and OT domains.
• Design and maintain incident response plans and recovery procedures specific to OT incidents.
• Document all security incidents comprehensively, providing detailed analysis and subsequent recommendations to prevent future occurrences.
• Stay abreast of the latest OT cybersecurity trends, threat intelligence, and best practices.
• Develop and deliver OT cybersecurity awareness training programs for operational staff.

Skills and attributes for success

• Strong knowledge of industrial control systems (ICS), SCADA systems, and other OT technologies.
• Proficiency with OT and IT cybersecurity principles, frameworks, and standards (e.g., NIST, IEC 62443).
• Experience with network security solutions, including firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).
• Familiarity with forensic analysis tools and techniques in an OT context.
• Understanding of risk management methodologies and the ability to conduct OT security risk assessments.
• Analytical skills to screen through data and logs to identify the patterns indicative of cyber threats or threat actor methods.
• Effective communication skills for interfacing with technical and non-technical colleagues and stakeholders (OT site coordinator tend be less technical).

• Problem-solving attitude, with the ability to manage incidents under pressure (OT infra is generally noise, need to stay focussed and capable of handling large volume of alert and logs).
• Prevailing knowledge of OT-specific malware, tactics, techniques, and procedures used by threat actors.
• Relevant certifications are desirable.

What working at EY offers

At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.