Operational Technology Security Analyst
- United States
Atos is a global leader in digital transformation with 110,000 employees in 73 countries and annual revenue of € 12 billion. European number one in Cloud, Cybersecurity and High-Performance Computing, the Group provides end-to-end Orchestrated Hybrid Cloud, Big Data, Business Applications and Digital Workplace solutions. The Group is the Worldwide Information Technology Partner for the Olympic & Paralympic Games and operates under the brands Atos, Atos|Syntel, and Unify. Atos is a SE (Societas Europaea), listed on the CAC40 Paris stock index.
The purpose of Atos is to help design the future of the information space. Its expertise and services support the development of knowledge, education and research in a multicultural approach and contribute to the development of scientific and technological excellence. Across the world, the Group enables its customers and employees, and members of societies at large to live, work and develop sustainably, in a safe and secure information space.
Position Title -
Operational Technology (OT) Security Analyst
The Operational Technology (OT) security analyst should have the relevant capabilities and knowhow in order to act as an analyst within such an environment SOCs rightfully place a large focus on the people. To be able to respond to human threats requires human defenders. Well trained analysts can be expensive but are often extremely effective at identifying real issues instead of escalating false positives. In security operations there are three levels of analysts that are commonly referred to: Tier 1 analysts who search logs and process, alerts, and other categorized events to identify and escalate abnormalities. Tier 2 analysts are the incident responders who triage the events, analyze the accompanying activity, and apply appropriate mitigations. Tier 3 analysts are there to act as subject matter experts when deeper analysis is required; especially against new threats. Tier 3 analysts should also utilize their time to act as threat hunters when possible. This focus moves them away from identifying and analyzing escalated events and instead dedicates a portion of their time to developing methods and analytics to search out threats missed by the other defenses put in place.
In an ICS, it is important to identify personnel in the SOC that can spend time with the engineers and operations staff in the field. Likewise, it is important to have willing engineers and operators spend time in the SOC for appropriate training and temporary assignments. This can be a daunting task in organizations that constantly feel undermanned. However, one of the biggest problems in the ICS security community is the culture clash. When the security personnel and the operations personnel do not understand the value of each other, the pain points each has and the requirements for the overall business natural divides will occur that will lead to increased incident response time and self-inflicted issues that cause financial burden. For instance, tier 3 personnel should understand what they can provide field operators during outage/maintenance windows or change-freeze windows incurred due to weather events. An adversary cannot hope for a better security gap than a divide between teams responsible for infrastructure. In addition to having the right people, the ICS SOC will need the appropriate team structure. An ICS SOC should consider incorporating support roles into the SOC. This includes IT support staff to maintain any ICS SOC owned equipment, such as network IDS and firewalls. Such support capacities allow multifaceted support and flexible capabilities such as rapid signature deployment or other application needs.
- The Security analyst will be act as a member of the security operation center with specific responsibility for the Operational Technology (OT) cyber security.
- Provides cyber security incident management support within related governance and framework aligned with industry and corporate cybersecurity requirements.
- Responsible for supervising and mitigating security threats and leading incident investigations from TIER1 as a Triage analyst and TIER 2 as incident handler.
- Provides support and cooperate with cyber security audits and risk assessments.
- Works closely with BTBS, Reliability Compliance and engineering to share tools, align resources, and providesupport in alignment with the cybersecurity program.
- Develops and enhances the production OT cyber security and compliance program governance.
- Monitors OT cybersecurity threats and leads investigations.
- Reviews industry alerts and provides proper communication escalation
- Uses cyber monitoring tools daily to identify and investigate threats
- Leads investigations and ensures proper response to identified cyber events or incidents
- Leads, designs, and implements improvements in cybersecurity threat monitoring, attack response methods, and incident response plans.
- Actively participates on the corporate Cyber Security Task Team to align cybersecurity threat monitoring and incident response across the organization
- Ensures monitoring tools and alerts provide the necessary notification of potential threats
- First point of call for incidents that have occurred for Tier 1; Tier 2 validate the Incidents escalated by Tier 1 SOC Security Analysts; etc
- Perform first, second, third level of incident handling, and security monitoring and validation of physical security, IOT, and SCADA environments.
- Analyze, and communicate with stakeholders, the threats associated with every incident.
- Report findings and ensure incidents are escalated to the right persons
- Analyze network traffic to identify anomalous activity and potential threats to network resources.
- Bachelor's degree in a relevant technical or engineering discipline
- At least 2 years of experience as a System Specialist or related work experience in OT or IT cyber security, risk management, and/or compliance
- Knowledge and understanding of the OT world as related to diffrent components such as HMI, PLC etc
- Knowledge and understanding of tools used to protect insudtrail environemnt
- Understanding of the OT cybersecurity kill chain
- Experience using monitoring tools for protecting and defending against cyber intrusion, along with experience in cyber security incident response
- CISSP or other cyber security related certifications from SANS Institute, ISACA, CompTIA, etc. preferably oriented for ICS
- Strong interpersonal and communication skills with an ability to communicate with all levels
- Certification for relevant software programs in technical domain within the OT world
Knowledge of OT Protocols such:
- Otorio RAM2, Nozomi Guardian, and Forescout Silent Defense/CounterACT
- DNP 3
- Sinec H1
Here at Atos, we want all of our employees to feel valued, appreciated, and free to be who they are at work. Our employee lifecycle processes are designed to prevent discrimination against our people regardless of gender identity or expression, sexual orientation, religion, ethnicity, age, neurodiversity, disability status, citizenship, or any other aspect which makes them unique. Across the globe, we have created a variety of programs to embed our Atos culture of inclusivity, and work hard to ensure that all of our employees have an equal opportunity to contribute and feel that they are exactly where they belong.
Back to top