Lead Consultant - Incident Response (CPX)
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Overview As a Principal Consultant – Incident Response, you live and breathe blue team operations. Your technical expertise in endpoint and network threat detection and defence is complemented by your integrity and passion for cyber security and technology in general.
Key Skills for This Role
Full Job Posting
Overview
As a Lead Incident Response – OT Cyber Security, you bring deep expertise in industrial control systems and a strong foundation in enterprise security to lead complex incident response engagements across OT and IT environments.
The role involves conducting threat hunting (across IT and OT), forensic investigations (across IT and OT), and industrial protocol analysis to support safe and effective incident containment and recovery, particularly within critical operational environments.
In addition, the role includes delivering technical reports and executive briefings, contributing to incident response playbooks, and supporting the continuous improvement of OT cybersecurity services.
Key Responsibilities :-
Act as the technical lead for IT and OT/ICS incident response engagements and support customers across industrial sectors (energy, utilities, manufacturing, oil & gas, transport).
Independently execute assigned tasks following an initial onboarding period, demonstrating accountability and technical ownership.
Conduct proactive threat hunting across IT and OT/ICS environments, including SCADA servers, historians, HMIs, and engineering workstations.
Perform host-based and network-based forensic investigations across OT and IT environments (Windows HMIs/EWS, Linux-based SCADA systems, enterprise endpoints).
Analyze industrial network traffic and protocols (e.g., Modbus, DNP3, EtherNet/IP, OPC-UA/DA, PROFINET, IEC 61850) to determine attack scope and root cause.
Lead and support digital forensic investigations (IT and OT), including evidence acquisition, artifact analysis, and timeline reconstruction for IT and OT environments.
Assess IT/OT segmentation, Purdue Model alignment, and DMZ configurations during incident scoping and post-incident reviews.
Coordinate with operations, engineering, and safety teams to implement containment and recovery actions without impacting critical physical processes.
Provide expert guidance on OT security hardening, ICS architecture improvements, and defensive control enhancements.
Contribute to OT incident response playbooks, procedures, and documentation, driving continuous service improvement.
Produce detailed technical reports and executive briefings, effectively communicating findings to both technical and non-technical stakeholders.
Demonstrate thought leadership through knowledge sharing, blog publication, and participation in industry forums.
Support on-call incident response activities, including cross-time-zone engagements.
Mentor junior team members and contribute to a collaborative, high-performance team culture.
Strong understanding of OT/ICS architectures and the Purdue Reference Model (Levels 0–4).
Strong understand of IT incident response life cycle.
Hands-on experience with industrial platforms, including PLCs (Siemens, Allen-Bradley, Schneider), HMIs, DCS, RTUs, and SCADA systems.
Deep knowledge of industrial communication protocols, including Modbus TCP/RTU, DNP3, IEC 61850/60870, EtherNet/IP, OPC-UA/DA, PROFINET, and BACnet.
Familiarity with Safety Instrumented Systems (SIS) and safety constraints during incident response operations.
Understanding of OT asset lifecycle challenges, including patching limitations, legacy systems, and operational constraints.
Technical Skills : -
Strong working knowledge of the MITRE ATT&CK for ICS framework.
Solid understanding of enterprise networking concepts, TCP/IP, and network architectures.
Proficiency in host-based forensics across Windows and Linux systems.
Working knowledge of Active Directory, authentication systems, and Windows event logging.
Experience with network analysis tools (e.g., Wireshark, Zeek, Suricata, RITA).
Ability to perform log analysis across SIEM platforms and OT security monitoring solutions (e.g., Claroty, Dragos, Nozomi, Tenable OT).
Basic understanding of malware analysis techniques, including both static and dynamic approaches, with exposure to OT-targeted malware.
Strong organizational and prioritization skills, with the ability to work independently in high-pressure environments.
Excellent technical report writing and communication skills, delivering both detailed analysis and executive-level summaries.
Skills And Certifications (Technical & Non-Technical) : -
GIAC Global Industrial Cyber Security Professional (GICSP) — primary OT certification requirement
GIAC Response and Industrial Defense (GRID) — highly desirable
CREST Registered Intrusion Analyst (CRIA) or equivalent — desirable
GIAC Certified in a minimum of one IT discipline: GCIH, GCFE, GCFA, GNFA, GCIA, GDAT, or equivalent
Any other certification with proven relevance to incident response and OT cybersecurity
Education : -
Bachelor’s degree in computer science or engineering is desirable but not mandatory
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at CPX
SOC Platform Engineer
Abu Dhabi Emirate, UAE
CPX is hiring a SOC Platform Engineer with at least 4 years of experience to manage Threat Intelligence Platforms and other SOC solutions. The role involves platform management, integration with SOC tools, automation dev
Associate Consultant – Cyber Consulting Services
Abu Dhabi Emirate, UAE
We are seeking an Associate Consultant to support Cyber Academy engagements including training, advisory, cyber exercises, and awareness. You will assist in developing training materials, conducting research, and support
Senior Specialist Threat Intelligence Analyst
Abu Dhabi, UAE
CPX is seeking a Lead Threat Intelligence Analyst to conduct all-source intelligence analysis, manage threat intelligence platforms, and produce high-quality assessments. The ideal candidate has 8+ years of experience in
Lead - Threat Intelligence
Abu Dhabi, UAE
CPX seeks a Lead Threat Intelligence Analyst to conduct all-source intelligence analysis, manage threat intelligence platforms, and produce high-quality intelligence products. The role requires strong analytical skills,
Junior Legal Counsel
Abu Dhabi, UAE
CPX is looking for a Junior Legal Counsel to provide legal advice on technology transactions, corporate governance, regulatory, compliance, and intellectual property matters. The role requires 1-3 years of PQE with compl
Specialist - HSE
Abu Dhabi, UAE
CPX seeks an experienced HSE Officer to ensure health, safety, and environmental governance during OT cybersecurity and critical infrastructure projects in substations and control centers. The role involves managing HSE
Lead Consultant - Client Success (CPX)
Abu Dhabi, UAE
CPX is hiring a Lead Consultant to serve as a trusted cybersecurity advisor and client success lead for managed security services clients. The role involves driving customer success, service governance, technical advisor
Lead Engineer - OT Cybersecurity
Abu Dhabi, UAE
CPX is seeking a Lead Engineer - OT Cybersecurity to implement OT cybersecurity solutions in utility environments and substations. The role involves hands-on deployment of cybersecurity technologies, infrastructure desig
SOC Platform Engineer
Abu Dhabi Emirate, UAE
Associate Consultant – Cyber Consulting Services
Abu Dhabi Emirate, UAE
Senior Specialist Threat Intelligence Analyst
Abu Dhabi, UAE
Lead - Threat Intelligence
Abu Dhabi, UAE
Junior Legal Counsel
Abu Dhabi, UAE
Specialist - HSE
Abu Dhabi, UAE
Lead Consultant - Client Success (CPX)
Abu Dhabi, UAE
Lead Engineer - OT Cybersecurity
Abu Dhabi, UAE