OT Incident Response
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Accenture Middle East is seeking an OT Incident Response specialist to serve as the senior technical authority within the OT SOC. The role involves advanced threat hunting, OT-aware digital forensics and incident response, detection engineering, and mentoring L1/L2 analysts.
Key Skills for This Role
Responsibilities
- Lead investigation and response for complex, high severity and suspected targeted attacks against OT/ICS environments.
- Perform proactive, hypothesis driven threat hunting across OT networks and assets; design and run hunt campaigns.
- Conduct OT aware DFIR forensic acquisition and analysis of ICS hosts, engineering workstations, HMIs, controllers and network captures.
- Design, build and tune detection content and correlation rules; own the detection engineering lifecycle for the OT SOC.
- Operationalize OT threat intelligence and map it to detections via MITRE ATT&CK for ICS.
- Define, document and continuously improve OT incident response playbooks and runbooks.
- Serve as senior escalation point and mentor for L1/L2 analysts; provide technical coaching and quality review.
- Lead and support OT tabletop exercises and purple team / adversary emulation activities.
- Advise on OT network architecture, segmentation and monitoring placement to close detection gaps.
- Produce executive and technical incident reports; brief stakeholders on root cause, impact and remediation.
Requirements
- Bachelor's degree in Cybersecurity, Computer/Electrical/Instrumentation Engineering or related field
- 6 10+ years of cybersecurity experience with minimum 4 years in OT/ICS security operations, DFIR or threat hunting
- Deep expertise in OT protocols and ICS architectures (DCS, SCADA, PLC, SIS) and the Purdue model
- Proven experience leading OT/ICS incident response and forensic investigations
- Strong command of OT monitoring platforms (Nozomi, Claroty, Dragos, Tenable OT, Defender for IoT) and SIEM detection engineering (Splunk, QRadar, Sentinel)
- Advanced working knowledge of MITRE ATT&CK for ICS, NIST SP 800 82, ISA/IEC 62443 and NCA OTCC
- Preferred certifications: GRID, GCIP, GICSP, GCFA or GREM (GIAC)
- Excellent written and verbal communication in English; Arabic strongly preferred
Full Job Posting
Role Summary
- The OT SOC L3 Analyst is the senior technical authority within the OT SOC, responsible for advanced threat hunting, OT aware digital forensics and incident response (DFIR), detection engineering, and mentoring of L1/L2 analysts.
Responsibilities
- Lead investigation and response for complex, high severity and suspected targeted attacks against OT/ICS environments.
- Perform proactive, hypothesis driven threat hunting across OT networks and assets; design and run hunt campaigns.
- Conduct OT aware DFIR forensic acquisition and analysis of ICS hosts, engineering workstations, HMIs, controllers and network captures using methods that preserve process safety and evidence integrity.
- Design, build and tune detection content and correlation rules; own the detection engineering lifecycle for the OT SOC.
- Operationalize OT threat intelligence (e.g., threat groups such as ELECTRUM/Sandworm and XENOTIME; malware such as TRITON/TRISIS, Industroyer and PIPEDREAM) and map it to detections via MITRE ATT&CK for ICS.
- Define, document and continuously improve OT incident response playbooks and runbooks.
- Serve as senior escalation point and mentor for L1/L2 analysts; provide technical coaching and quality review of investigations.
- Lead and support OT tabletop exercises and purple team / adversary emulation activities.
- Advise on OT network architecture, segmentation and monitoring placement to close detection gaps.
- Produce executive and technical incident reports; brief stakeholders on root cause, impact and remediation.
- Support compliance, audit and regulatory reporting aligned to NCA OTCC 1:2022, ECC and ISA/IEC 62443, including incident notification expectations to the NCA.
Qualifications
- Bachelor's degree in Cybersecurity, Computer/Electrical/Instrumentation Engineering or a related field (Master's a plus).
- 6–10+ years of cybersecurity experience, with a minimum of 4 years in OT/ICS security operations, DFIR or threat hunting.
- Deep expertise in OT protocols and ICS architectures (DCS, SCADA, PLC, SIS) and the Purdue model.
- Proven experience leading OT/ICS incident response and forensic investigations.
- Strong command of OT monitoring platforms (Nozomi, Claroty, Dragos, Tenable OT, Defender for IoT) and SIEM detection engineering (Splunk, QRadar, Sentinel).
- Advanced working knowledge of MITRE ATT&CK for ICS, NIST SP 800 82, ISA/IEC 62443 and NCA OTCC.
Preferred Certifications
- GRID, GCIP, GICSP, GCFA or GREM (GIAC) strongly preferred
- Vendor expert level certifications (Dragos, Claroty, Nozomi).
Skills & Attributes
- Expert analytical, forensic and reverse engineering / malware analysis aptitude in an OT context.
- Strong leadership, mentoring and stakeholder management skills.
- Sound judgment in balancing cybersecurity response against process safety and operational availability.
- Excellent written and verbal communication in English; Arabic strongly preferred for regulator and executive engagement.
- Available for on call escalation and incident leadership outside normal hours.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Accenture Middle East
Agentic DevOps Lead – Data & AI
Dubai, UAE
Accenture is seeking an experienced Agentic DevOps Lead to lead initiatives scaling Generative AI agentic solutions across cloud environments. The role involves architecting a reusable Agentic DevOps framework, managing
Cybersecurity Risk and Compliance Specialist
Riyadh, KSA
Accenture Middle East is seeking a Security Consulting Consultant in Riyadh to develop cybersecurity frameworks, policies, and risk management strategies. The role requires expertise in governance, risk management, compl
Finance - Enterprise Performance Management Manager
Saudi Arabia, KSA
As a Manager within CFO and Enterprise Value, you will be: Supporting our clients to achieve their strategic and operational goals, by introducing efficient ways of working and ...
Corporate Investigations Financial and Regulatory EMEA Lead
Abu Dhabi, UAE
Accenture seeks an Associate Director to lead financial and regulatory compliance investigations across EMEA. The role involves managing a team, conducting complex investigations, advising senior leadership, and liaising
Technology Strategy Manager
Riyadh, KSA
Drive technology strategy by solving complex business problems, managing teams, and identifying value opportunities while collaborating with clients and delivering insights.
Technology Strategy Manager
Riyadh, KSA
Accenture seeks a Technology Strategy Manager to drive technology business strategy, lead engagements, and identify value creation opportunities at the intersection of business and technology. Requires 5-8 years of exper
Finance Transformation Manager
Riyadh, KSA
Accenture Middle East is seeking a Finance Transformation Manager to join its CFO & Enterprise Value practice in Riyadh. The role involves leading finance transformation initiatives, including process reengineering, digi
Product New Associate
Qatar, QAT
THE WORK: Explore new horizons and embrace opportunities to build knowledge and support the team. You will participate in problem solving discussions that will shape innovative ...
Agentic DevOps Lead – Data & AI
Dubai, UAE
Cybersecurity Risk and Compliance Specialist
Riyadh, KSA
Finance - Enterprise Performance Management Manager
Saudi Arabia, KSA
Corporate Investigations Financial and Regulatory EMEA Lead
Abu Dhabi, UAE
Technology Strategy Manager
Riyadh, KSA
Technology Strategy Manager
Riyadh, KSA
Finance Transformation Manager
Riyadh, KSA
Product New Associate
Qatar, QAT
