Apply now »

Job Title:  T&T | Cyber: D&R | Assistant Manager | OT Security Monitoring | Bengaluru

Job requisition ID ::  96717
Date:  Jan 21, 2026
Location:  Bengaluru
Designation:  Assistant Manager
Entity:  Deloitte Touche Tohmatsu India LLP

Job Title: Assistant Manager – OT SOC (Claroty, Nozomi & CrowdStrike)

Location: Preferably Bengaluru, Karnataka

Department: Operational Technology Security Operations Center (OT SOC)

Reports To: OT SOC Manager / Cybersecurity Lead

Job Summary:

We are looking for a proactive and technically skilled Assistant Manager to support OT SOC operations with a focus on threat detection, incident coordination, and endpoint security using Claroty, Nozomi, and CrowdStrike platforms. The role also involves handling and responding to client requirements, participating in weekly/monthly calls, and conducting training sessions. The ideal candidate will have 4+ years of experience in OT cybersecurity, with hands-on exposure to industrial network monitoring, alert triage, and incident response in manufacturing or critical infrastructure environments.


Key Responsibilities:

CrowdStrike Incident Management & Technical Support

  • Analyze CrowdStrike Falcon detections including behavioural indicators, custom IOAs, and threat intelligence feeds.
  • Investigate process trees, parent-child relationships, command-line arguments, registry modifications, and file system activity.
  • Identify and assess malicious behavior such as credential dumping, lateral movement, persistence mechanisms, and data exfiltration.
  • Use Real Time Response (RTR) to perform remote host investigations and remediation actions .
  • Block malicious file hashes and prevent execution across the environment using CrowdStrike’s hash blocking capabilities.
  • Troubleshoot sensor-related issues including:
  • Installation and uninstallation failures
  • Sensor upgrade errors and version mismatches
  • Devices stuck in Reduced Functionality Mode (RFM)
  • Tagging inconsistencies and policy misalignment
  • Assist in sensor deployment, reinstallation, and policy validation across OT and IT assets.
  • Perform inventory cleanup and ensure accurate asset visibility in the Falcon console.

Claroty & Nozomi Investigation & Analysis

  • Alert Triage & Investigation:
  • Monitor and triage alerts generated by Claroty and Nozomi platforms across OT environments.
  • Investigate alerts related to unauthorized communications, protocol violations, asset behavior anomalies, and policy breaches.
  • Analyze alert metadata including source/destination IPs, ports, protocols, and payloads to determine severity and impact.
  • Perform deep packet inspection using integrated tools or external utilities like Wireshark to analyze traffic patterns and validate alerts.
  • Decode industrial protocols (Modbus, DNP3, OPC, S7comm, etc.) to identify command misuse, unauthorized reads/writes, and suspicious control messages.
  • Capture and review PCAP files for forensic analysis and correlation with asset behavior.
  • Fine-tune detection rules and alert thresholds to reduce false positives and improve detection accuracy.
  • Customize use cases based on factory-specific protocols, asset types, and operational workflows.
  • Collaborate with platform vendors and internal teams for rule updates, feature enhancements, and troubleshooting.


Client Engagement & Proactive Support

  • Respond to client queries and requirements related to Claroty, Nozomi, and CrowdStrike platforms.
  • Participate in weekly/monthly client calls to provide updates, discuss incidents, and share insights.
  • Deliver cybersecurity awareness sessions and technical training to client stakeholders.
  • Maintain task trackers and follow-up logs to ensure accountability and timely closure of action items.


Qualifications:

  • Bachelor’s degree in Cybersecurity, Information Technology, or related field.
  • 4+ years of experience in OT/ICS cybersecurity or SOC operations.
  • Hands-on experience with Claroty, Nozomi, and CrowdStrike platforms.
  • Understanding of industrial protocols (Modbus, DNP3, OPC, etc.) and ICS/SCADA architectures.
  • Familiarity with SIEM tools, threat intelligence, and incident response processes.
  • Strong analytical, communication, and documentation skills.

 

Preferred Certifications:

  • GICSP, GRID, or equivalent OT security certifications.
  • Claroty, Nozomi, or CrowdStrike platform certifications (if available).

Apply now »