OT SOC Manager

Base Pay Range

$/yr - $/yr

At Jacobs, we are at the forefront of protecting critical infrastructure through innovative cybersecurity solutions. As part of our expansion in Operational Technology (OT) security, we are looking for a dynamic OT SOC Manager to lead the establishment and growth of a Security Operations Center focused on OT environments, including industrial control systems (ICS), SCADA, and other critical infrastructure. This remote role is available only for candidates in the United States and reports to the Manager of Managed Services.

The ideal candidate will bring hands‑on experience building OT SOC infrastructure from the ground up, with senior‑level expertise in networking and system administration. You will play a pivotal role in designing, implementing, and maturing our OT SOC to ensure proactive threat detection, rapid incident response, and compliance with industry standards such as NERC CIP, NIST, and IEC 62443.

In this role, you will drive the foundational build‑out of our OT SOC while managing ongoing operations.

• Lead the design, implementation, and optimization of OT SOC infrastructure, including selection and deployment of core tools such as SIEM (e.g., Elastic, Splunk, Microsoft Sentinel), SOAR platforms, EDR/XDR solutions, and threat intelligence feeds tailored to OT environments.
• Develop and maintain OT‑specific incident response playbooks, runbooks, and automation workflows to enable efficient triage, escalation, and resolution of security events in industrial control systems.
• Oversee the recruitment, training, mentoring, and performance management of SOC analysts (Tier 1‑3), fostering a high‑performing team capable of 24/7 monitoring and threat hunting in OT networks.
• Conduct risk assessments, vulnerability management, and threat modeling for OT assets, integrating findings into SOC processes to mitigate risks from industrial protocols (Modbus, DNP3, OPC, Profinet, Ether Net/IP, BACnet) and legacy systems.
• Collaborate with cross‑functional teams—including OT engineers, network administrators, and business units—to onboard assets, ensure data ingestion from OT sources, and align SOC operations with business objectives.
• Establish governance, escalation protocols, and reporting mechanisms, providing executive‑level updates on SOC metrics such as MTTD/MTTR, incident trends, and compliance status.
• Drive continuous improvement initiatives, including post‑incident reviews, tool integrations, and simulations/drills to enhance OT SOC resilience against evolving threats such as ransomware targeting critical infrastructure.
• Ensure adherence to regulatory requirements (NERC CIP, TSA guidelines) and industry best practices, while managing budget and resources for SOC scalability in a remote, distributed model.
• Work with the sales team to develop client value propositions that leverage the full capabilities of the OT SOC across the client delivery lifecycle.

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, Engineering, or a related field (or equivalent experience).
• 8+ years of experience in cybersecurity operations, with at least 5 years in SOC management or leadership roles, including direct experience building and scaling a SOC from inception.
• Proven expertise in OT/ICS cybersecurity, including in‑depth knowledge of industrial protocols such as Modbus, DNP3, OPC, Profinet, Ether Net/IP, and BACnet, as well as the Purdue Enterprise Reference Architecture (PERA) Model and IT/OT network segmentation strategies.
• Expertise in MITRE ATT&CK® and ATT&CK for CS Frameworks for threat modeling, adversary emulation, and mapping defensive coverage gaps in OT environments.
• Senior‑level knowledge of networking (TCP/IP, firewalls, switches, VLANs, routing protocols, IDS/IPS) and system administration (Windows/Linux servers, Active Directory, virtualization, patch management) as applied to secure OT infrastructures.
• Hands‑on experience with SOC technologies, including SIEM/SOAR deployment, endpoint detection, log analysis, and network traffic analysis in hybrid/cloud environments.
• Strong leadership skills with a track record of…