OT Incident Response Lead

OT Incident Response Lead

Start Date: January 2026

About the Role

We are seeking an experienced OT Incident Response Lead to join the Cybersecurity Threat Management team. Reporting to the Sr. Manager of Threat Detection & Response, this role will lead threat detection, incident response, and threat hunting activities within Operational Technology (OT) environments, ensuring timely detection, containment, and remediation of cybersecurity incidents. This is a high‑impact, onsite role based in Hunt Valley, MD, working closely with IT, OT, and Cybersecurity teams.

Key Responsibilities

• Lead and execute cybersecurity incident response activities in OT environments
• Perform threat detection and proactive threat hunting across OT networks
• Analyze incidents and provide actionable recommendations to prevent recurrence
• Collaborate with Threat Detection teams to onboard and monitor critical OT log sources
• Develop and maintain OT incident response plans, playbooks, and documentation
• Partner with IT, OT, and Cybersecurity teams to improve response readiness
• Lead and participate in tabletop exercises and incident simulations
• Communicate technical incidents and business impact to non‑technical stakeholders

Key Skills

• ICS / SCADA / PLC / HMI Security
• SIEM Tools (Splunk, Microsoft Sentinel)
• Incident Response Playbooks & Runbooks
• Root Cause Analysis & Remediation
• Cross‑functional Collaboration (IT, OT, Cybersecurity)
• Executive & Stakeholder Communication

Required Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or related field
• (or equivalent hands‑on OT security experience)
• 6+ years of experience in OT incident response or threat hunting
• Strong experience securing OT environments and industrial protocols
• Ability to translate technical incidents into business risk

Preferred Certifications

• GICSP
• GFCA
• GNFA
• Other relevant OT or cybersecurity certifications

• Mid‑Senior level

• Full‑time