Senior OT Security Shift

Job Description Responsibilities

• Oversee SOC operations during assigned shifts, ensuring efficient workflow, proper escalation procedures, adherence to SLAs, and effective communication between analysts.
• Lead investigations and response to complex security incidents impacting OT systems, networks, and applications.
• This includes coordinating efforts with other teams and business units (e.g. Networking, Architecture, CIP Compliance).
• Perform in-depth analysis of security alerts and logs common in ICs/SCADA systems to identify indicators of compromise (IOCs).
• Make real‑time decisions on incident severity, containment strategies, and escalation paths along with actions taken by Tier 1 & 2 analysts for incidents.
• Evaluate and provide feedback on the performance of security technologies (e.g. SIEM, SOAR, IIDS/IPS) used in the SOC.
• Identify and oversee the optimization of detection rules to reduce false positives.
• Develop, test, and implement custom detection rules, correlation searches, baseline drift and use cases within the toolset to improve threat detection capabilities specifically tailored to OT protocols and environments.
• Proactively search for IOCs and misconfigurations within the OT environment using threat intelligence, anomaly detection techniques, and knowledge of attacker tactics, techniques, and procedures (TTPs) relevant to ICs/SCADA systems.
• Create, maintain, and refine incident response playbooks, standard operating procedures (SOPs), and runbooks based on lessons learned from incidents, threat intelligence, and industry best practices.
• Ensure all actions, findings, and decisions made during incident handling are thoroughly documented in the SOC’s ticketing system.
• Prepare clear and concise reports for management on security incidents and trends.
• Provide guidance, training, and mentorship to Tier 1 & 2 analysts on incident handling, analysis techniques, tools, and OT security concepts.
• Participate in training sessions and simulations to stay current on cyber threats, OT security best practices, and monitoring tools.
• Stay current on NERC‑CIP standards (specifically 2/3), NIST CSF, Client Model for Industrial Control Systems, ISO 27001 frameworks, and other relevant OT security regulations.

• Bachelor’s Degree in Information Technology, Computer Science, Cybersecurity, or a related field required. Master’s degree preferred.
• Minimum of 5–7 years of experience in a cybersecurity‑focused role; SOC experience strongly preferred.
• 3+ years of direct experience working with Operational Technology (OT)/Industrial Control Systems (ICS) environments – including hands‑on knowledge of SCADA systems, PLCs, RTUs, HMIs, and industrial networks.
• Advanced certifications strongly desired.
• Examples include:
  CySA+, CEH, OSCP, GICSP, CCNA Security, or relevant OT security certifications (e.g., ISA/IEC 62443).
• Deep understanding of cybersecurity fundamentals such as networking protocols (TCP/IP, UDP, DNS), operating systems (Windows, Linux), and security architecture principles.
• Strong knowledge of OT Protocols such as DNP3, Modbus, IEC 104, OPC UA, including packet analysis and understanding protocol vulnerabilities.
• Experienced with Security Technologies such as SIEM, SOAR, IIDS/IPS, endpoint detection solutions, and network traffic analysis tools.
• Exceptional analytical mindset and attention to detail.
• Ability to analyze complex data sets, identify patterns, and draw meaningful conclusions.
• Excellent verbal and written communication skills to effectively communicate technical information to both technical and non‑technical stakeholders.
• Ability to create clear and concise reports.
• Demonstrated ability to lead and mentor junior analysts.
• Ability to work in a 24/7 shift‑based SOC environment.

• Demonstrates leadership in handling complex security incidents and coordinating response efforts.
• Significant improvement in key performance indicators (e.g., reduction in mean time to detect (MTTD), mean time to respond (MTTR), false positives).
• Successful development and implementation of new detection rules and use cases that improve threat coverage.
• Ensures clients’ timelines, budgets, and deliverable objectives are met.
• Ensures the DGM SOC’s SLAs are met or exceeded.
• Works closely with multiple business units to improve cross‑functional communication and efficiencies.
• Demonstrates skills in prioritization and multitasking, and success in adapting to change in a fast‑paced environment.
• Demonstrates ability to interface with internal and external business partners professionally.