SOC Engineer
Listed on 2026-07-08
-
IT/Tech
Cybersecurity, Network Security, Systems Engineer, Information Security
Security Monitoring & Threat Detection
Deployment and tuning of OT security tools (Nozomi, Forescout) for monitoring OT/ICS environments with SIEM and OT security monitoring platforms. Detect, analyze, and respond to cyber threats targeting industrial control systems.
Support and ensure microsegmentation strategies for OT network zones aligning with the Purdue Model. Collaborate with engineering teams to safely implement containment actions within live OT environments. Conduct threat hunting across industrial environments using network and log data.
Handle and support incident response for OT cyber events with minimal operational disruption. Maintain OT asset visibility and network behavior baselines. Ensure compliance with IEC 62443, NIST IC, and organizational security standards.
Detection Engineering & Use Case ManagementDevelop and tune OT-specific detection rules and correlation logic within SIEM platforms. Align detection use cases with MITRE ATT&CK for the Industrial Control Systems framework. Reduce false positives and improve detection accuracy and coverage.
Periodically review and optimize alert thresholds and detection logic. Support OT security architecture by integrating SIEM, IDS, IPS, packet brokers, and segmentation tools. Assist in onboarding log sources, parser development, and normalization of OT data. Optimize dashboards, alerts, and reporting for operational visibility.
OT Network Visibility, Packet Analysis, and Traffic EngineeringOperate packet brokers and TAP infrastructure to enable full OT network visibility. Perform deep packet inspection of industrial protocols (Modbus, DNP3, OPC-UA, IEC 104, Ethernet/IP). Analyze east-west and north-south traffic for suspicious activity and lateral movement.
Identify unauthorized communications and protocol anomalies. Support network telemetry collection for OT environments.
Asset Visibility, Threat Hunting, and Compliance ManagementMaintain complete OT asset inventory and network topology visibility. Identify unauthorized devices, rogue connections, and shadow OT assets. Conduct proactive threat hunting using logs, network telemetry, and behavioral analytics.
Correlate threat intelligence with OT environment risks and vulnerabilities. Ensure compliance with IEC 62443, NIST IC, ISO standards, and internal security policies. Support internal and external audits and provide security evidence for compliance reporting. Contribute to risk assessments and OT security posture improvement initiatives.
Reporting & Stakeholder ManagementPrepare and present OT security reports, incidents, risks, and trends. Maintain dashboards for vulnerabilities, threats, and compliance status. Communicate critical incidents and risks to SOC, OT, and business stakeholders. Provide executive-level reporting on OT security posture and exposure.
Track remediation status and SLA. Support audit and regulatory reporting requirements (IEC 62443, NIST IC).
Education and Certification Requirements- Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or related field.
- Certification any one mandatory:
- GIAC Global Industrial Cyber Security Professional (GICSP)
- ISA/IEC 62443 Cybersecurity Certificate
- GIAC Response and Industrial Defense (GRID)
- ISA Certified Automation Cybersecurity Specialist (IACS)
- OT/ICS systems (SCADA, DCS, PLC)
- OT network architecture (Purdue Model, DMZ, segmentation)
- Microsegmentation & Zero Trust for OT
- Packet analysis & Deep Packet Inspection (DPI)
- Packet brokers & TAP/SPAN technologies
- SIEM & OT monitoring tools (Sentinel, Nozomi, Forcescout)
- Incident response in OT environments
- OT threat hunting & anomaly detection
- Threat detection & analysis
- Industrial firewalling & remote access security
- OT vulnerability management & asset visibility
- Compliance (IEC 62443, NIST IC)
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).