OT SOC Level 2 Analyst

As an OT SOC Level 2 Analyst at HCLTech, you will play a critical role in safeguarding operational technology (OT) environments by providing advanced security monitoring, incident response, and continuous improvement of OT Security Operations Center (SOC) processes. Acting as a key escalation point and mentor for Level 1 analysts, you will leverage cutting‑edge security platforms to detect, investigate, and respond to complex OT threats, ensuring the safety, reliability, and resilience of industrial systems central to our clients’ operations.

• Perform advanced triage and investigation of OT security alerts, primarily utilizing Nozomi Networks and Microsoft Sentinel.
• Analyze alerts in the context of asset criticality, industrial processes, site topology, and ongoing maintenance activities.
• Determine the scope, root cause, and potential operational and safety impacts of incidents.
• Lead and coordinate OT incident response efforts in collaboration with SOC teams, OT engineers, and IT security counterparts.
• Escalate confirmed or high‑risk incidents following established SOC and OT response procedures.
• Correlate OT alerts with IT, network, and security telemetry within Microsoft Sentinel to identify complex attack scenarios.
• Develop, refine, and tune OT‑specific detection use cases and alert logic to enhance signal quality and minimize false positives.
• Contribute to the creation and enhancement of SOC playbooks, runbooks, SOPs, and investigation guides.
• Support post‑incident reviews and integrate lessons learned into procedures and detection mechanisms.
• Mentor and support Level 1 OT SOC analysts, providing training on OT threats, Nozomi alert interpretation, and investigation best practices.
• Foster continuous improvement of OT SOC processes, reporting, and operational maturity.

• 3–6 years of experience in SOC, incident response, or cybersecurity operations, with at least 2 years in OT/ICS security monitoring.
• Proficient with Nozomi Networks for OT alert triage, investigation, and anomaly analysis.
• Hands‑on experience with Microsoft Sentinel SIEM, Logic Apps, and M365 security tools.
• Deep understanding of OT/ICS architectures (e.g., Purdue Model, zones and conduits, network segmentation).
• Familiarity with key industrial protocols such as Modbus, DNP3, OPC, Profinet, Ether Net/IP, or IEC 60870‑5‑104.
• Strong networking background (TCP/IP, routing, switching) and experience correlating OT alerts with firewall, VPN, and remote‑access logs.
• Knowledge of OT threat scenarios and MITRE ATT&CK for IC‑S concepts.
• Excellent documentation skills to record investigations and response actions.

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent practical experience).
• Experience working in a 24x7 SOC environment with rotational shifts, including weekends and holidays.
• Willingness to follow the Hybrid Policy and report to the office as required.
• Relevant certifications are an advantage (e.g., GICSP, GCIH, GCIA, CISSP, Security+, IEC 62443 training).

• Strong analytical and problem‑solving abilities, with a keen attention to detail.
• Ability to prioritize cybersecurity response while ensuring OT safety, operational continuity, and system availability.
• Effective communicator with the ability to convey technical information to both technical and non‑technical stakeholders.
• Demonstrated experience in mentoring junior analysts and fostering team knowledge sharing.
• Composure and structured thinking during high‑severity incidents.

• Life insurance
• Private medical care
• Multi Sport Card
• Subsidy for glasses
• Subsidy to language courses
• Christmas and holiday bonuses