OT SOC Manager

OT SOC Manager

Join Jacobs to apply for the role of OT SOC Manager. This is a fully remote position based in the United States, reporting to the Manager of Managed Services and working closely with OT, Engineering and business unit leaders.

$/yr – $/yr (actual pay will be based on skills and experience)

At Jacobs, we’re protecting critical infrastructure through innovative cybersecurity solutions. As we expand our Operational Technology (OT) security capabilities, we need a dynamic OT SOC Manager to lead the establishment, growth, and ongoing operations of our OT Security Operations Center (SOC), focused on industrial control systems (ICS), SCADA, and other critical infrastructure.

• Lead the design, implementation and optimization of OT SOC infrastructure, including selection and deployment of core tools such as SIEM (Elastic, Splunk, Microsoft Sentinel), SOAR platforms, EDR/XDR solutions, and threat intelligence feeds tailored to OT environments.
• Develop and maintain OT‑specific incident response playbooks, runbooks, and automation workflows to enable efficient triage, escalation and resolution of security events in IMS/SCADA systems.
• Oversee the recruitment, training, mentoring and performance management of SOC analysts (Tier 1‑3), fostering a high‑performing team capable of 24/7 monitoring and threat hunting in OT networks.
• Conduct risk assessments, vulnerability management and threat modeling for OT assets, integrating findings into SOC processes to mitigate risks stemming from industrial protocols (Modbus, DNP3, OPC, Profinet, Ether Net/IP, BACnet) and legacy systems.
• Collaborate with cross‑functional teams—including OT engineers, network administrators and business units—to onboard assets, ensure data ingestion from OT sources, and align SOC operations with business objectives.
• Establish governance, escalation protocols and reporting mechanisms, providing executive‑level updates on SOC metrics such as MTTD/MTTR, incident trends and compliance status.
• Drive continuous improvement initiatives, including post‑incident reviews, tool integrations and simulations/drills to enhance OT SOC resilience against evolving threats such as ransomware targeting critical infrastructure.
• Ensure adherence to regulatory requirements (NERC CIP, TSA guidelines), industry best practices while managing budget and resources for SOC scalability in a remote, distributed model.
• Work with the sales team to develop client value propositions that leverage the full capabilities of the OT SOC across the client delivery lifecycle.

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, Engineering or related field (or equivalent experience).
• 8+ years of experience in cybersecurity operations, including at least 5 years in SOC management or leadership roles, with direct experience building and scaling a SOC from inception.
• Proven expertise in OT/ICS cybersecurity, including in‑depth knowledge of industrial protocols (Modbus, DNP3, OPC, Profinet, Ether Net/IP, BACnet) and the Purdue Enterprise Reference Architecture (PERA) model.
• Expertise in MITRE ATT&CK® and ATT&CK for ICS frameworks for threat modeling, adversary emulation and mapping defensive coverage gaps in OT environments.
• Senior‑level networking knowledge (TCP/IP, firewalls, switches, VLANs, routing protocols, IDS/IPS) and system administration (Windows/Linux servers, Active Directory, virtualization, patch management) as applied to secure OT infrastructures.
• Hands‑on experience with SOC technologies, including SIEM/SOAR deployment, endpoint detection, log analysis and network traffic analysis in hybrid/cloud environments.
• Strong leadership skills with a track record of managing remote, distributed teams and driving incident response in high‑stakes OT settings.
• Excellent communication and stakeholder management abilities, with experience presenting to C‑level executives and technical teams.
• Ability to obtain and maintain necessary security clearances or certifications for critical infrastructure roles.

• Advanced certifications such as CISSP, CISM, GICSP or GIAC…