Job Description
Roles & Responsibilities
Security Monitoring & Threat Detection • Administration, management, and Support deployment and tuning of OT security tools (Nozomi, Forescout).
Monitor OT/ICS environments using SIEM and OT security monitoring platforms
Detect, analyze, and respond to cyber threats targeting industrial control systems
Support and ensure micro segmentation strategies for OT network zones (Purdue Model alignment)
Collaborate with engineering teams to safely implement containment actions in live OT environments
Conduct threat hunting across industrial environments using network and log data
Handle and support incident response for OT cyber events with minimal operational disruption
Maintain OT asset visibility and network behavior baselines
Ensure compliance with IEC 62443, NIST ICS, and organizational security standards
Work with firewall, IDS/IPS, NAC, and segmentation technologies in OT networks
Detection Engineering & Use Case Management • Develop and tune OT-specific detection rules and correlation logic in SIEM platforms.
Align detection use cases with MITRE ATT&CK for ICS framework.
Reduce false positives and improve detection accuracy and coverage.
Periodically review and optimize alert thresholds and detection logic.
Support OT security architecture integrating SIEM, IDS/IPS, packet brokers, and segmentation tools.
Assist in onboarding log sources, parser development, and normalization of OT data.
Optimize dashboards, alerts, and reporting for operational visibility.
OT Network Visibility, Packet Analysis & Traffic Engineering • Operate packet brokers and TAP infrastructure to enable full OT network visibility.
Perform deep packet inspection of industrial protocols (Modbus, DNP3, OPC-UA, IEC 104, Ethernet/IP).
Analyze east-west and north-south traffic for suspicious activity and lateral movement.
Identify unauthorized communications and protocol anomalies.
Support network telemetry collection for OT environments.
Asset Visibility, Threat Hunting & Compliance Management • Maintain complete OT asset inventory and network topology visibility.
Identify unauthorized devices, rogue connections, and shadow OT assets.
Conduct proactive threat hunting using logs, network telemetry, and behavioral analytics.
Correlate threat intelligence with OT environment risks and vulnerabilities.
Ensure compliance with IEC 62443, NIST ICS, ISO standards, and internal security policies.
Support internal/external audits and provide security evidence for compliance reporting.
Contribute to risk assessments and OT security posture improvement initiatives.
Reporting & Stakeholder Management • Prepare and present OT security reports (incidents, risks, and trends)
Maintain dashboards for vulnerabilities, threats, and compliance status
Communicate critical incidents and risks to SOC, OT, and business stakeholders
Provide executive-level reporting on OT security posture and exposure
Track remediation status and SLA Tracking
Support audit and regulatory reporting requirements (IEC 62443, NIST ICS)
Desired Candidate Profile
Education and Certification Requirements • Bachelor’s degree in Cybersecurity, Information Security, Computer science or related field.
o GIAC Global Industrial Cyber Security Professional (GICSP)
o ISA/IEC 62443 Cybersecurity Certificate
o GIAC Response and Industrial Defense (GRID)
o ISA Certified Automation Cybersecurity Specialist (IACS)
Job Specific Technical Skills • OT/ICS systems (SCADA, DCS, PLC)
OT network architecture (Purdue Model, DMZ, segmentation)
Microsegmentation & Zero Trust for OT
Packet analysis & Deep Packet Inspection (DPI)
Packet brokers & TAP/SPAN technologies
SIEM & OT monitoring tools (Sentinel, Nozomi, Forcescout)
Incident response in OT environments
OT threat hunting & anomaly detection
Threat Detection & Analysis
Industrial firewalling & remote access security
OT vulnerability management & asset visibility
Compliance (IEC 62443, NIST ICS)