For an international organization, we are urgently looking for a Full Remote OT SOC Analyst.
We are looking for a contractor, who is able to work full-time in CET working hours. Candidates need to be fluent in English.
Tasks and Responsibilities:
- Conduct quality assurance oversight to ensure Tier 1 OT SOC operations maintain comprehensive coverage and do not overlook critical security issues;
- Collaborate across OT SOC tiers (Tier 1 and Tier 3) to manage the whitelisting of normal events, reducing false positives and improving operational efficiency;
- Correlate events across multiple systems and data sources to identify patterns, anomalies, and potential threats that may not be evident in isolated alerts;
- Lead cyber incidents end to end across all severities, performing incident assessment, triage, investigation, containment, eradication, recovery support, and closure documentation, in line with approved playbooks and NIST-aligned incident response standards;
- Escalate high severity and complex incidents to OT SOC Tier 3, supporting investigation strategy, containment decisions, and coordination with Tier 3 OT SOC, Global Engineering, IT Security teams, etc;
- Perform deep technical analysis of security incidents, including IACS, endpoint, identity, email, network, and cloud-based attacks;
- Oversee evidence collection and preservation, ensuring forensic integrity and compliance with procedures and standards;
- Coordinate and lead response activities across regions;
- Provide clear, concise, and audit-ready incident documentation, including timelines, executive summaries, and post-incident reports;
- Contribute to the continuous improvement of incident response processes, playbooks, and procedures, incorporating lessons learned from incidents, exercises, and post incident reviews;
OT Vulnerability Management
- Track, assess, and prioritize vulnerabilities based on operational risk and safety impact, ensuring critical issues receive timely attention;
- Coordinate remediation efforts by working closely with engineering and plant operations teams to implement patching or mitigation strategies without disrupting production;
- Maintain and update a centralized vulnerability database, providing clear visibility into remediation status and progress;
- Report regularly on vulnerability trends and remediation outcomes to management, ensuring accountability and continuous improvement in OT security posture;
Continuous Improvement
- Enhance OT SOC operations by strengthening log collection processes and advancing detection engineering capabilities to improve visibility and threat identification;
- Continuously refine detection rules and response playbooks based on post‑incident reviews and lessons learned, ensuring adaptive and resilient defense mechanisms;
- Participate in proactive security assessments, including structured threat hunting activities, to identify emerging risks and improve detection coverage;
- Contribute to workforce development by supporting training initiatives and raising awareness of OT‑specific threats and vulnerabilities across SOC and plant operations teams;
- Drive a culture of continuous improvement by integrating feedback loops, performance metrics, and best practices into daily OT SOC operations;
Profile:
- Bachelor or Master degree;
- +5 years of experience and knowledge of OT protocols (Modbus, Profinet, OPC-UA) and other vendor protocols for industrial automation & control (IACS) systems;
- Familiarity with MITRE ATT&CK ICS matrix;
- Knowledge of OT-specific standards such as IEC-62443, NIS2, NIST CSF, etc;
- Experience with SIEM, IDS/IPS, ServiceNow, and OT monitoring platforms;
- Familiarity with vulnerability scanning tools adapted for OT environments (e.g., Claroty, Dragos, Nozomi Networks, etc);
- Strong analytical skills for incident investigation and vulnerability prioritization;
- Certifications such as SANS GICSP/GRID, or ISA Cybersecurity credentials;
- Fluent in English;
