Senior OT ICS Cybersecurity Analyst

Job Description

The role involves conducting advanced investigations, managing incident response, strengthening detection capabilities, and supporting teams in mitigating cybersecurity risks within OT/ICS environments.

The Level 2 Analyst provides in-depth technical expertise, serves as an escalation point for Level 1 teams, and contributes to the continuous improvement of the OT SOC service.

Main Responsibilities

Advanced Incident Investigations

Conduct in-depth analyses of escalated OT/ICS incidents using logs, PCAPs, forensic tools, and behavioral analytics.

Lead containment, eradication, and recovery actions in coordination with technical teams.

Correlate multi-source data (SIEM, NIDS, EDR, firewall logs, OT tools) to identify attack patterns and determine root causes.

Manage high-criticality incidents while ensuring adherence to operational commitments

Threat Hunting & Detection Development

Develop and refine detection rules, hunting queries, correlations, and signatures tailored to OT environments.

Analyze cyber threat intelligence and emerging trends to propose new prevention measures.

Maintain and enhance incident response playbooks based on new attack scenarios.

Collaboration and Mentoring

Serve as an escalation point for Level 1 analysts and support their professional development.

Collaborate with OT technical teams, cybersecurity experts, and various operational stakeholders.

Contribute to the preparation and delivery of internal training.

Identify areas for improvement and propose operational enhancements.

Documentation & Reporting

Produce detailed investigation reports and post-incident analyses.

Write and maintain operational documentation (SOPs, lessons learned, guides).

Design and update dashboards, indicators, and reports for internal teams and clients.

Develop and maintain a comprehensive documentation database to ensure knowledge capitalization.

Required Skills:

Technical Skills

Mastery of OT security principles, industrial architectures, and protocols (e.g., Modbus, DNP3, OPC, Profinet).

Experience with SIEM (Sentinel, Splunk), OT/ICS platforms (e.g., Claroty, Nozomi), NIDS/IPS, EDR, and firewall technologies.

Expertise in log analysis, PCAP, and network and host forensics.

Understanding of cloud environments (Azure, AWS, GCP) and hybrid architectures.

Experience with vulnerability management tools.

Experience in SOCs and applying defense-in-depth strategies in OT environments.

Knowledge of writing SOPs, runbooks, playbooks, and monthly reports.

Soft Skills

Advanced analytical skills and effective management of situations under pressure.

Flexibility to work in a 24/7 operational environment.

Education & Experience

4 to 8+ years of experience in OT/ICS cybersecurity or industrial systems protection.

Degree in cybersecurity, computer science, engineering, or equivalent experience.

Professional proficiency in English.

Nice to Have

Certifications (e.g., IEC 62443, GICSP, CISSP, CompTIA Security+).

Automation skills (Python, APIs).

Data analysis skills (Power BI, Tableau).