DTICI_CSOC_OT Security Specialist_T8

Key Tasks & Responsibilities: 

• Investigate and respond to OT/ICS security incidents from detection through containment, recovery, and closure under defined CSOC processes.

• Perform incident analysis to determine root cause, scope, severity, potential safety impact, and business impact.

• Support containment and remediation activities in coordination with OT engineering, plant operations, and network teams.

• Escalate complex or high‑severity OT incidents to L3 OT experts with structured analysis and evidence.

• Analyze OT security alerts and events using SIEM and OT‑specific monitoring platforms.

• Conduct focused threat hunting activities in OT environments based on known attack patterns, anomalies, and threat intelligence inputs.

• Review network traffic and protocol behavior across SCADA, DCS, and PLC environments to identify suspicious activity.

• Tune and refine OT detection rules and alerts to improve signal quality and reduce false positives.

• Support the development and maintenance of OT SOC playbooks, runbooks, and response procedures.

• Participate in post‑incident reviews and RCA sessions, contributing to corrective and preventive actions.

• Maintain accurate technical documentation for incidents, findings, and response actions.

• Work closely with CSOC Incident Managers, IT SOC, OT Engineering, Network, and external vendors during investigations and remediation.

• Provide guidance and knowledge sharing to L1 OT SOC analysts.

• Support audit, compliance, and regulatory activities related to OT security incidents when required.

Key Skills:

• Strong understanding of OT/ICS architectures, industrial network segmentation, and plant‑level security concepts.

• Working knowledge of ICS protocols such as Modbus, DNP3, IEC‑104, OPC, Profinet, and EtherNet/IP.

• Hands‑on experience with OT visibility and security platforms (e.g., SentinelOne, Nozomi, Claroty, Dragos, or equivalent).

• Experience using SIEM platforms (e.g., Microsoft Sentinel) for investigation and correlation of OT security events.

• Good understanding of network security controls, firewalls, secure remote access, and monitoring in OT environments.

• Familiarity with threat intelligence, malware analysis, and basic sandbox analysis for OT‑related threats.

• Working knowledge of ISA/IEC 62443, NIST SP 800‑82, NIST CSF, and MITRE ATT&CK for ICS.

• Ability to apply incident response frameworks in industrial and safety‑critical environments.

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or Engineering.

• 4 – 7 years of overall cybersecurity experience, with strong exposure to OT/ICS security operations.

• Experience supporting medium to high‑severity OT cyber incidents in industrial or large enterprise environments.

• Preferred certifications: 

  • GICSP / GCIA / GCIH or equivalent

  • ISA/IEC 62443 certifications

  • CISSP / CISM (preferred but not mandatory)

  • Microsoft Security certifications (SIEM / Defender ecosystem)