OT SOC Analyst (Full-time)

For an international organization, we are urgently looking for a Full Remote OT SOC Analyst.

We are looking for a contractor, who is able to work full-time in CET working hours. Candidates need to be fluent in English.

Tasks and Responsibilities:

• Conduct quality assurance oversight to ensure Tier 1 OT SOC operations maintain comprehensive coverage and do not overlook critical security issues;
• Collaborate across OT SOC tiers (Tier 1 and Tier 3) to manage the whitelisting of normal events, reducing false positives and improving operational efficiency;
• Correlate events across multiple systems and data sources to identify patterns, anomalies, and potential threats that may not be evident in isolated alerts;
• Lead cyber incidents end to end across all severities, performing incident assessment, triage, investigation, containment, eradication, recovery support, and closure documentation, in line with approved playbooks and NIST-aligned incident response standards;
• Escalate high severity and complex incidents to OT SOC Tier 3, supporting investigation strategy, containment decisions, and coordination with Tier 3 OT SOC, Global Engineering, IT Security teams, etc;
• Perform deep technical analysis of security incidents, including IACS, endpoint, identity, email, network, and cloud-based attacks;
• Oversee evidence collection and preservation, ensuring forensic integrity and compliance with procedures and standards;
• Coordinate and lead response activities across regions;
• Provide clear, concise, and audit-ready incident documentation, including timelines, executive summaries, and post-incident reports;

Interested in remote work opportunities in IT & Network Engineering? Discover IT & Network Engineering Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• Contribute to the continuous improvement of incident response processes, playbooks, and procedures, incorporating lessons learned from incidents, exercises, and post incident reviews;

OT Vulnerability Management

• Track, assess, and prioritize vulnerabilities based on operational risk and safety impact, ensuring critical issues receive timely attention;
• Coordinate remediation efforts by working closely with engineering and plant operations teams to implement patching or mitigation strategies without disrupting production;
• Maintain and update a centralized vulnerability database, providing clear visibility into remediation status and progress;
• Report regularly on vulnerability trends and remediation outcomes to management, ensuring accountability and continuous improvement in OT security posture;

Continuous Improvement

• Enhance OT SOC operations by strengthening log collection processes and advancing detection engineering capabilities to improve visibility and threat identification;
• Continuously refine detection rules and response playbooks based on post‑incident reviews and lessons learned, ensuring adaptive and resilient defense mechanisms;

Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

• Participate in proactive security assessments, including structured threat hunting activities, to identify emerging risks and improve detection coverage;
• Contribute to workforce development by supporting training initiatives and raising awareness of OT‑specific threats and vulnerabilities across SOC and plant operations teams;
• Drive a culture of continuous improvement by integrating feedback loops, performance metrics, and best practices into daily OT SOC operations;

Profile:

• Bachelor or Master degree;
• +5 years of experience and knowledge of OT protocols (Modbus, Profinet, OPC-UA) and other vendor protocols for industrial automation & control (IACS) systems;
• Familiarity with MITRE ATT&CK ICS matrix;
• Knowledge of OT-specific standards such as IEC-62443, NIS2, NIST CSF, etc;
• Experience with SIEM, IDS/IPS, ServiceNow, and OT monitoring platforms;
• Familiarity with vulnerability scanning tools adapted for OT environments (e.g., Claroty, Dragos, Nozomi Networks, etc);
• Strong analytical skills for incident investigation and vulnerability prioritization;
• Certifications such as SANS GICSP/GRID, or ISA Cybersecurity credentials;
• Fluent in English;