OT Security Shift Lead

Job Title: OT Security Shift Lead

Location: Dallas TX 75202

Mode : Contract (6 Months)

Key Roles & Responsibilities

• Oversee SOC operations during assigned shifts ensuring efficient workflow proper escalation procedures adherence to SLAs and effective communication between analysts.
• Lead investigations and response to complex security incidents impacting OT systems networks and applications. This includes coordinating efforts with other teams and business units (e.g. Networking Architecture CIP Compliance).
• Perform in-depth analysis of security alerts and logs common in ICS/SCADA systems to identify indicators of compromise (IOCs).
• Make real-time decisions on incident severity containment strategies and escalation paths and actions taken by Tier 1 & 2 analysts for incidents.
• Evaluate and provide feedback on the performance of security technologies (e.g. SIEM SOAR IIDS/IPS) used in the SOC. Identify and oversee the optimization of detection rules to reduce false positives.
• Develop test and implement custom detection rules correlation searches baseline drift and use cases within the toolset to improve threat detection capabilities specifically tailored to OT protocols and environments.
• Proactively search for IOCs and misconfigurations within the OT environment using threat intelligence anomaly detection techniques and knowledge of attacker tactics techniques and procedures (TTPs) relevant to ICS/SCADA systems.
• Create maintain and refine incident response playbooks standard operating procedures (SOPs) and runbooks based on lessons learned from incidents threat intelligence and industry best practices.
• Ensure all actions findings and decisions made during incident handling are thoroughly documented in the SOCs ticketing system. Prepare clear and concise reports for management on security incidents and trends.
• Provide guidance training and mentorship to Tier 1 & 2 analysts on incident handling analysis techniques tools and OT security concepts.
• Participate in training sessions and simulations to stay current on cyber threats OT security best practices and monitoring tools.
• Stay current on NERC-CIP standards (specifically 2/3) NIST CSF Purdue Model for Industrial Control Systems ISO 27001 frameworks and other relevant OT security regulations.

Education Experience & Skill Requirements

• Bachelors Degree in Information Technology Computer Science Cybersecurity or a related field required. Masters degree preferred.
• Minimum of 5-7 years of experience in a cybersecurity-focused role; SOC experience strongly preferred.
• 3 years of direct experience working with Operational Technology (OT) / Industrial Control Systems (ICS) environments including hands-on knowledge of SCADA systems PLCs RTUs HMIs and industrial networks.
• Advanced certifications strongly desired. Examples include: CySA CEH OSCP GICSP CCNA Security or relevant OT security certifications (e.g. ISA/IEC 62443).
• Deep understanding of cybersecurity fundamentals such as networking protocols (TCP/IP UDP DNS) operating systems (Windows Linux) and security architecture principles.
• Strong knowledge of OT Protocols such as DNP3 Modbus IEC 104 OPC UA including packet analysis and understanding protocol vulnerabilities.
• Experienced with Security Technologies such as SIEM SOAR IIDS/IPS endpoint detection solutions network traffic analysis tools.
• Exceptional analytical mindset and attention to detail. Ability to analyze complex data sets identify patterns and draw meaningful conclusions.
• Excellent verbal and written communication skills to effectively communicate technical information to both technical and non-technical stakeholders. Ability to create clear and concise reports.
• Demonstrated ability to lead and mentor junior analysts.
• Ability to work in a 24/7 shift-based SOC environment including covering for teammates and occasional after-hours support.

Measures of Success

• Demonstrates leadership in handling complex security incidents and coordinating response efforts.
• Significant improvement in key performance indicators (e.g. reduction in mean time to detect (MTTD) mean time to respond (MTTR) false positive rate).
• Successful development and implementation of new detection rules and use cases that improve threat coverage.
• Ensures clientss timelines budgets and deliverable objectives are met.
• Ensures the DGM SOCs SLAs are met or exceeded.
• Works closely with multiple business units to improve cross-functional communication and efficiencies.
• Demonstrates skills in prioritization and multi-tasking and success in adapting to change in a fast-paced environment.
• Demonstrates ability to interface with internal and external business partners in a professional manner.