OT Security Shift Lead

Dallas, IA - USA

Monthly Salary: Not Disclosed

Posted on: 2 hours ago

Vacancies: 1 Vacancy

Job Summary

Job Title: OT Security Shift Lead

Location: Dallas TX

Key Roles & Responsibilities

Oversee SOC operations during assigned shifts ensuring efficient workflow proper escalation procedures adherence to SLAs and effective communication between analysts.
Lead investigations and response to complex security incidents impacting OT systems networks and applications. This includes coordinating efforts with other teams and business units (e.g. Networking Architecture CIP Compliance).
Perform in-depth analysis of security alerts and logs common in ICS/SCADA systems to identify indicators of compromise (IOCs).
Make real-time decisions on incident severity containment strategies and escalation paths and actions taken by Tier 1 & 2 analysts for incidents.
Evaluate and provide feedback on the performance of security technologies (e.g. SIEM SOAR IIDS/IPS) used in the SOC. Identify and oversee the optimization of detection rules to reduce false positives.
Develop test and implement custom detection rules correlation searches baseline drift and use cases within the toolset to improve threat detection capabilities specifically tailored to OT protocols and environments.
Proactively search for IOCs and misconfigurations within the OT environment using threat intelligence anomaly detection techniques and knowledge of attacker tactics techniques and procedures (TTPs) relevant to ICS/SCADA systems.
Create maintain and refine incident response playbooks standard operating procedures (SOPs) and runbooks based on lessons learned from incidents threat intelligence and industry best practices.
Ensure all actions findings and decisions made during incident handling are thoroughly documented in the SOCs ticketing system. Prepare clear and concise reports for management on security incidents and trends.
Provide guidance training and mentorship to Tier 1 & 2 analysts on incident handling analysis techniques tools and OT security concepts.
Participate in training sessions and simulations to stay current on cyber threats OT security best practices and monitoring tools.
Stay current on NERC-CIP standards (specifically 2/3) NIST CSF Purdue Model for Industrial Control Systems ISO 27001 frameworks and other relevant OT security regulations.

Education Experience & Skill Requirements

Bachelors Degree in Information Technology Computer Science Cybersecurity or a related field required. Masters degree preferred.
Minimum of 5-7 years of experience in a cybersecurity-focused role; SOC experience strongly preferred.
3 years of direct experience working with Operational Technology (OT) / Industrial Control Systems (ICS) environments including hands-on knowledge of SCADA systems PLCs RTUs HMIs and industrial networks.
Advanced certifications strongly desired. Examples include: CySA CEH OSCP GICSP CCNA Security or relevant OT security certifications (e.g. ISA/IEC 62443).
Deep understanding of cybersecurity fundamentals such as networking protocols (TCP/IP UDP DNS) operating systems (Windows Linux) and security architecture principles.
Strong knowledge of OT Protocols such as DNP3 Modbus IEC 104 OPC UA including packet analysis and understanding protocol vulnerabilities.
Experienced with Security Technologies such as SIEM SOAR IIDS/IPS endpoint detection solutions network traffic analysis tools.
Exceptional analytical mindset and attention to detail. Ability to analyze complex data sets identify patterns and draw meaningful conclusions.
Excellent verbal and written communication skills to effectively communicate technical information to both technical and non-technical stakeholders. Ability to create clear and concise reports.
Demonstrated ability to lead and mentor junior analysts.
Ability to work in a 24/7 shift-based SOC environment

Measures of Success

Demonstrates leadership in handling complex security incidents and coordinating response efforts.
Significant improvement in key performance indicators (e.g. reduction in mean time to detect (MTTD) mean time to respond (MTTR) false positive rate).
Successful development and implementation of new detection rules and use cases that improve threat coverage.
Ensures clientss timelines budgets and deliverable objectives are met.
Ensures the DGM SOCs SLAs are met or exceeded.
Works closely with multiple business units to improve cross-functional communication and efficiencies.
Demonstrates skills in prioritization and multi-tasking and success in adapting to change in a fast-paced environment.
Demonstrates ability to interface with internal and external business partners in a professional manner.

Job Title: OT Security Shift Lead Location: Dallas TX Key Roles & Responsibilities Oversee SOC operations during assigned shifts ensuring efficient workflow proper escalation procedures adherence to SLAs and effective communication between analysts. Lead investigations and response to com...

Job Title: OT Security Shift Lead

Location: Dallas TX

Key Roles & Responsibilities

Oversee SOC operations during assigned shifts ensuring efficient workflow proper escalation procedures adherence to SLAs and effective communication between analysts.
Lead investigations and response to complex security incidents impacting OT systems networks and applications. This includes coordinating efforts with other teams and business units (e.g. Networking Architecture CIP Compliance).
Perform in-depth analysis of security alerts and logs common in ICS/SCADA systems to identify indicators of compromise (IOCs).
Make real-time decisions on incident severity containment strategies and escalation paths and actions taken by Tier 1 & 2 analysts for incidents.
Evaluate and provide feedback on the performance of security technologies (e.g. SIEM SOAR IIDS/IPS) used in the SOC. Identify and oversee the optimization of detection rules to reduce false positives.
Develop test and implement custom detection rules correlation searches baseline drift and use cases within the toolset to improve threat detection capabilities specifically tailored to OT protocols and environments.
Proactively search for IOCs and misconfigurations within the OT environment using threat intelligence anomaly detection techniques and knowledge of attacker tactics techniques and procedures (TTPs) relevant to ICS/SCADA systems.
Create maintain and refine incident response playbooks standard operating procedures (SOPs) and runbooks based on lessons learned from incidents threat intelligence and industry best practices.
Ensure all actions findings and decisions made during incident handling are thoroughly documented in the SOCs ticketing system. Prepare clear and concise reports for management on security incidents and trends.
Provide guidance training and mentorship to Tier 1 & 2 analysts on incident handling analysis techniques tools and OT security concepts.
Participate in training sessions and simulations to stay current on cyber threats OT security best practices and monitoring tools.
Stay current on NERC-CIP standards (specifically 2/3) NIST CSF Purdue Model for Industrial Control Systems ISO 27001 frameworks and other relevant OT security regulations.

Education Experience & Skill Requirements

Bachelors Degree in Information Technology Computer Science Cybersecurity or a related field required. Masters degree preferred.
Minimum of 5-7 years of experience in a cybersecurity-focused role; SOC experience strongly preferred.
3 years of direct experience working with Operational Technology (OT) / Industrial Control Systems (ICS) environments including hands-on knowledge of SCADA systems PLCs RTUs HMIs and industrial networks.
Advanced certifications strongly desired. Examples include: CySA CEH OSCP GICSP CCNA Security or relevant OT security certifications (e.g. ISA/IEC 62443).
Deep understanding of cybersecurity fundamentals such as networking protocols (TCP/IP UDP DNS) operating systems (Windows Linux) and security architecture principles.
Strong knowledge of OT Protocols such as DNP3 Modbus IEC 104 OPC UA including packet analysis and understanding protocol vulnerabilities.
Experienced with Security Technologies such as SIEM SOAR IIDS/IPS endpoint detection solutions network traffic analysis tools.
Exceptional analytical mindset and attention to detail. Ability to analyze complex data sets identify patterns and draw meaningful conclusions.
Excellent verbal and written communication skills to effectively communicate technical information to both technical and non-technical stakeholders. Ability to create clear and concise reports.
Demonstrated ability to lead and mentor junior analysts.
Ability to work in a 24/7 shift-based SOC environment

Measures of Success

Demonstrates leadership in handling complex security incidents and coordinating response efforts.
Significant improvement in key performance indicators (e.g. reduction in mean time to detect (MTTD) mean time to respond (MTTR) false positive rate).
Successful development and implementation of new detection rules and use cases that improve threat coverage.
Ensures clientss timelines budgets and deliverable objectives are met.
Ensures the DGM SOCs SLAs are met or exceeded.
Works closely with multiple business units to improve cross-functional communication and efficiencies.
Demonstrates skills in prioritization and multi-tasking and success in adapting to change in a fast-paced environment.
Demonstrates ability to interface with internal and external business partners in a professional manner.