OT SOC Analyst - Full-Remote - Contractor in USD

For an international organization, we are urgently looking for a Full Remote OT SOC Analyst.

We are looking for a contractor, who is able to work full-time in CET working hours. Candidates need to be fluent in English.

Tasks and Responsibilities:

• Conduct quality assurance oversight to ensure Tier 1 OT SOC operations maintain comprehensive coverage and do not overlook critical security issues;

• Collaborate across OT SOC tiers (Tier 1 and Tier 3) to manage the whitelisting of normal events, reducing false positives and improving operational efficiency;

• Correlate events across multiple systems and data sources to identify patterns, anomalies, and potential threats that may not be evident in isolated alerts;

• Lead cyber incidents end to end across all severities, performing incident assessment, triage, investigation, containment, eradication, recovery support, and closure documentation, in line with approved playbooks and NIST-aligned incident response standards;

• Escalate high severity and complex incidents to OT SOC Tier 3, supporting investigation strategy, containment decisions, and coordination with Tier 3 OT SOC, Global Engineering, IT Security teams, etc;

• Perform deep technical analysis of security incidents, including IACS, endpoint, identity, email, network, and cloud-based attacks;

• Oversee evidence collection and preservation, ensuring forensic integrity and compliance with procedures and standards;

• Coordinate and lead response activities across regions;

• Provide clear, concise, and audit-ready incident documentation, including timelines, executive summaries, and post-incident reports;

• Contribute to the continuous improvement of incident response processes, playbooks, and procedures, incorporating lessons learned from incidents, exercises, and post incident reviews;

OT Vulnerability Management

• Track, assess, and prioritize vulnerabilities based on operational risk and safety impact, ensuring critical issues receive timely attention;

• Coordinate remediation efforts by working closely with engineering and plant operations teams to implement patching or mitigation strategies without disrupting production;

• Maintain and update a centralized vulnerability database, providing clear visibility into remediation status and progress;

• Report regularly on vulnerability trends and remediation outcomes to management, ensuring accountability and continuous improvement in OT security posture;

Continuous Improvement

• Enhance OT SOC operations by strengthening log collection processes and advancing detection engineering capabilities to improve visibility and threat identification;

• Continuously refine detection rules and response playbooks based on post‑incident reviews and lessons learned, ensuring adaptive and resilient defense mechanisms;

• Participate in proactive security assessments, including structured threat hunting activities, to identify emerging risks and improve detection coverage;

• Contribute to workforce development by supporting training initiatives and raising awareness of OT‑specific threats and vulnerabilities across SOC and plant operations teams;

• Drive a culture of continuous improvement by integrating feedback loops, performance metrics, and best practices into daily OT SOC operations;

Profile:

• Bachelor or Master degree;

• +5 years of experience and knowledge of OT protocols (Modbus, Profinet, OPC-UA) and other vendor protocols for industrial automation & control (IACS) systems;

• Familiarity with MITRE ATT&CK ICS matrix;

• Knowledge of OT-specific standards such as IEC-62443, NIS2, NIST CSF, etc;

• Experience with SIEM, IDS/IPS, Service

Now, and OT monitoring platforms;

• Familiarity with vulnerability scanning tools adapted for OT environments (e.g., Claroty, Dragos, Nozomi Networks, etc);

• Strong analytical skills for incident investigation and vulnerability prioritization;

• Certifications such as SANS GICSP/GRID, or ISA Cybersecurity credentials;

• Fluent in English;