OT Detection is a senior technical and engineering leader role focused on designing and implementing advanced threat detection capabilities within OT environments. Operating within the company’s hybrid Security Operations Centers (SOCs), this role emphasizes engineering detection logic, integrating OT telemetry, and enhancing visibility across ICS/SCADA systems. The position requires deep expertise in OT cybersecurity, threat hunting, and SOC operations, with a strong understanding of regional industrial sectors and compliance frameworks.
Ready to apply for roles like this?
Unlock the company name and direct application link. Subscribers get instant access to fresh jobs across Dubai, Abu Dhabi and Riyadh, many with visa support.
Unlock employer & apply directly
Responsibilities
- Design, develop, and fine-tune OT-specific detection use cases, correlation rules, and analytics within SIEM platforms to enhance threat visibility and reduce false positives.
- Build, maintain, and optimize SOAR playbooks to automate investigation and response workflows for OT and IT security events.
- Create, refine, and document SOC alert logic to ensure high-fidelity detection and smooth operational handover to analysts.
- Deploy, configure, and optimize OT security platforms such as Dragos, Claroty, and Nozomi to improve monitoring coverage and asset visibility.
- Integrate OT data sources—including PLC logs, historian data, network telemetry, and asset inventories—into SIEM/SOAR and broader SOC workflows.
- Partner closely with SOC analysts and IT/OT teams to validate detections, enhance triage processes, and ensure seamless integration of OT monitoring capabilities.
- Ensure all detection and response strategies align with relevant regulatory and industry frameworks, including NESA, SAMA, NIST 800‑82, and IEC 62443.
- Lead or support technical investigations involving OT assets, providing deep expertise during incident response activities and post-incident reviews.
Requirements
- Minimum of 8–10 years in SOC operations, with significant experience in OT cybersecurity.
- Proven ability to design and implement high-fidelity detection logic tailored to OT environments, including ICS/SCADA systems and industrial protocols.
- Strong hands-on experience with OT/ICS protocols such as Modbus, DNP3, OPC, IEC 61850, and their behavioral patterns in threat scenarios.
- Extensive experience building and tuning OT-specific use cases and correlation rules in SIEM platforms (e.g., QRadar, Splunk).
- Skilled in onboarding OT telemetry sources (e.g., PLC logs, historian data, network traffic) into SOC workflows for enhanced visibility and detection.
- Proficient in Python and PowerShell for automating detection workflows, parsing OT logs, and building custom alerting mechanisms.
- Strong communication and collaboration skills to work effectively with SOC analysts, OT engineers, and incident response teams.
- Bachelor’s degree in computer science, Information Technology, Cybersecurity, or related field; Master’s degree or equivalent recognized cybersecurity certifications preferred.
Certifications
- Cybersecurity: CISSP, CISM, or equivalent.
- OT-Specific: GICSP, GRID, ISA/IEC 62443 Cybersecurity Certificate, Dragos, Nozomi.
- Networking: CCNP/CCIE.
- Additional certifications related to SOAR or SIEM solutions would be considered an advantage.
