OT SOC Engineer

OT SOC Engineer

Basingstoke

£28k - £35k + Benefite

Hybrid working x2 days in office / x3 days work from home

I am recruiting in Basingstoke for an OT SOC Engineer to join the OT SOC team and will report directly into the OT Cybersecurity Services Lead.

As an OT SOC Engineer the role will be focused on the day-to-day monitoring of the OT service platform(s) and any other required security applications. You will be the first line of support for clients who have existing support services.

The standard working hours for this role are Monday to Friday, 9:00 AM to 5:30 PM. In addition, you will participate in an on-call rotation on a 1-in-4 basis. On-call duties fall outside your regular working hours and run from Monday at 9:00 AM through to the following Monday at 8:59 AM and uou will be paid extra for the on call duites of the OT SOC Engineer.

OT SOC Engineer Responsibilities:

Continuous / Proactive monitoring of OT security tools (e.g., Nozomi, Fortinet, TXOne) for alerts and anomalies.
Acknowledge, analyse and validate alerts triggered from the OT security tools to reduce false positives and escalate genuine incidents.
Proactively collaborate with internal engineers and customers to assess operational and BAU alerts, establishing baselines to minimise unnecessary noise within OT service security tools.
Triage, investigate, and respond to security incidents, performing root cause analysis and taking steps to mitigate the threat.
Take immediate action on potential and identified cyber security incidents in accordance with agreed SLA's and KPI's.
Proactively research emerging threats and vulnerabilities to find and address potential weaknesses before they are exploited.
Identify potential weaknesses in systems and networks and suggest or help implement preventative measures like firewalls or improved access controls.
Escalate incidents to Level 2 OT SOC or OT Cybersecurity Engineers as per service documentation (i.e. Playbooks or Alert/Incident Management processes).
Adhere to all internal service-related processes such as Alert & Incident Management processes.
Assist with the creation of processes as and when required and to have these align with existing processes.
Document incident reports including actions taken in SOC Ticketing systems.
Analyse data from logs, network traffic, and forensics to create detailed reports on findings and lessons learned. To be utilised in daily / weekly SOC reports for OT Environments.
Management and ownership or service-related documentation such as knowledge bases and playbooks.
Provide training to additional or new members of the Business Unit as and when required.
Assist with liaising with manufactures or tool set providers regarding product or toolset specific issues.
Prepare, maintain, and adhere to procedures for logging, reporting, and
statistically monitoring data as directed.
Ensuring time is accurately logged against client work, for billing purposes.
Identify new technology opportunities to enhance the product and service portfolio.
Respond to emergency outages in accordance with business continuity and disaster recovery plans.
Adopt a proactive approach towards all client activities.
Collaborate with all the Technical Service departments when required to ensure business objectives are met.
Support delivery of projects with chosen technologies as and when required.
Own personal training plan that is put in place with line manager.
Highlight areas for improvement to supervisor where applicable.
Ensuring adherence to Management System Manual for Quality (ISO 9001), InfoSec (ISO 27001) and ESG (ISO 14001).
Follow established OT security procedures aligned with IEC 62443, NIST CSF, and company policies.
Translate complex technical threats into clear business risks for management and collaborate with GRC (Governance, Risk, and Compliance) teams.
Work with other SOC analysts, technical teams, and stakeholders to coordinate responses and share information.
Provide input on and help optimise security tools, such as EDR/XDR and SIEM platforms.
Expectation to assist with other tasks requested by line manager.
OT SOC Engineer Desired Skills/Qualifications/Experience

The following list highlights the desired skills, qualifications and experience required for the role; however, it is not exhaustive:

Degree in Cybersecurity or similar.
Experience with Cyber Security Monitoring tools.
Experience working in an IT Support or Security/SOC team.
Experience working in an OT environment.
Understanding or knowledge of devices specific to an OT environment.
Understanding of OT specific legislations or regulations such as IEC62443.
Basic understanding of:
ICS/SCADA systems and OT network architecture.
Common OT protocols (Modbus, DNP3, OPC).
Experience/Understanding of SIEM/SOAR solutions and OT-specific monitoring platforms (e.g. Nozomi Vantage).
Knowledge of network environments (routing/switching/VLANS/Security/Wireless/etc.).
Knowledge of Firewalls (IDS/IPS/DPI/WAF/Web Filter/App Control).
Knowledge of security concepts (CIA/MITRE ATT&CK Framework/Vulnerabilities).
Knowledge of cybersecurity fundamentals (CIA triad, threat vectors).
Knowledge of ITIL disciplines such as Incident, Problem and Change Management.
CompTIA Security+ / CySA+ or similar.
Vendor Certifications - Cisco, Nozomi, Fortinet.
Knowledge of scripting - Python, Powershell, Perl desirable.
Drive to work off own initiative.
Ability to work in a fast paced, changing environment.
Understanding of ticket management systems and SLAs.
Strong analytical and problem-solving skills.
Ability to follow structured service-related documents such as Alert & Incident response playbooks.
OT SOC Engineer Personal attributes:

The following list highlights the personal attributes required for the role; however, it is not exhaustive:

Must be self-motivated with a positive can-do attitude.
Must be able to work un-supervised, on own initiative as well as within a team.
Must be a logical thinker.
Must remain calm under pressure.
Be confident in both spoken and written communications.
An excellent problem solver with strong analytical skills.
Must stay up to date with the latest security trends, threats, and technologies and to report and communicate these to the technical teams.
Can meet deadlines and maintain high standards even when under pressure.
Must have understanding and appreciation to rigid process adherence.
Must be willing to take on the unknown with the desire to learn.
Must hold full driving licence valid in UK.
Ability to work as part of a team but virtually at times due to remote and solo working.
Must attend the office workplace as and when requested.OT SOC Engineer Benefits:

Pension, Medical Insurance, Financial Planning Support, Death in Service, Medicash Healthcare Cash Plan, Permanent Total Disability Insurance, Enhanced Maternity/Paternity/Adoption Pay, Company Sick Pay, Hybrid Working, Investment in personal and professional training, Professional Memberships, Health checks, Wellbeing training and support, Employee Assistance Program, Flu jabs, Eyecare and of course paid holiday.

Services advertised by Gold Group are those of an Agency and/or an Employment Business.
We will contact you within the next 14 days if you are selected for interview. For a copy of our privacy policy please visit our website