Lead SOC Engineer (OT Cybersecurity)

Overview:

Job Purpose

OT Detection is a senior technical and engineering leader role focused on designing and implementing advanced threat detection capabilities within OT environments. Operating within CPX’s hybrid Security Operations Centers (SOCs), this role emphasizes engineering detection logic, integrating OT telemetry, and enhancing visibility across ICS/SCADA systems. The position requires deep expertise in OT cybersecurity, threat hunting, and SOC operations, with a strong understanding of regional industrial sectors and compliance frameworks.

Responsibilities:

Job Responsibilities

Key Focus Areas

Key Activities

Key Responsibilities

• Detection Engineering: Design, develop, and fine‑tune OT‑specific detection use cases, correlation rules, and analytics within SIEM platforms to enhance threat visibility and reduce false positives.
• SOAR Playbook Engineering: Build, maintain, and optimize SOAR playbooks to automate investigation and response workflows for OT and IT security events.
• Alert Development & SOC Enablement: Create, refine, and document SOC alert logic to ensure high‑fidelity detection and smooth operational handover to analysts.
• Tool Integration: Deploy, configure, and optimize OT security platforms such as Dragos, Claroty, and Nozomi to improve monitoring coverage and asset visibility.
• Telemetry Onboarding: Integrate OT data sources—including PLC logs, historian data, network telemetry, and asset inventories—into SIEM/SOAR and broader SOC workflows.
• SOC Collaboration: Partner closely with SOC analysts and IT/OT teams to validate detections, enhance triage processes, and ensure seamless integration of OT monitoring capabilities.
• Compliance Alignment: Ensure all detection and response strategies align with relevant regulatory and industry frameworks, including NESA, SAMA, NIST 800‑82, and IEC 62443.
• Incident Support: Lead or support technical investigations involving OT assets, providing deep expertise during incident response activities and post‑incident reviews.

Qualifications:

Job Specifications

Skills/Certifications (Technical & Non-Technical)

Skills

• Advanced OT Detection Engineering: Proven ability to design and implement high-fidelity detection logic tailored to OT environments, including ICS/SCADA systems and industrial protocols.
• Deep Protocol Expertise: Strong hands-on experience with OT/ICS protocols such as Modbus, DNP3, OPC, IEC 61850, and their behavioral patterns in threat scenarios.
• SIEM Use Case Development: Extensive experience building and tuning OT-specific use cases and correlation rules in SIEM platforms (e.g., QRadar, Splunk), with a focus on minimizing false positives and enhancing alert fidelity.
• Telemetry Integration: Skilled in onboarding OT telemetry sources (e.g., PLC logs, historian data, network traffic) into SOC workflows for enhanced visibility and detection.
• Scripting & Automation: Proficient in Python and PowerShell for automating detection workflows, parsing OT logs, and building custom alerting mechanisms.
• Cross-Domain Collaboration: Strong communication and collaboration skills to work effectively with SOC analysts, OT engineers, and incident response teams.
• Operational Awareness: Deep understanding of SOC operations, OT threat landscapes, and the unique challenges of securing industrial environments in the Middle East.Certifications

• Cybersecurity: CISSP, CISM, or equivalent.
• OT-Specific: GICSP, GRID, ISA/IEC 62443 Cybersecurity Certificate, Dragos, Nozomi.
• Networking: CCNP/CCIE.
• Additional certifications related to SOAR or SIEM solutions would be considered an advantage

Minimum Work Experience

• Minimum of 8–10 years in SOC operations, with significant experience in OT cybersecurity.
• Prior experience in a lead engineering role within a SOC or industrial cybersecurity environment.

Education

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or related field.
• Master’s degree or equivalent recognized cybersecurity certifications preferred.