Operational Technology (OT) Cyber Threat Analyst

About The Position

Requirements

• Bachelor’s degree and 4-10 years of experience in the industry
• Excellent writing skills, strong communication abilities, good time management and organizational skills
• Experience using Microsoft Office tools and applications such as Word, PowerPoint, Excel and SharePoint
• Work confidently in a fast-paced environment with the ability to support multiple projects
• Ability to perform analysis of complex technical issues
• Ability to work independently on multiple tasks with minimal direction to meet deadlines
• Ability to work in a team environment and take initiative to help ensure team tasks are successfully completed within required timelines
• Obtaining a DoD Secret Clearance.
• Possession of a current passport with a minimum of 8 months remaining until the expiration date.
• Willingness and capability to travel, CONUS approximately 20% of the time.
• Commitment to maintaining a drug-free work environment, U.S. Citizenship, and possession of a valid state driver's license.

Nice To Haves

• Security+
• CISSP
• GICSP

Responsibilities

• Monitor, collect, and analyze cyber threat intelligence from open-source, commercial, and government feeds (ISACs, CISA, sector-specific advisories) with specific focus on threats targeting critical infrastructure sectors (energy, water, transportation, manufacturing)
• Assess threat actor TTPs (Tactics, Techniques, and Procedures) relevant to ICS/SCADA environments using frameworks such as MITRE ATT&CK for ICS and the Purdue Model
• Produce timely, actionable threat intelligence reports tailored to both technical and executive audiences
• Perform continuous monitoring of OT/ICS network environments, including SCADA systems, PLCs, RTUs, HMIs, and historian servers, for anomalous or malicious activity
• Analyze network traffic, asset telemetry, and security events across IT/OT boundaries using OT-aware tools (e.g., Claroty, Dragos, Nozomi Networks, Tenable OT)
• Identify and document Indicators of Compromise (IoCs) and Indicators of Attack (IoAs) specific to industrial control system environments
• Triage, investigate, and escalate security incidents in accordance with client incident response plans and sector-specific regulatory requirements
• Support containment, eradication, and recovery activities for cyber incidents affecting OT/ICS environments, with acute awareness of operational safety and uptime constraints
• Maintain detailed incident timelines, chain-of-custody documentation, and post-incident lessons-learned reports
• Conduct vulnerability assessments of OT assets, applying risk-based prioritization that accounts for operational impact, compensating controls, and the consequences of patching in live industrial environments
• Map identified vulnerabilities to threat actor capabilities and likelihood of exploitation to support client risk decisions
• Track remediation efforts and validate closure of identified findings
• Serve as a day-to-day technical point of contact for assigned clients, delivering regular briefings on threat landscape changes, incident status, and security posture
• Develop and maintain client-specific threat profiles, asset inventories, and sector risk assessments
• Communicate findings clearly and professionally across technical, operational, and executive stakeholder levels
• Support clients in understanding and meeting cybersecurity obligations under relevant frameworks and regulations, including NERC CIP, NIST SP 800-82, IEC 62443, TSA Security Directives, and AWIA 2018, as applicable by sector
• Assist in the development and review of OT security policies, procedures, and security plans
• Coordinate with government partners, sector ISACs (E-ISAC, WaterISAC, MS-ISAC), and peer organizations to share and receive actionable threat information
• Collaborate with internal red team, engineering, and advisory practice staff to integrate findings into broader client security programs
• Participate in tabletop exercises, drills, and wargames simulating OT-targeted attack scenarios
• Stay current on emerging OT/ICS threats, vulnerabilities, and adversary campaigns through ongoing research, training, and industry engagement
• Contribute to the firm’s internal knowledge base, playbooks, and methodology development
• Pursue and maintain relevant certifications (GICSP, GRID, CISA, GCIH, or equivalent)

Benefits

• Comprehensive health, vision, and dental insurance plans fully covered for employees
• Subsidized dependent health care coverage
• Participation in our Annual Bonus Program
• Life insurance policy equivalent to 1x your annual salary.
• Company paid short and long-term disability
• Cell phone reimbursement of $65 per month
• 401(k) Plan with contributions
• A 401(k) Safe Harbor Employer Contribution Program, which includes a 3% contribution