OT SOC Analyst II

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering, or a related technical field is preferred, or equivalent practical experience
• 1–3 years of hands-on Security Operations Center (SOC) experience, including alert triage, investigation, and incident escalation in an IT and/or OT environment.
• Hands-on experience configuring, tuning, and operating SIEM/SOAR platforms in an operational security environment.
• Demonstrated, hands-on experience with SIEM and SOAR platforms, preferably Splunk, including data correlation, workflow automation and dashboard creation.
• Solid understanding of networking fundamentals, including TCP/IP, routing, firewalls, network segmentation, and common OT protocols such as Modbus and DNP3.
• Ability to analyze logs, network flows, and alerts to identify security-relevant events, and apply incident response principles, investigation techniques, and evidence handling practices.
• Strong analytical and communication skills, with attention to detail and the ability to clearly document findings and collaborate across technical and non-technical teams.

Nice To Haves

• Experience supporting OT cybersecurity or security operations within regulated critical infrastructure environments is highly desirable.
• Relevant certifications from Splunk and GIAC including GICSP, GRID, GCIP, GCIA or GCIH are highly desirable.
• Experience supporting OT or ICS environments is strongly preferred, including exposure to SCADA, PLCs, RTUs, or related systems.
• Experience working with OT passive monitoring and threat detection tools, such as Nozomi, Dragos, and Claroty.
• Familiarity with NERC CIP and TSA cybersecurity requirements and how security monitoring and incident response support regulatory obligations within OT environments.

Responsibilities

• Perform continuous (24/7) monitoring of OT networks, systems, and devices, including SCADA systems, PLCs, RTUs, IEDs, and associated communications infrastructure.
• Analyze alerts, logs, and telemetry from OT security platforms and SIEM/SOAR solutions to identify anomalies, indicators of compromise (IOCs), and potential cyber threats.
• Conduct initial triage and investigation of detected events, determining scope, severity, and potential operational impact.
• Escalate confirmed or suspected incidents in accordance with OT SOC playbooks, incident classification criteria, and escalation procedures.
• Perform in-depth analysis of suspicious activity within OT environments, including log review, network traffic analysis, and correlation across multiple data sources.
• Support forensic analysis of impacted OT systems to assist in identifying root causes, attack paths, and contributing factors.
• Accurately document incidents, investigations, and response actions within organizational ticketing and case management systems.
• Provide timely notification of identified cybersecurity incidents or attempted compromises to appropriate stakeholders.
• Collaborate with OT SOC leadership and engineering teams to refine detection logic, improve SIEM/SOAR use cases, and enhance OT-specific playbooks.
• Participate in incident response activities, including coordination with operations, engineering, compliance, and external partners as required.
• Maintain awareness of emerging OT threats, vulnerabilities, and attack techniques relevant to electric utilities.

Benefits

• Competitive pay
• Paid training
• Benefits eligibility begins on your first day
• Transit subsidies
• Flexible work schedule, paid holidays and paid time off
• Access to discounts at fitness clubs and an on-site wellness center at our headquarters in Houston
• Professional growth and development programs including tuition reimbursement
• 401(k) Savings Plan featuring a company match dollar-for-dollar up to 6% and a company contribution of 3% regardless of your contribution