OT SOC Detection Engineer

About The Position

Requirements

• 3–5 years of experience in cybersecurity detection engineering, SOC engineering, or security operations roles, with a strong focus on detection development and analytics.
• Extensive hands-on experience with SIEM and SOAR platforms, preferably Splunk, including the design and implementation of automated workflows, data models, and operational dashboards.
• Solid understanding of networking fundamentals, including TCP/IP, routing, firewalls, network segmentation, and common OT protocols such as Modbus and DNP3.
• Familiarity with NERC CIP and TSA cybersecurity requirements and how detection engineering and monitoring support regulatory obligations within OT environments.
• Strong analytical and communication skills, with attention to detail and the ability to clearly document detection logic and collaborate across technical and non-technical teams.
• Hands-on experience designing, tuning, and maintaining SIEM and SOAR detections in an operational security environment.

Nice To Haves

• Experience supporting OT or industrial control system environments is strongly preferred, including exposure to SCADA, PLCs, RTUs, or related systems.
• Experience configuring OT passive monitoring and threat detection tools, such as Nozomi, Dragos, and Claroty.
• Experience supporting OT cybersecurity, detection engineering, or security operations within regulated critical infrastructure environments is highly desirable.
• Relevant Splunk SIEM/SOAR and GIAC certifications, including GICSP, are highly desirable.

Responsibilities

• Design, develop, implement, and maintain OT-specific detection rules, analytics, and signatures within SIEM and SOAR platforms.
• Engineer and tune detection logic using network telemetry, and OT monitoring data to identify anomalous behavior, indicators of compromise (IOCs), and threat activity within ICS environments.
• Integrate and optimize data ingestion from OT security platforms, network devices, and control system assets to improve detection coverage and fidelity.
• Collaborate with OT SOC analysts to refine alert logic, reduce false positives, and ensure detections are actionable and operationally safe.
• Develop and maintain SOAR workflows to automate alert enrichment, contextualization, and response actions in accordance with OT SOC playbooks and approval requirements.
• Perform root-cause analysis on missed detections or detection gaps and implement corrective improvements.
• Support incident response activities by providing detection context, analytics, and technical expertise during investigations.
• Maintain documentation for detection logic, analytics, and automation workflows, including rationale, data sources, and dependencies.
• Partner with OT engineering, operations, IT security, and compliance teams to ensure detection capabilities align with operational constraints and regulatory expectations.
• Maintain awareness of emerging OT threats, attack techniques, and adversary behaviors relevant to industrial and critical infrastructure environments.

Benefits

• Competitive pay
• Paid training
• Benefits eligibility begins on your first day
• Transit subsidies
• Flexible work schedule, paid holidays and paid time off
• Access to discounts at fitness clubs and an on-site wellness center at our headquarters in Houston
• Professional growth and development programs including tuition reimbursement
• 401(k) Savings Plan featuring a company match dollar-for-dollar up to 6% and a company contribution of 3% regardless of your contribution