1. Home
  2. Jobs
  3. Lead SOC Engineer (OT Cybersecurity)
Cybersecurity Hybrid

Lead SOC Engineer (OT Cybersecurity)

Group 42
Jeddah - Saudi Arabia Listed 1 week ago 10 years via Naukrigulf
python cybersecurity soc siem security

Job Description Roles & Responsibilities Overview: Job Purpose OT Detection is a senior technical and engineering leader role focused on designing and implementing advanced threat detection capabilities within OT environments. Operating within CPX s hybrid Security Operations Centers (SOCs), this role emphasizes engineering detection logic, integrating OT telemetry, and enhancing visibility across ICS/SCADA systems. The position requires deep expertise in OT cybersecurity, threat hunting, and SOC operations, with a strong understanding of regional industrial sectors and compliance frameworks. Responsibilities: Job Responsibilities Key Focus Areas Key Activities Key Responsibilities Detection Engineering : Design, develop, and fine tune OT specific detection use cases, correlation rules, and analytics within SIEM platforms to enhance threat visibility and reduce false positives. SOAR Playbook Engineering: Build, maintain, and optimize SOAR playbooks to automate investigation and response workflows for OT and IT security events. Alert Development & SOC Enablement: Create, refine, and document SOC alert logic to ensure high fidelity detection and smooth operational handover to analysts. Tool Integration: Deploy, configure, and optimize OT security platforms such as Dragos, Claroty, and Nozomi to improve monitoring coverage and asset visibility. Telemetry Onboarding: Integrate OT data sources including PLC logs, historian data, network telemetry, and asset inventories into SIEM/SOAR and broader SOC workflows. SOC Collaboration: Partner closely with SOC analysts and IT/OT teams to validate detections, enhance triage processes, and ensure seamless integration of OT monitoring capabilities. Compliance Alignment: Ensure all detection and response strategies align with relevant regulatory and industry frameworks, including NESA, SAMA, NIST 800 82, and IEC 62443. Incident Support: Lead or support technical investigations involving OT assets, providing deep expertise during incident response activities and post incident reviews. Qualifications: Job Specifications Skills/Certifications (Technical & Non-Technical) Skills Advanced OT Detection Engineering: Proven ability to design and implement high-fidelity detection logic tailored to OT environments, including ICS/SCADA systems and industrial protocols. Deep Protocol Expertise: Strong hands-on experience with OT/ICS protocols such as Modbus, DNP3, OPC, IEC 61850, and their behavioral patterns in threat scenarios. SIEM Use Case Development: Extensive experience building and tuning OT-specific use cases and correlation rules in SIEM platforms (e.g., QRadar, Splunk), with a focus on minimizing false positives and enhancing alert fidelity. Telemetry Integration: Skilled in onboarding OT telemetry sources (e.g., PLC logs, historian data, network traffic) into SOC workflows for enhanced visibility and detection. Scripting & Automation: Proficient in Python and PowerShell for automating detection workflows, parsing OT logs, and building custom alerting mechanisms. Cross-Domain Collaboration: Strong communication and collaboration skills to work effectively with SOC analysts, OT engineers, and incident response teams. Operational Awareness: Deep understanding of SOC operations, OT threat landscapes, and the unique challenges of securing industrial environments in the Middle East. Certifications Cybersecurity: CISSP, CISM, or equivalent. OT-Specific: GICSP, GRID, ISA/IEC 62443 Cybersecurity Certificate, Dragos, Nozomi. Networking: CCNP/CCIE. Additional certifications related to SOAR or SIEM solutions would be considered an advantage Minimum Work Experience Minimum of 8 10 years in SOC operations, with significant experience in OT cybersecurity. Prior experience in a lead engineering role within a SOC or industrial cybersecurity environment. Education Bachelor s degree in computer science, Information Technology, Cybersecurity, or related field. Master s degree or equivalent recognized cybersecurity certifications preferred. Desired Candidate Profile Skills/Certifications (Technical & Non-Technical) Skills Advanced OT Detection Engineering: Proven ability to design and implement high-fidelity detection logic tailored to OT environments, including ICS/SCADA systems and industrial protocols. Deep Protocol Expertise: Strong hands-on experience with OT/ICS protocols such as Modbus, DNP3, OPC, IEC 61850, and their behavioral patterns in threat scenarios. SIEM Use Case Development: Extensive experience building and tuning OT-specific use cases and correlation rules in SIEM platforms (e.g., QRadar, Splunk), with a focus on minimizing false positives and enhancing alert fidelity. Telemetry Integration: Skilled in onboarding OT telemetry sources (e.g., PLC logs, historian data, network traffic) into SOC workflows for enhanced visibility and detection. Scripting & Automation: Proficient in Python and PowerShell for automating detection workflows, parsing OT logs, and building custom alerting mechanisms. Cross-Domain Collaboration: Strong communication and collaboration skills to work effectively with SOC analysts, OT engineers, and incident response teams. Operational Awareness: Deep understanding of SOC operations, OT threat landscapes, and the unique challenges of securing industrial environments in the Middle East. Certifications Cybersecurity: CISSP, CISM, or equivalent. OT-Specific: GICSP, GRID, ISA/IEC 62443 Cybersecurity Certificate, Dragos, Nozomi. Networking: CCNP/CCIE. Additional certifications related to SOAR or SIEM solutions would be considered an advantage Minimum Work Experience Minimum of 8 10 years in SOC operations, with significant experience in OT cybersecurity. Prior experience in a lead engineering role within a SOC or industrial cybersecurity environment. Education Bachelor s degree in computer science, Information Technology, Cybersecurity, or related field. Master s degree or equivalent recognized cybersecurity certifications preferred. Company Industry IT - Software Services Department / Functional Area Engineering Keywords Lead SOC Engineer (OT Cybersecurity) Get real-time job updates only on our App

Ready to apply?

You are viewing this role on JobSphere AI. Applications are completed on the original employer / source website.

Apply on original site

Opens the employer's site in a new tab

  • CompanyGroup 42
  • LocationJeddah - Saudi Arabia
  • CategoryCybersecurity
  • SourceNaukrigulf
  • Listed1 week ago

Related Cybersecurity jobs

More Cybersecurity