OT SOC Analyst

Role Summary :

As an L2 OT SOC Analyst, you will be responsible for advanced threat detection, incident response, and forensic analysis within Operational Technology (OT) environments using Claroty XDOME. You will handle escalated alerts from L1 analysts, perform deep-dive investigations, and contribute to the continuous improvement of OT cybersecurity operations.

Key Responsibilities :

Monitor and analyze security alerts from Claroty XDOME and other integrated SIEM / EDR platforms.

Conduct in-depth investigations of suspicious activities and OT-specific incidents.

Perform threat hunting and exposure management across OT assets.

Lead incident response efforts including containment, eradication, and recovery.

Collaborate with L1 analysts and engineering teams to refine detection rules and playbooks.

Maintain and update incident response documentation and reporting dashboards.

Analyze vulnerabilities in OT systems and recommend mitigation strategies.

Ensure SLA compliance and contribute to SOC process improvements.

Participate in forensic analysis and malware investigations within OT environments.

Provide mentorship and guidance to L1 analysts.

Required Skills & Experience :

Experience : 3–6 years in cybersecurity, with at least 2 years in a SOC environment focused on OT or ICS / SCADA systems.

Certifications : CEH, CISSP, GCFA, GCFE, or Claroty XDOME-specific training preferred.

Technical Skills :

Proficiency in Claroty XDOME, SIEM tools (Splunk, QRadar, ELK), and EDR platforms.

Strong understanding of OT protocols (Modbus, DNP3, OPC, etc.) and CPS asset management.

Familiarity with IDS / IPS, firewalls, VPNs, and threat intelligence platforms.

Scripting knowledge (Python, Bash, Perl) for automation and analysis.

Knowledge of Windows, Linux, and Unix operating systems.

Experience with forensic tools and packet analysis.