Lead SOC Engineer (OT Cybersecurity)

TL;DR

Lead SOC Engineer (OT Cybersecurity): Designing and implementing advanced threat detection capabilities within OT environments with an accent on ICS/SCADA systems and telemetry integration. Focus on engineering detection logic, optimizing SOAR playbooks, and ensuring compliance with regional industrial frameworks.

Location: MBZ City, Abu Dhabi, United Arab Emirates

What you will do

• Design, develop, and fine-tune OT-specific detection use cases and correlation rules within SIEM platforms.
• Build and optimize SOAR playbooks to automate investigation and response workflows for OT and IT security events.
• Deploy and configure OT security platforms such as Dragos, Claroty, and Nozomi to improve monitoring coverage.
• Integrate OT telemetry sources, including PLC logs and historian data, into SOC workflows.
• Partner with SOC analysts and OT engineers to validate detections and enhance triage processes.
• Ensure detection and response strategies align with NESA, SAMA, NIST 800 82, and IEC 62443 frameworks.

Requirements

• 8–10 years of experience in SOC operations, with significant expertise in OT cybersecurity.
• Deep knowledge of OT/ICS protocols such as Modbus, DNP3, OPC, and IEC 61850.
• Extensive experience building OT-specific use cases in SIEM platforms (e.g., QRadar, Splunk).
• Proficiency in Python and PowerShell for automating workflows and parsing OT logs.
• Bachelor’s degree in Computer Science, IT, Cybersecurity, or a related field.
• Location: Must be based in MBZ City, Abu Dhabi, United Arab Emirates

Nice to have

• Cybersecurity certifications: CISSP, CISM, or equivalent.
• OT-specific certifications: GICSP, GRID, ISA/IEC 62443, Dragos, or Nozomi.
• Networking certifications: CCNP or CCIE.
• Master’s degree in a relevant field.
• Additional certifications in SOAR or SIEM solutions.