Senior SecOps Engineer 100% Remote

Senior SecOps Engineer 100% Remote 

This is a senior, hands‑on SecOps / SOC escalation role with strong OT / ICS exposure. It is not a people manager, but it does carry technical leadership expectations:

• Acts as tier‑3 / escalation engineer for complex IT + OT incidents
• Heavy exposure to OT, SCADA, Purdue Model, and NERC CIP
• Expected to improve SOC maturity, build detections, tune alerts, and mentor analysts
• Partners closely with OT engineers, plant operations, compliance, and infrastructure
• Requires someone who can balance security controls with safety and uptime

Top 5 Skills Required to Succeed

Stack‑Ranked (Most → Least Critical)

1. OT / ICS Security & SCADA Environments

• Purdue Model, segmentation, secure remote access
• Understanding safety‑critical operations
• Experience with OT monitoring platforms (Nozomi, Claroty, Dragos)

2. Incident Response & SOC Escalation Leadership

• High‑severity investigations
• Network, endpoint, identity‑based attacks
• Breach handling across IT + OT

3. Detection Engineering & Threat Hunting

• SIEM / XDR detections
• Alert tuning, false‑positive reduction
• Proactive threat hunting

4. IT Security Architecture Knowledge

• Identity, endpoints, networking, logging
• Cloud & hybrid environments (Azure‑leaning)

5. Compliance & Critical Infrastructure Awareness

• NERC CIP participation
• IEC 62443 familiarity
• Evidence collection and audit‑ready documentation

Job Description:

We’re hiring a Senior Security Operations (SecOps) Engineer to play a key role in protecting critical infrastructure and renewable energy operations. This is a hands‑on, senior technical role within the Security Operations Center (SOC), focused on advanced threat detection, incident response, and OT/ICS security.

You’ll serve as a technical escalation point for complex incidents across enterprise IT and operational technology (OT) environments, including SCADA‑connected systems. The role partners closely with OT engineers, plant operations, IT infrastructure, and compliance teams to ensure security controls are effective without impacting safety or uptime.

This is not a people‑manager role — but it does carry influence. You’ll help mature SOC operations, mentor junior analysts, and shape how security operations scale alongside a growing renewable energy portfolio.

What You’ll Be Doing

• Lead investigation and response for high‑severity security incidents, including:
  • Enterprise system breaches
  • Suspected OT / SCADA‑adjacent security events
• Perform threat hunting across IT and OT‑adjacent environments
• Act as a tier‑3 escalation point for complex SOC investigations
• Support patching and vulnerability management, including response coordination and documentation
• Partner closely with:
  • OT engineers and power plant operations
  • Infrastructure, engineering, and compliance teams
• Participate in NERC CIP‑related investigations, evidence collection, and incident response (as applicable)
• Contribute to SOC maturity initiatives, including:
  • Detection engineering and alert tuning
  • Process and runbook improvements
  • Metrics, reporting, and tooling optimization
• Deliver post‑incident reviews and recommend preventative controls and architectural improvements
• Mentor and provide technical guidance to junior SOC analysts

What We’re Looking For

Required Experience

• 6–10+ years in Security Operations, SOC, Incident Response, or SecOps
• Proven experience leading investigations involving:
  • Network intrusions
  • Endpoint compromise
  • Identity‑based attacks
  • Cloud and hybrid environments
• Strong understanding of:
  • IT security architecture (identity, endpoints, networking, logging)
  • OT / ICS security concepts, including SCADA, segmentation, and the Purdue Model
• Experience building or maintaining:
  • Incident response playbooks
  • SOC runbooks
  • Detection use cases and alert tuning
• Comfortable collaborating with OT engineers and operations teams
• Strong written and verbal communication skills, including executive‑level incident summaries
• Bachelor’s degree in Cybersecurity, Engineering, Computer Science, or equivalent experience
• Hands‑on experience with OT secure remote access

Nice to Have (Not Required)

• Background in energy, utilities, renewables, or industrial environments
• Experience with OT security monitoring platforms such as:
  • Nozomi
  • Claroty
  • Dragos
• Experience with Microsoft Defender XDR
• Working knowledge of:
  • NERC CIP
  • IEC 62443
  • Zero Trust security principles
• Experience securing remote or geographically distributed assets
• Certifications such as:
  • GCIP
  • GICSP
  • Other OT / SCADA‑focused security certifications