OT Security Shift Lead

Job Title: OT Security Shift Lead
Location: Dallas TX 75202
Mode : Contract (6+ Months)

Key Roles & Responsibilities
Oversee SOC operations during assigned shifts, ensuring efficient workflow, proper escalation procedures, adherence to SLAs, and effective communication between analysts.
Lead investigations and response to complex security incidents impacting OT systems, networks, and applications. This includes coordinating efforts with other teams and business units (e.g. Networking, Architecture, CIP Compliance).
Perform in-depth analysis of security alerts and logs common in ICS/SCADA systems to identify indicators of compromise (IOCs).
Make real-time decisions on incident severity, containment strategies, and escalation paths and actions taken by Tier 1 & 2 analysts for incidents.
Evaluate and provide feedback on the performance of security technologies (e.g. SIEM, SOAR, IIDS/IPS) used in the SOC. Identify and oversee the optimization of detection rules to reduce false positives.
Develop, test, and implement custom detection rules, correlation searches, baseline drift and use cases within the toolset to improve threat detection capabilities specifically tailored to OT protocols and environments.
Proactively search for IOCs and misconfigurations within the OT environment using threat intelligence, anomaly detection techniques, and knowledge of attacker tactics, techniques, and procedures (TTPs) relevant to ICS/SCADA systems.
Create, maintain, and refine incident response playbooks, standard operating procedures (SOPs), and runbooks based on lessons learned from incidents, threat intelligence, and industry best practices.
Ensure all actions, findings, and decisions made during incident handling are thoroughly documented in the SOC's ticketing system. Prepare clear and concise reports for management on security incidents and trends.
Provide guidance, training, and mentorship to Tier 1 & 2 analysts on incident handling, analysis techniques, tools, and OT security concepts.
Participate in training sessions and simulations to stay current on cyber threats, OT security best practices, and monitoring tools.
Stay current on NERC-CIP standards (specifically 2/3), NIST CSF, Purdue Model for Industrial Control Systems, ISO 27001 frameworks, and other relevant OT security regulations.

Education, Experience, & Skill Requirements
Bachelor's Degree in Information Technology, Computer Science, Cybersecurity, or a related field required. Master's degree preferred.
Minimum of 5-7 years of experience in a cybersecurity-focused role; SOC experience strongly preferred.
3+ years of direct experience working with Operational Technology (OT) / Industrial Control Systems (ICS) environments including hands-on knowledge of SCADA systems, PLCs, RTUs, HMIs, and industrial networks.
Advanced certifications strongly desired. Examples include: CySA+, CEH, OSCP, GICSP, CCNA Security, or relevant OT security certifications (e.g., ISA/IEC 62443).
Deep understanding of cybersecurity fundamentals such as networking protocols (TCP/IP, UDP, DNS), operating systems (Windows, Linux), and security architecture principles.
Strong knowledge of OT Protocols such as DNP3, Modbus, IEC 104, OPC UA, including packet analysis and understanding protocol vulnerabilities.
Experienced with Security Technologies such as SIEM, SOAR, IIDS/IPS, endpoint detection solutions, network traffic analysis tools.
Exceptional analytical mindset and attention to detail. Ability to analyze complex data sets, identify patterns, and draw meaningful conclusions.
Excellent verbal and written communication skills to effectively communicate technical information to both technical and non-technical stakeholders. Ability to create clear and concise reports.
Demonstrated ability to lead and mentor junior analysts.
Ability to work in a 24/7 shift-based SOC environment, including covering for teammates and occasional after-hours support.

Measures of Success
Demonstrates leadership in handling complex security incidents and coordinating response efforts.
Significant improvement in key performance indicators (e.g., reduction in mean time to detect (MTTD), mean time to respond (MTTR), false positive rate).
Successful development and implementation of new detection rules and use cases that improve threat coverage.
Ensures clients's timelines, budgets, and deliverable objectives are met.
Ensures the DGM SOC's SLAs are met or exceeded.
Works closely with multiple business units to improve cross-functional communication and efficiencies.
Demonstrates skills in prioritization and multi-tasking, and success in adapting to change in a fast-paced environment.
Demonstrates ability to interface with internal and external business partners in a professional manner.