OT SOC Engineer
Axians UK
full-time
Posted on:
Location Type: Hybrid
Location: Basingstoke • United Kingdom
Visit company websiteExplore more
About the role
- You will be working in the OT SOC team and will report directly into the OT Cybersecurity Services Lead (Line Manager).
- Focus on the day-to-day monitoring of the OT service platform(s) and any other required security applications.
- First line of support for clients who have existing support services.
- Continuous / Proactive monitoring of OT security tools (e.g., Nozomi, Fortinet, TXOne) for alerts and anomalies.
- Acknowledge, analyse and validate alerts triggered from the OT security tools to reduce false positives and escalate genuine incidents.
- Proactively collaborate with internal Axians engineers and customers to assess operational and BAU alerts, establishing baselines to minimise unnecessary noise within OT service security tools.
- Triage, investigate, and respond to security incidents, performing root cause analysis and taking steps to mitigate the threat.
- Take immediate action on potential and identified cyber security incidents in accordance with agreed SLA’s and KPI’s.
- Proactively research emerging threats and vulnerabilities to find and address potential weaknesses before they are exploited.
- Identify potential weaknesses in systems and networks and suggest or help implement preventative measures like firewalls or improved access controls.
- Escalate incidents to Level 2 OT SOC or OT Cybersecurity Engineers as per service documentation (i.e. Playbooks or Alert/Incident Management processes).
- Adhere to all internal service-related processes such as Alert & Incident Management processes.
- Assist with the creation of processes as and when required and to have these align with existing processes.
- Document incident reports including actions taken in SOC Ticketing systems.
- Analyse data from logs, network traffic, and forensics to create detailed reports on findings and lessons learned.
- Management and ownership or service-related documentation such as knowledge bases and playbooks.
- Provide training to additional or new members of the Business Unit as and when required.
- Assist with liaising with manufactures or tool set providers regarding product or toolset specific issues.
- Prepare, maintain, and adhere to procedures for logging, reporting, and statistically monitoring data as directed.
- Ensuring time is accurately logged against client work, for billing purposes.
- Identify new technology opportunities to enhance the product and service portfolio.
- Respond to emergency outages in accordance with business continuity and disaster recovery plans.
- Adopt a proactive approach towards all client activities.
- Collaborate with all the Technical Service departments when required to ensure business objectives are met.
- Support delivery of projects with chosen technologies as and when required.
- Own personal training plan that is put in place with line manager.
- Highlight areas for improvement to supervisor where applicable.
- Ensuring adherence to Axians’ Management System Manual for Quality (ISO 9001), InfoSec (ISO 27001) and ESG (ISO 14001).
- Follow established OT security procedures aligned with IEC 62443, NIST CSF, and company policies.
- Translate complex technical threats into clear business risks for management and collaborate with GRC (Governance, Risk, and Compliance) teams.
- Work with other SOC analysts, technical teams, and stakeholders to coordinate responses and share information.
- Provide input on and help optimise security tools, such as EDR/XDR and SIEM platforms.
Requirements
- Degree in Cybersecurity or similar.
- Experience with Cyber Security Monitoring tools.
- Experience working in an IT Support or Security/SOC team.
- Experience working in an OT environment.
- Understanding or knowledge of devices specific to an OT environment.
- Understanding of OT specific legislations or regulations such as IEC62443.
- Basic understanding of ICS/SCADA systems and OT network architecture.
- Common OT protocols (Modbus, DNP3, OPC).
- Experience/Understanding of SIEM/SOAR solutions and OT-specific monitoring platforms (e.g. Nozomi Vantage).
- Knowledge of network environments (routing/switching/VLANS/Security/Wireless/etc.).
- Knowledge of Firewalls (IDS/IPS/DPI/WAF/Web Filter/App Control).
- Knowledge of security concepts (CIA/MITRE ATT&CK Framework/Vulnerabilities).
- Knowledge of cybersecurity fundamentals (CIA triad, threat vectors).
- Knowledge of ITIL disciplines such as Incident, Problem and Change Management.
- CompTIA Security+ / CySA+ or similar.
- Vendor Certifications – Cisco, Nozomi, Fortinet.
- Knowledge of scripting – Python, Powershell, Perl desirable.
- Drive to work off own initiative.
- Ability to work in a fast paced, changing environment.
- Understanding of ticket management systems and SLAs.
- Strong analytical and problem-solving skills.
- Ability to follow structured service-related documents such as Alert & Incident response playbooks.
Benefits
- Company Shares Scheme
- Pension
- Medical Insurance
- Financial Planning Support
- Death in Service
- Medicash Healthcare Cash Plan
- Permanent Total Disability Insurance
- Enhanced Maternity/Paternity/Adoption Pay
- Company Sick Pay
- Hybrid Working
- Investment in personal and professional training
- Professional Memberships
- Health checks
- Wellbeing training and support
- Employee Assistance Program
- Flu jabs
- Eyecare
- Paid holiday
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
CybersecurityOT security toolsSIEMSOARICSSCADAnetwork architecturescriptingfirewallsincident response
Soft Skills
analytical skillsproblem-solving skillsinitiativecollaborationcommunicationtrainingdocumentationproactive approachtime managementadaptability
Certifications
CompTIA Security+CySA+Cisco certificationsNozomi certificationsFortinet certifications