Job Description

Hiring: OT/ICS SOC Analysts (L1 & L2)

We are looking for skilled and motivated OT/ICS Security Analysts (L1 and L2) to join our cybersecurity operations team. The role involves monitoring, incident investigation, protocol analysis, and working closely with OT engineers to protect critical industrial environments. Experience with Claroty or similar OT security platforms will be a strong advantage.

Role Overview

The position covers responsibilities across both Tier-1 (L1) and Tier-2 (L2) levels, depending on experience.
L1 focuses on monitoring and triage, while L2 handles deep investigations, rule tuning, and coordinated remediation.

ResponsibilitiesL1 - Tier-1 (First Line)

Perform 24x7 monitoring of Claroty alerts and dashboards. Conduct initial alert triage to identify true and false positives. Add contextual details to alerts, such as asset owner, site, and maintenance activities. Execute approved low-impact containment actions when required. Create and update tickets with accurate details, evidence, and recommended next steps. Follow runbooks, SOPs, and escalate incidents to L2/OT teams when necessary.
L2 - Tier-2 (Second Line)

Perform detailed investigations, RCA, and incident validation. Coordinate with OT engineers, SMEs, and asset owners to drive remediation activities such as configuration changes, segmentation updates, and firmware updates. Tune detection rules, reduce false positives, and improve baseline models. Maintain and enhance playbooks, runbooks, and detection signatures. Conduct advanced packet analysis and reconstruct sessions using pcaps. Correlate Claroty telemetry with SIEM, NMS, and other monitoring systems. Manage asset inventory, reconciliation, anomaly detection tuning, and forensic data collection.
Minimum Experience and BackgroundL1 Requirements

1 to 3 years of experience in IT/OT monitoring, SOC/NOC operations, or similar roles. Exposure to industrial or critical infrastructure environments is preferred. Basic understanding of networking fundamentals (TCP/IP, VLANs, routing). Conceptual familiarity with ICS protocols such as IEC 61850, DNP3, Modbus, IEC 60870-5-104. Willingness to work in rotational shifts.
L2 Requirements

3 to 6+ years of experience in ICS/OT security or SOC operations. Demonstrated experience in handling incidents in industrial environments. Hands-on experience with Claroty or similar OT security platforms. Strong networking and protocol analysis skills. Familiarity with power system devices, substation architecture, and OT networks.
Required Technical SkillsL1 Skills

Understanding of Claroty UI workflows: alerts, asset view, inventory, topology, and risk dashboards. Ability to read and interpret packet/flow data and key fields in pcaps/logs. Basic SIEM knowledge: creating and reading alerts, adding context. Basic Windows and Linux troubleshooting. Familiarity with OT devices such as RTUs, IEDs, PLCs, and HMIs.
L2 Skills

Deep understanding of ICS/SCADA protocols (IEC 61850, DNP3, Modbus, IEC 60870-5-104). Advanced packet analysis using Wireshark and ability to reconstruct sessions. Experience with Claroty functions: asset discovery, risk scoring, anomaly detection, session monitoring, forensic retrieval. Ability to create and update detection rules, playbooks, and containment steps. Knowledge of secure OT change management practices. Familiarity with IEC 62443 framework and OT security concepts.
Preferred Certifications (L1 and L2)

Claroty product training (administrator/operator/advanced). ICS/SCADA certifications such as SANS ICS, GICSP, or equivalent. Networking and security certifications (CCNA, CCNP, CISSP). Security fundamentals such as CompTIA Security+.
Work Environment

Exposure to industrial OT environments such as power grids and substations. 24x7 SOC operations with rotating shifts for L1 analysts.
If you are interested in building your career in OT cybersecurity and contributing to the protection of industrial systems, we encourage you to apply.

Job Types: Full-time, Permanent

Pay: From ?1,800,000.00 per year

Benefits:

Cell phone reimbursement Commuter assistance Flexible schedule Food provided Health insurance Internet reimbursement Leave encashment Life insurance Paid sick time Paid time off Provident Fund Work from home
Work Location: In person