OT Detection Engineer

• Develop, validate, tune and optimise network sensor detection logic specific to OT environments. 
• Integrate network telemetry into SIEM and SOAR platforms. 
• Support client facing teams in network sensor deployments and configuration baselines. 
• Write and maintain detection tests cases. 
• Review findings of TI, CERT, and Red Team activities and evaluate from a detection engineering improvement perspective. 

Key Responsibilities

• Researching data sets and potential IOCs for distribution. 
• Running tools/techniques to get data. 
• Researching log sources and data sets. 
• Writing rules and alert logic. 
• Writing test processes and procedures for the logic. 
• Monitoring test output and bug fixing. 
• Monitoring the system & data health. 
• Add global filters to detection logic based on operational feedback. 
• Deploy new analytics to existing customers using our deployment pipeline(s). 
• Ensuring work is up-to-date or tracked. 

Skills, Knowledge & Expertise

• Proven experience with and understanding of industrial environments and protocols (such as, but not excluded to: Modbus, S7Comm, S7Comm+, Bacnet, Profinet, DNP3, OPC, MQTT). 
• Proven experience and general understanding of detection engineering, tuning and optimization of detection logic with Suricata, Zeek or vendor platforms (such as Dragos, Nozomi, Claroty, Armis or Darktrace). 
• Proven experience in SOC or Managed Detection Services  

• Proven experience in Analytically-minded IT Systems administration/Network Administration and looking for a change in career/focus on Security 
• Excellent oral and written communication skills in English 
• Ability to work with client engagement teams and NCC colleagues to continuously improve the service we deliver 
• Good understanding of IT Systems and platforms from a security context 
  
  Desired Requirements: 
  
  
• A security mindset and demonstrable experience or knowledge of the contemporary attack tactics and techniques specific for OT environments. 
• Forensics or Incident Response competency would be considered valuable. 
• Strong knowledge of the latest threats in security or is eager to build this knowledge. 
• Experience with simulating attacks. Certificates such as CEH and OSCP are not required but are a plus. 
• Experience with network detection tools, preferably Zeek, Suricata, Nozomi, Claroty, Armis or Dragos. 
• Experience with Scripting languages such as PowerShell, Python, Bash. 
• Experience with version control (Git, Azure Dev Ops, etc.).  

• Networking fundamentals. 
• ICS/SCADA 

Job Benefits

• Flexible Working: Balance your work and personal life with our flexible working options.
• Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
• Medicash & Critical Illness Scheme
• Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
• Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
• Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
• Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
• Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
• Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.