Optomi, in partnership with a leading industrial technology organization, is looking for an ICS Security Analyst to safeguard operational technology (OT) environments against cyber threats while ensuring industrial reliability and safety.
Position Summary: ICS Security Analysts play a critical role in protecting industrial control systems by monitoring network traffic for anomalies, analyzing logs from HMIs and SCADA systems, investigating alerts involving industrial protocols, and responding to incidents affecting PLCs or field devices. They collaborate with engineers to assess vulnerabilities in control networks, enforce segmentation, and ensure process safety and uptime. This role requires bridging cybersecurity practices with operational safety, reliability, and engineering integrity. What the right candidate will enjoy:
- Opportunity to work at the intersection of cybersecurity and industrial reliability
- Collaboration with multidisciplinary teams including engineers, operators, and leadership
- Hands-on experience with cutting-edge OT security tools and technologies
- Contribution to ensuring safety and uptime in critical industrial environments
- Expertise in traffic analysis of industrial protocols (e.g., Modbus, DNP3)
- Proficiency in tools like Wireshark, Nozomi Networks, or Claroty
- Strong understanding of vulnerabilities in devices like Siemens S7-1200 or Allen-Bradley ControlLogix
- Experience with forensic review of HMI or historian logs
- Knowledge of OT constraints, such as downtime risks and vendor-specific firmware
- Ability to translate cyber threats into operational impacts
- Monitor industrial control systems for cyber threats and vulnerabilities
- Implement security measures aligned with safety and engineering standards
- Investigate alerts involving industrial protocols and respond to incidents affecting PLCs or field devices
- Assess vulnerabilities in control networks and enforce segmentation
- Coordinate incident response and recovery efforts in industrial environments
- Review configurations and detect misused ports like TCP 502 (Modbus)
- Report on risk to both security and operations teams
