Job ID:
253068
Published date:
01/07/2026
Summary
Senior OT SOC Engineer
Location: Doha
Employment Type: Full-Time
About the Role
An enterprise organisation operating critical infrastructure is looking for an experienced Senior OT SOC Engineer to strengthen its Operational Technology (OT) cyber defence capability. This position is responsible for monitoring, detecting, investigating and responding to cyber threats across industrial control environments while ensuring minimal disruption to operations.
The successful candidate will work closely with OT engineering, infrastructure and security teams to improve visibility, enhance detection capabilities and strengthen the organisation's overall OT security posture.
Key Responsibilities
OT Security Monitoring & Incident Response
- Administer, support and optimise OT security monitoring platforms.
- Monitor industrial environments using SIEM and OT security technologies.
- Detect, investigate and respond to cybersecurity incidents affecting OT and ICS environments.
- Support network segmentation and Zero Trust initiatives across OT environments.
- Work alongside engineering teams to implement containment actions safely within production environments.
- Conduct proactive threat hunting across industrial networks.
- Maintain OT asset visibility and behavioural baselines.
- Support compliance with recognised industrial cybersecurity standards.
- Manage industrial firewalls, IDS/IPS, NAC and segmentation technologies.
Detection Engineering
- Develop and tune detection rules for industrial environments.
- Improve correlation logic and detection coverage within SIEM platforms.
- Reduce false positives through continuous optimisation.
- Review alert thresholds and enhance detection accuracy.
- Assist with onboarding OT log sources and parser development.
- Improve dashboards, reporting and operational visibility.
- Map detections against recognised industrial attack frameworks.
OT Network Visibility & Traffic Analysis
- Support packet broker, TAP and SPAN infrastructure.
- Perform deep packet inspection of industrial protocols.
- Analyse east-west and north-south traffic for suspicious behaviour.
- Identify unauthorised communications and protocol anomalies.
- Support network telemetry collection across OT environments.
Threat Hunting & Asset Management
- Maintain comprehensive OT asset inventory and network visibility.
- Identify rogue devices and unauthorised network connections.
- Conduct proactive threat hunting using logs, telemetry and behavioural analytics.
- Correlate threat intelligence with industrial risks and vulnerabilities.
- Support security audits, compliance activities and risk assessments.
- Contribute to continuous improvement of the OT cybersecurity programme.
Reporting & Stakeholder Engagement
- Produce regular reports covering incidents, risks and security trends.
- Maintain dashboards for vulnerabilities, threats and remediation activities.
- Present findings to technical and business stakeholders.
- Provide executive reporting on OT security posture.
- Track remediation activities against agreed service levels.
- Support internal and external audit requirements.
Required Experience
- Bachelor's degree in Cybersecurity, Information Security, Computer Science or a related discipline.
- Experience working within industrial or critical infrastructure environments.
- Strong understanding of OT/ICS cybersecurity operations.
- Experience supporting Security Operations Centres (SOC) with OT environments.
Technical Skills
Candidates should demonstrate experience in most of the following:
- Industrial Control Systems (SCADA, DCS, PLC)
- OT network architecture and segmentation
- Purdue Model
- Zero Trust and micro-segmentation
- SIEM technologies
- OT monitoring platforms
- Threat hunting and incident response
- Deep Packet Inspection (DPI)
- Packet broker, TAP and SPAN technologies
- Industrial firewalls and secure remote access
- Asset visibility and vulnerability management
- Industrial cybersecurity standards including IEC 62443 and NIST guidance
- Industrial protocols such as Modbus, DNP3, OPC UA, IEC 104 and Ethernet/IP
Preferred Certifications
One or more of the following is highly desirable:
- GICSP
- ISA/IEC 62443 Cybersecurity Certification
- GRID
- ISA Industrial Cybersecurity Certification