TasksTasks

Key Tasks & Responsibilities:

Investigate and respond to OT/ICS security incidents from detection through containment, recovery, and closure under defined CSOC processes.
Perform incident analysis to determine root cause, scope, severity, potential safety impact, and business impact.
Support containment and remediation activities in coordination with OT engineering, plant operations, and network teams.
Escalate complex or high‑severity OT incidents to L3 OT experts with structured analysis and evidence.
Analyze OT security alerts and events using SIEM and OT‑specific monitoring platforms.
Conduct focused threat hunting activities in OT environments based on known attack patterns, anomalies, and threat intelligence inputs.
Review network traffic and protocol behavior across SCADA, DCS, and PLC environments to identify suspicious activity.
Tune and refine OT detection rules and alerts to improve signal quality and reduce false positives.
Support the development and maintenance of OT SOC playbooks, runbooks, and response procedures.
Participate in post‑incident reviews and RCA sessions, contributing to corrective and preventive actions.
Maintain accurate technical documentation for incidents, findings, and response actions.
Work closely with CSOC Incident Managers, IT SOC, OT Engineering, Network, and external vendors during investigations and remediation.
Provide guidance and knowledge sharing to L1 OT SOC analysts.
Support audit, compliance, and regulatory activities related to OT security incidents when required.

Key Skills:

Strong understanding of OT/ICS architectures, industrial network segmentation, and plant‑level security concepts.
Working knowledge of ICS protocols such as Modbus, DNP3, IEC‑104, OPC, Profinet, and EtherNet/IP.
Hands‑on experience with OT visibility and security platforms (e.g., SentinelOne, Nozomi, Claroty, Dragos, or equivalent).
Experience using SIEM platforms (e.g., Microsoft Sentinel) for investigation and correlation of OT security events.
Good understanding of network security controls, firewalls, secure remote access, and monitoring in OT environments.
Familiarity with threat intelligence, malware analysis, and basic sandbox analysis for OT‑related threats.
Working knowledge of ISA/IEC 62443, NIST SP 800‑82, NIST CSF, and MITRE ATT&CK for ICS.
Ability to apply incident response frameworks in industrial and safety‑critical environments.

Key Tasks & Responsibilities:

Investigate and respond to OT/ICS security incidents from detection through containment, recovery, and closure under defined CSOC processes.
Perform incident analysis to determine root cause, scope, severity, potential safety impact, and business impact.
Support containment and remediation activities in coordination with OT engineering, plant operations, and network teams.
Escalate complex or high‑severity OT incidents to L3 OT experts with structured analysis and evidence.
Analyze OT security alerts and events using SIEM and OT‑specific monitoring platforms.
Conduct focused threat hunting activities in OT environments based on known attack patterns, anomalies, and threat intelligence inputs.
Review network traffic and protocol behavior across SCADA, DCS, and PLC environments to identify suspicious activity.
Tune and refine OT detection rules and alerts to improve signal quality and reduce false positives.
Support the development and maintenance of OT SOC playbooks, runbooks, and response procedures.
Participate in post‑incident reviews and RCA sessions, contributing to corrective and preventive actions.
Maintain accurate technical documentation for incidents, findings, and response actions.
Work closely with CSOC Incident Managers, IT SOC, OT Engineering, Network, and external vendors during investigations and remediation.
Provide guidance and knowledge sharing to L1 OT SOC analysts.
Support audit, compliance, and regulatory activities related to OT security incidents when required.

Key Skills:

Strong understanding of OT/ICS architectures, industrial network segmentation, and plant‑level security concepts.
Working knowledge of ICS protocols such as Modbus, DNP3, IEC‑104, OPC, Profinet, and EtherNet/IP.
Hands‑on experience with OT visibility and security platforms (e.g., SentinelOne, Nozomi, Claroty, Dragos, or equivalent).
Experience using SIEM platforms (e.g., Microsoft Sentinel) for investigation and correlation of OT security events.
Good understanding of network security controls, firewalls, secure remote access, and monitoring in OT environments.
Familiarity with threat intelligence, malware analysis, and basic sandbox analysis for OT‑related threats.
Working knowledge of ISA/IEC 62443, NIST SP 800‑82, NIST CSF, and MITRE ATT&CK for ICS.
Ability to apply incident response frameworks in industrial and safety‑critical environments.

QualificationsQualifications

Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or Engineering.
4 – 7 years of overall cybersecurity experience, with strong exposure to OT/ICS security operations.
Experience supporting medium to high‑severity OT cyber incidents in industrial or large enterprise environments.
Preferred certifications:
- GICSP / GCIA / GCIH or equivalent
- ISA/IEC 62443 certifications
- CISSP / CISM (preferred but not mandatory)
- Microsoft Security certifications (SIEM / Defender ecosystem)

Our company cultureOur company culture

At Daimler Truck, we promote diversity and foster an inclusive corporate culture. We value the individual strengths of our employees, as these lead to the best team performance and thus to the success of our company. Inclusion and Equal opportunities are important to us – regardless of where you come from and who you are. We look forward to receiving applications from people of all cultures and genders, parents, people with disabilities and people from the LGBTIQ+ community.