The L1 OT Analyst (MSSP) is responsible for continuous monitoring, initial analysis, and triage of security events within Operational Technology (OT) environments. The role focuses on identifying potential cyber threats, policy violations, and abnormal behaviors across industrial control systems (ICS) and critical infrastructure, escalating incidents as per defined procedures to ensure timely response and minimal operational impact.
Responsibilities
- Monitor OT security tools (IDS/IPS, SIEM, OT monitoring platforms such as Nozomi, Claroty, etc.) for alerts and anomalies on a 24x7 basis.
- Perform initial analysis and classification of OT security events, determine severity, and validate true/false positives.
- Escalate confirmed or suspicious incidents to L2/L3 analysts in accordance with SOC escalation and incident response procedures.
- Log, track, and document all alerts and incidents accurately in the ticketing system with proper evidence and timelines.
- Maintain awareness of OT assets, industrial protocols (Modbus, DNP3, IEC 61850, etc.), and network behavior to support effective monitoring.
- Participate in Knowledge Transfer (KT), shift handovers, and ensure continuity of operations across shifts
- Follow SOC SOPs, playbooks, SLAs, and customer‑specific monitoring requirements.
Qualifications and Job specific skills:
- Bachelor’s degree in Cybersecurity, Information Technology, Engineering, or a related field.
- Entry‑level OT/ICS security certifications are an advantage (e.g., GICSP, OT fundamentals, vendor‑specific training).
- Should have 3–5 years of experience in SOC operations, cybersecurity monitoring, or OT/ICS environments.
- Exposure to MSSP operations or 24x7 SOC environments is preferred.
- Basic understanding of OT/ICS environments and critical infrastructure
- Familiarity with SIEM and OT security monitoring tools
- Knowledge of common OT threats, malware, and attack vectors
- Ability to analyze alerts and follow incident response playbooks
- Strong documentation and communication skills
