Jacobs
OT SOC Manager
Join to apply for the
OT SOC Manager
role at
Jacobs
This range is provided by Jacobs. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Base pay range $150,000.00/yr - $190,000.00/yr
At Jacobs, we’re challenging today to reinvent tomorrow by solving the world’s most critical problems for thriving cities, resilient environments, mission‑critical outcomes, operational advancement, scientific discovery and cutting‑edge manufacturing, turning abstract ideas into realities that transform the world for good.
Your impact
At Jacobs, we are at the forefront of protecting critical infrastructure through innovative cybersecurity solutions. As we expand our Operational Technology (OT) security capabilities, we are seeking a dynamic OT SOC Manager to lead the establishment and growth of our Security Operations Center (SOC) focused on OT environments, including industrial control systems (ICS), SCADA, and other critical infrastructure. This remote role, available to candidates in the United States only, will report to the Manager of Managed Services and collaborate closely with OT, Engineering, and business unit leaders.
The ideal candidate will bring hands‑on experience in building OT SOC infrastructure from the ground up, combined with senior‑level expertise in networking and system administration. You will play a pivotal role in designing, implementing, and maturing our OT SOC to ensure proactive threat detection, rapid incident response, and compliance with industry standards like NERC CIP, NIST, and IEC 62443. If you thrive in a fast‑paced environment where you can shape the future of OT cybersecurity, join us in safeguarding the operations that power the world.
In this role, you will drive the foundational build‑out of our OT SOC while managing ongoing operations.
Key Responsibilities
Lead the design, implementation, and optimization of OT SOC infrastructure, including selection and deployment of core tools such as SIEM (e.g., Elastic, Splunk, Microsoft Sentinel), SOAR platforms, EDR/XDR solutions, and threat intelligence feeds tailored to OT environments
Develop and maintain OT‑specific incident response playbooks, runbooks, and automation workflows to enable efficient triage, escalation, and resolution of security events in SCADA systems
Oversee the recruitment, training, mentoring, and performance management of SOC analysts (Tier 1‑3), fostering a high‑performing team capable of 24/7 monitoring and threat hunting in OT networks
Conduct risk assessments, vulnerability management, and threat modeling for OT assets, integrating findings into SOC processes to mitigate risks from industrial protocols (e.g., Modbus, DNP3, OPC, Profinet, EtherNet/IP, BACnet) and legacy systems
Collaborate with cross‑functional teams—including OT engineers, network administrators, and business units—to onboard assets, ensure data ingestion from OT sources, and align SOC operations with business objectives
Establish governance, escalation protocols, and reporting mechanisms, providing executive‑level updates on SOC metrics such as MTTD/MTTR, incident trends, and compliance status
Drive continuous improvement initiatives, including post‑incident reviews, tool integrations, and simulations/drills to enhance OT SOC resilience against evolving threats like ransomware targeting critical infrastructure
Ensure adherence to regulatory requirements (e.g., NERC CIP, TSA guidelines) and industry best practices, while managing budget and resources for SOC scalability in a remote, distributed model
Work with sales team to develop client value propositions that leverage the full capabilities of the OT SOC across the client delivery lifecycle
Requirements
Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, Engineering, or a related field (or equivalent experience)
8+ years of experience in cybersecurity operations, with at least 5 years in SOC management or leadership roles, including direct experience building and scaling a SOC from inception
Proven expertise in OT/ICS cybersecurity, including in‑depth knowledge of industrial protocols such as Modbus, DNP3, OPC, Profinet, EtherNet/IP, and BACnet, along with the Purdue Enterprise Reference Architecture (PERA) Model and IT/OT network segmentation strategies
Expertise in MITRE ATT&CK® and ATT&CK for ICs Frameworks for threat modeling, adversary emulation, and mapping defensive coverage gaps in OT environments
Senior‑level knowledge of networking (TCP/IP, firewalls, switches, VLANs, routing protocols, IDS/IPS) and system administration (Windows/Linux servers, Active Directory, virtualization, patch management) as applied to secure OT infrastructures
Hands‑on experience with SOC technologies, including SIEM/SOAR deployment, endpoint detection, log analysis, and network traffic analysis in hybrid/cloud environments
Strong leadership skills with a track record of managing remote, distributed teams and driving incident response in high‑stakes OT settings
Excellent communication and stakeholder management abilities, with experience presenting to C‑level executives and technical teams
Ability to obtain and maintain necessary security clearances or certifications for critical infrastructure roles
Preferred Assets
Advanced certifications such as CISSP, CISM, GICSP, or GIAC Critical Infrastructure Protection
Experience in energy, manufacturing, or utilities sectors, with knowledge of NERC CIP, NIST CSF, or IEC 62443 frameworks
Proficiency in scripting/automation (Python, PowerShell) for SOC enhancements and familiarity with AI/ML‑driven threat detection
Prior consulting or advisory experience in OT SOC transformations
Experience with OT‑specific security tools (e.g., Nozomi, Claroty, Dragos, etc.)
Familiarity with ICS asset inventory and management platforms
Knowledge of secure remote access solutions for OT environments (e.g., Beyond Trust, Cyolo, Dispel, etc.)
Experience conducting tabletop exercises and red/blue team simulations in OT contexts
Essential Functions
Interpersonal Skills – Ability to effectively communicate complex technical concepts to diverse audiences, from analysts to executives, and strong collaboration and conflict resolution skills in a remote setting
Communication – Excellent verbal and written skills; proficiency in tools like Microsoft Teams, Slack, or Jira for remote coordination
Work Environment – Fully remote with occasional virtual meetings across US time zones, must be able to work flexible hours to support 24/7 SOC operations as needed
Travel Minimal; up to 10% for optional team events or client site visits.
What We Offer
Opportunity to shape a greenfield OT SOC and contribute to mission‑critical cybersecurity initiatives
To apply, please submit your resume and a cover letter highlighting your experience building SOC infrastructure in OT environments
Benefits Our health and welfare benefits are designed to invest in you, and in the things you care about. Your health. Your well‑being. Your security. Your future. Employees have access to medical, dental, vision, and basic life insurance, a 401(k) plan, paid time off, and the ability to purchase company stock at a discount. Eligible employees may also enroll in a deferred compensation plan or the Executive Deferral Plan. And certain roles may be eligible for additional rewards, including merit increases, performance discretionary bonus, and stock.
Salary The base salary range for this position is $150,000.00 to $190,000.00. Within the range, individual pay is determined by work location and additional factors, including job‑related skills, experience, and relevant education or training.
Equal Opportunity Statement All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
#J-18808-Ljbffr
OT SOC Manager
role at
Jacobs
This range is provided by Jacobs. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Base pay range $150,000.00/yr - $190,000.00/yr
At Jacobs, we’re challenging today to reinvent tomorrow by solving the world’s most critical problems for thriving cities, resilient environments, mission‑critical outcomes, operational advancement, scientific discovery and cutting‑edge manufacturing, turning abstract ideas into realities that transform the world for good.
Your impact
At Jacobs, we are at the forefront of protecting critical infrastructure through innovative cybersecurity solutions. As we expand our Operational Technology (OT) security capabilities, we are seeking a dynamic OT SOC Manager to lead the establishment and growth of our Security Operations Center (SOC) focused on OT environments, including industrial control systems (ICS), SCADA, and other critical infrastructure. This remote role, available to candidates in the United States only, will report to the Manager of Managed Services and collaborate closely with OT, Engineering, and business unit leaders.
The ideal candidate will bring hands‑on experience in building OT SOC infrastructure from the ground up, combined with senior‑level expertise in networking and system administration. You will play a pivotal role in designing, implementing, and maturing our OT SOC to ensure proactive threat detection, rapid incident response, and compliance with industry standards like NERC CIP, NIST, and IEC 62443. If you thrive in a fast‑paced environment where you can shape the future of OT cybersecurity, join us in safeguarding the operations that power the world.
In this role, you will drive the foundational build‑out of our OT SOC while managing ongoing operations.
Key Responsibilities
Lead the design, implementation, and optimization of OT SOC infrastructure, including selection and deployment of core tools such as SIEM (e.g., Elastic, Splunk, Microsoft Sentinel), SOAR platforms, EDR/XDR solutions, and threat intelligence feeds tailored to OT environments
Develop and maintain OT‑specific incident response playbooks, runbooks, and automation workflows to enable efficient triage, escalation, and resolution of security events in SCADA systems
Oversee the recruitment, training, mentoring, and performance management of SOC analysts (Tier 1‑3), fostering a high‑performing team capable of 24/7 monitoring and threat hunting in OT networks
Conduct risk assessments, vulnerability management, and threat modeling for OT assets, integrating findings into SOC processes to mitigate risks from industrial protocols (e.g., Modbus, DNP3, OPC, Profinet, EtherNet/IP, BACnet) and legacy systems
Collaborate with cross‑functional teams—including OT engineers, network administrators, and business units—to onboard assets, ensure data ingestion from OT sources, and align SOC operations with business objectives
Establish governance, escalation protocols, and reporting mechanisms, providing executive‑level updates on SOC metrics such as MTTD/MTTR, incident trends, and compliance status
Drive continuous improvement initiatives, including post‑incident reviews, tool integrations, and simulations/drills to enhance OT SOC resilience against evolving threats like ransomware targeting critical infrastructure
Ensure adherence to regulatory requirements (e.g., NERC CIP, TSA guidelines) and industry best practices, while managing budget and resources for SOC scalability in a remote, distributed model
Work with sales team to develop client value propositions that leverage the full capabilities of the OT SOC across the client delivery lifecycle
Requirements
Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, Engineering, or a related field (or equivalent experience)
8+ years of experience in cybersecurity operations, with at least 5 years in SOC management or leadership roles, including direct experience building and scaling a SOC from inception
Proven expertise in OT/ICS cybersecurity, including in‑depth knowledge of industrial protocols such as Modbus, DNP3, OPC, Profinet, EtherNet/IP, and BACnet, along with the Purdue Enterprise Reference Architecture (PERA) Model and IT/OT network segmentation strategies
Expertise in MITRE ATT&CK® and ATT&CK for ICs Frameworks for threat modeling, adversary emulation, and mapping defensive coverage gaps in OT environments
Senior‑level knowledge of networking (TCP/IP, firewalls, switches, VLANs, routing protocols, IDS/IPS) and system administration (Windows/Linux servers, Active Directory, virtualization, patch management) as applied to secure OT infrastructures
Hands‑on experience with SOC technologies, including SIEM/SOAR deployment, endpoint detection, log analysis, and network traffic analysis in hybrid/cloud environments
Strong leadership skills with a track record of managing remote, distributed teams and driving incident response in high‑stakes OT settings
Excellent communication and stakeholder management abilities, with experience presenting to C‑level executives and technical teams
Ability to obtain and maintain necessary security clearances or certifications for critical infrastructure roles
Preferred Assets
Advanced certifications such as CISSP, CISM, GICSP, or GIAC Critical Infrastructure Protection
Experience in energy, manufacturing, or utilities sectors, with knowledge of NERC CIP, NIST CSF, or IEC 62443 frameworks
Proficiency in scripting/automation (Python, PowerShell) for SOC enhancements and familiarity with AI/ML‑driven threat detection
Prior consulting or advisory experience in OT SOC transformations
Experience with OT‑specific security tools (e.g., Nozomi, Claroty, Dragos, etc.)
Familiarity with ICS asset inventory and management platforms
Knowledge of secure remote access solutions for OT environments (e.g., Beyond Trust, Cyolo, Dispel, etc.)
Experience conducting tabletop exercises and red/blue team simulations in OT contexts
Essential Functions
Interpersonal Skills – Ability to effectively communicate complex technical concepts to diverse audiences, from analysts to executives, and strong collaboration and conflict resolution skills in a remote setting
Communication – Excellent verbal and written skills; proficiency in tools like Microsoft Teams, Slack, or Jira for remote coordination
Work Environment – Fully remote with occasional virtual meetings across US time zones, must be able to work flexible hours to support 24/7 SOC operations as needed
Travel Minimal; up to 10% for optional team events or client site visits.
What We Offer
Opportunity to shape a greenfield OT SOC and contribute to mission‑critical cybersecurity initiatives
To apply, please submit your resume and a cover letter highlighting your experience building SOC infrastructure in OT environments
Benefits Our health and welfare benefits are designed to invest in you, and in the things you care about. Your health. Your well‑being. Your security. Your future. Employees have access to medical, dental, vision, and basic life insurance, a 401(k) plan, paid time off, and the ability to purchase company stock at a discount. Eligible employees may also enroll in a deferred compensation plan or the Executive Deferral Plan. And certain roles may be eligible for additional rewards, including merit increases, performance discretionary bonus, and stock.
Salary The base salary range for this position is $150,000.00 to $190,000.00. Within the range, individual pay is determined by work location and additional factors, including job‑related skills, experience, and relevant education or training.
Equal Opportunity Statement All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
#J-18808-Ljbffr