Jacobs
OT SOC Manager
Join Jacobs to apply for the role of OT SOC Manager. This is a fully remote position based in the United States, reporting to the Manager of Managed Services and working closely with OT, Engineering and business unit leaders.
Base Pay Range $150,000.00/yr – $190,000.00/yr (actual pay will be based on skills and experience)
Impact At Jacobs, we’re protecting critical infrastructure through innovative cybersecurity solutions. As we expand our Operational Technology (OT) security capabilities, we need a dynamic OT SOC Manager to lead the establishment, growth, and ongoing operations of our OT Security Operations Center (SOC), focused on industrial control systems (ICS), SCADA, and other critical infrastructure.
Key Responsibilities
Lead the design, implementation and optimization of OT SOC infrastructure, including selection and deployment of core tools such as SIEM (Elastic, Splunk, Microsoft Sentinel), SOAR platforms, EDR/XDR solutions, and threat intelligence feeds tailored to OT environments.
Develop and maintain OT‑specific incident response playbooks, runbooks, and automation workflows to enable efficient triage, escalation and resolution of security events in IMS/SCADA systems.
Oversee the recruitment, training, mentoring and performance management of SOC analysts (Tier 1‑3), fostering a high‑performing team capable of 24/7 monitoring and threat hunting in OT networks.
Conduct risk assessments, vulnerability management and threat modeling for OT assets, integrating findings into SOC processes to mitigate risks stemming from industrial protocols (Modbus, DNP3, OPC, Profinet, EtherNet/IP, BACnet) and legacy systems.
Collaborate with cross‑functional teams—including OT engineers, network administrators and business units—to onboard assets, ensure data ingestion from OT sources, and align SOC operations with business objectives.
Establish governance, escalation protocols and reporting mechanisms, providing executive‑level updates on SOC metrics such as MTTD/MTTR, incident trends and compliance status.
Drive continuous improvement initiatives, including post‑incident reviews, tool integrations and simulations/drills to enhance OT SOC resilience against evolving threats such as ransomware targeting critical infrastructure.
Ensure adherence to regulatory requirements (NERC CIP, TSA guidelines), industry best practices while managing budget and resources for SOC scalability in a remote, distributed model.
Work with the sales team to develop client value propositions that leverage the full capabilities of the OT SOC across the client delivery lifecycle.
Requirements / Qualifications
Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, Engineering or related field (or equivalent experience).
8+ years of experience in cybersecurity operations, including at least 5 years in SOC management or leadership roles, with direct experience building and scaling a SOC from inception.
Proven expertise in OT/ICS cybersecurity, including in‑depth knowledge of industrial protocols (Modbus, DNP3, OPC, Profinet, EtherNet/IP, BACnet) and the Purdue Enterprise Reference Architecture (PERA) model.
Expertise in MITRE ATT&CK® and ATT&CK for ICS frameworks for threat modeling, adversary emulation and mapping defensive coverage gaps in OT environments.
Senior‑level networking knowledge (TCP/IP, firewalls, switches, VLANs, routing protocols, IDS/IPS) and system administration (Windows/Linux servers, Active Directory, virtualization, patch management) as applied to secure OT infrastructures.
Hands‑on experience with SOC technologies, including SIEM/SOAR deployment, endpoint detection, log analysis and network traffic analysis in hybrid/cloud environments.
Strong leadership skills with a track record of managing remote, distributed teams and driving incident response in high‑stakes OT settings.
Excellent communication and stakeholder management abilities, with experience presenting to C‑level executives and technical teams.
Ability to obtain and maintain necessary security clearances or certifications for critical infrastructure roles.
Preferred Nice‑to‑Have Assets
Advanced certifications such as CISSP, CISM, GICSP or GIAC Critical Infrastructure Protection.
Experience in energy, manufacturing or utilities sectors, with knowledge of NERC CIP, NIST CSF or IEC 62443 frameworks.
Proficiency in scripting/automation (Python, PowerShell) for SOC enhancements and familiarity with AI/ML‑driven threat detection.
Prior consulting or advisory experience in OT SOC transformations.
Experience with OT‑specific security tools (Nozomi, Claroty, Dragos, etc.).
Familiarity with IC asset inventory and management platforms.
Knowledge of secure remote access solutions for OT environments (Beyond Trust, Cyolo, Dispel, etc.).
Experience conducting tabletop exercises and red/blue team simulations in OT contexts.
Essential Functions
Effective communication of complex technical concepts to diverse audiences, from analysts to executives.
Strong collaboration and conflict resolution skills in a remote setting.
Excellent verbal and written skills; proficiency with tools such as Microsoft Teams, Slack, or Jira for remote coordination.
Travel Minimal; up to 10% for optional team events or client site visits.
What We Offer
Opportunity to shape a greenfield OT SOC and contribute to mission‑critical cybersecurity initiatives.
To apply, please submit your resume and a cover letter highlighting your experience building SOC infrastructure in OT environments.
Health and Welfare Benefits Employees have access to medical, dental, vision and basic life insurance, a 401(k) plan, paid time off, and the ability to purchase company stock at a discount. Eligible employees may also enroll in a deferred compensation plan or the Executive Deferral Plan. Certain roles may be eligible for additional rewards, including merit increases, performance discretionary bonus, and stock.
Equal Employment Opportunity All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
Seniority Level
Not Applicable
Employment Type
Full‑time
Job Function & Industries
Other
Civil Engineering, Design Services, and IT Services and IT Consulting
#J-18808-Ljbffr
Base Pay Range $150,000.00/yr – $190,000.00/yr (actual pay will be based on skills and experience)
Impact At Jacobs, we’re protecting critical infrastructure through innovative cybersecurity solutions. As we expand our Operational Technology (OT) security capabilities, we need a dynamic OT SOC Manager to lead the establishment, growth, and ongoing operations of our OT Security Operations Center (SOC), focused on industrial control systems (ICS), SCADA, and other critical infrastructure.
Key Responsibilities
Lead the design, implementation and optimization of OT SOC infrastructure, including selection and deployment of core tools such as SIEM (Elastic, Splunk, Microsoft Sentinel), SOAR platforms, EDR/XDR solutions, and threat intelligence feeds tailored to OT environments.
Develop and maintain OT‑specific incident response playbooks, runbooks, and automation workflows to enable efficient triage, escalation and resolution of security events in IMS/SCADA systems.
Oversee the recruitment, training, mentoring and performance management of SOC analysts (Tier 1‑3), fostering a high‑performing team capable of 24/7 monitoring and threat hunting in OT networks.
Conduct risk assessments, vulnerability management and threat modeling for OT assets, integrating findings into SOC processes to mitigate risks stemming from industrial protocols (Modbus, DNP3, OPC, Profinet, EtherNet/IP, BACnet) and legacy systems.
Collaborate with cross‑functional teams—including OT engineers, network administrators and business units—to onboard assets, ensure data ingestion from OT sources, and align SOC operations with business objectives.
Establish governance, escalation protocols and reporting mechanisms, providing executive‑level updates on SOC metrics such as MTTD/MTTR, incident trends and compliance status.
Drive continuous improvement initiatives, including post‑incident reviews, tool integrations and simulations/drills to enhance OT SOC resilience against evolving threats such as ransomware targeting critical infrastructure.
Ensure adherence to regulatory requirements (NERC CIP, TSA guidelines), industry best practices while managing budget and resources for SOC scalability in a remote, distributed model.
Work with the sales team to develop client value propositions that leverage the full capabilities of the OT SOC across the client delivery lifecycle.
Requirements / Qualifications
Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, Engineering or related field (or equivalent experience).
8+ years of experience in cybersecurity operations, including at least 5 years in SOC management or leadership roles, with direct experience building and scaling a SOC from inception.
Proven expertise in OT/ICS cybersecurity, including in‑depth knowledge of industrial protocols (Modbus, DNP3, OPC, Profinet, EtherNet/IP, BACnet) and the Purdue Enterprise Reference Architecture (PERA) model.
Expertise in MITRE ATT&CK® and ATT&CK for ICS frameworks for threat modeling, adversary emulation and mapping defensive coverage gaps in OT environments.
Senior‑level networking knowledge (TCP/IP, firewalls, switches, VLANs, routing protocols, IDS/IPS) and system administration (Windows/Linux servers, Active Directory, virtualization, patch management) as applied to secure OT infrastructures.
Hands‑on experience with SOC technologies, including SIEM/SOAR deployment, endpoint detection, log analysis and network traffic analysis in hybrid/cloud environments.
Strong leadership skills with a track record of managing remote, distributed teams and driving incident response in high‑stakes OT settings.
Excellent communication and stakeholder management abilities, with experience presenting to C‑level executives and technical teams.
Ability to obtain and maintain necessary security clearances or certifications for critical infrastructure roles.
Preferred Nice‑to‑Have Assets
Advanced certifications such as CISSP, CISM, GICSP or GIAC Critical Infrastructure Protection.
Experience in energy, manufacturing or utilities sectors, with knowledge of NERC CIP, NIST CSF or IEC 62443 frameworks.
Proficiency in scripting/automation (Python, PowerShell) for SOC enhancements and familiarity with AI/ML‑driven threat detection.
Prior consulting or advisory experience in OT SOC transformations.
Experience with OT‑specific security tools (Nozomi, Claroty, Dragos, etc.).
Familiarity with IC asset inventory and management platforms.
Knowledge of secure remote access solutions for OT environments (Beyond Trust, Cyolo, Dispel, etc.).
Experience conducting tabletop exercises and red/blue team simulations in OT contexts.
Essential Functions
Effective communication of complex technical concepts to diverse audiences, from analysts to executives.
Strong collaboration and conflict resolution skills in a remote setting.
Excellent verbal and written skills; proficiency with tools such as Microsoft Teams, Slack, or Jira for remote coordination.
Travel Minimal; up to 10% for optional team events or client site visits.
What We Offer
Opportunity to shape a greenfield OT SOC and contribute to mission‑critical cybersecurity initiatives.
To apply, please submit your resume and a cover letter highlighting your experience building SOC infrastructure in OT environments.
Health and Welfare Benefits Employees have access to medical, dental, vision and basic life insurance, a 401(k) plan, paid time off, and the ability to purchase company stock at a discount. Eligible employees may also enroll in a deferred compensation plan or the Executive Deferral Plan. Certain roles may be eligible for additional rewards, including merit increases, performance discretionary bonus, and stock.
Equal Employment Opportunity All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
Seniority Level
Not Applicable
Employment Type
Full‑time
Job Function & Industries
Other
Civil Engineering, Design Services, and IT Services and IT Consulting
#J-18808-Ljbffr