OT Security Specialist

Madrid or Delft

At NCC Group, it is our mission to keep our clients secure through offering the full spectrum of cyber security services. To deliver on that mission beyond strict IT, NCC Group launched an OT capability a few years ago. Since then, we have expanded on that capability with NDR for OT in GMS and the IT / OT IR Retainer.

• Hands on triage and typical SOC responsibilities of OT alerts, or IT alerts in an OT environment
• Interface with C&I and DFIR OT Teams
• Creation of OT-specific SOC playbooks and procedures, ensuring junior analysts can follow consistent, high‑quality processes.
• Contribution to the maturity of our OT SOC service model, including tuning detection use cases, developing runbooks, and refining threat hunting methods.

• Design, evaluate, and refine detection content and playbooks for OT-specific protocols (Modbus, DNP3, OPC, MQTT, etc.) on our NWM.
• Support incident response engagements for OT networks, including forensic analysis and containment guidance.
• Conduct threat hunting and intelligence-driven investigations with a focus on OT attack techniques (MITRE ATT&CK for ICs).
• Provide oversight and mentorship to SOC analysts, ensuring investigations are thorough and escalations appropriate.
• Develop and maintain SOC runbooks and procedures, aligned with industry standards such as IEC 62443, NERC CIP, NIST 800‑82.

• You work accurately and discreetly and manage your responsibilities and the independence that comes with it with excellence.
• You feel comfortable in a dynamic and rapidly changing organization and sector; no two days are the same.
• Your initiative-taking attitude allows you to highlight bottlenecks and opportunities quickly and concisely with your colleagues.
• You are fluent in both spoken and written English, and you feel comfortable collaborating with colleagues and clients, both domestically and internationally.

• Proven experience in a SOC or incident response role, with specific exposure to OT / I C S / SCADA environments.
• Ability to monitor, detect, and investigate threats in industrial environments, including use of NDR, SIEM, and endpoint solutions.
• Strong knowledge of OT threat landscape, adversary tactics, and vulnerabilities affecting industrial protocols and assets.
• Excellent communication skills : able to brief technical and non‑technical stakeholders, create clear incident reports, and present to clients.
• Ability to work in a global 24 / 7 SOC model, supporting international teams and travelling to client sites when needed.
• Fluent in English (Dutch optional).

Focusing on Clients and Customers.

Working as One NCC.

Always Learning.

Being Inclusive and Respectful.

Delivering Brilliantly.

At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do, from our work with our incredible clients to groundbreaking research shaping our industry. Our teams partner with clients across a multitude of industries, delving into, securing new products, and emerging technologies, as well as solving complex security problems. As global leaders in cyber and escrow, NCC Group is a people-powered business seeking the next group of brilliant minds to join our ranks.

Our colleagues are our greatest assets, and NCC Group is committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity, and accountability. We want colleagues to put down roots at NCC Group, and we offer a comprehensive benefits package, as well as opportunities for learning and development and career growth. We believe our people are at their brilliant best when they feel bolstered in all aspects of their well‑being, and we offer wellness programs and flexible working arrangements to provide that vital support.

Come join us?

We have a high-performance culture which is balanced evenly with world-class well‑being initiatives and benefits.

• ⏰Flexible working
• Financial & Investment
• Pension
• Life Assurance
• Share Save Scheme
• Maternity & Paternity leave