Principal Incident Responder - ICS/OT Cybersecurity

Dragos is on a relentless mission to defend industrial organizations that provide us with the necessities of modern civilization; running water, functioning electricity, and safe industrial working environments. As the market leader in ICS/OT Cybersecurity, we are dedicated to arming our customers with best-in-class technology, threat intelligence, and services to protect their systems as effectively and efficiently as possible. We're a remote-first culture with operations in North America, Europe, the Middle East, and APAC. We're looking for mission-oriented teammates who embody our core values of authenticity, transparency, and trust. Are you ready to make a difference? Come join a mission that can save the world!

About the Role: Our Professional Services team is seeking a Principal Incident Responder who will play a key role in our mission to safeguard civilization. In this role, you\'ll lead high-impact investigations, guide organizations through crisis situations, and strengthen defenses across industrial environments. Your expertise will directly shape how our customers prepare for, respond to, and recover from cyber threats - ensuring resilience where it matters most.

• Lead and execute incident response engagements for industrial customers, including investigations, threat hunts, triage, and crisis management, both onsite and remotely.
• Guide customers through critical situations by serving as Incident Commander, delivering ad hoc guidance, and ensuring clear communication throughout the response lifecycle.
• Strengthen customer resilience by developing playbooks, conducting tabletop exercises (TTXs), leading incident response planning workshops, and supporting assessments and architecture reviews.
• Collaborate and innovate with internal teams to identify service improvements and enhance engagement outcomes.
• Mentor and develop teammates by providing training and hands-on guidance during incidents and across engagements.
• Champion the Dragos mission by representing the company with clients, in the community, and through outreach opportunities.
• Participate in the Incident Response on-call rotation.

• US Citizenship is required.
• 7+ years of hands-on digital forensics experience with expertise in at least two areas: network, memory or disk - focused on methodology over specific tools.
• Proven ability to lead end-to-end investigations, correlating events and pivoting across data types to uncover threats.
• Experience hunting and identifying malicious activity, including managing communications and response during incidents.
• Strong technical proficiency with Windows and Linux systems, networking concepts (TCP/IP, Ethernet, etc.), and security tools such as Wireshark, Snort, Zeek, Yara and Sigma.
• Excellent communication skills, with the ability to guide customers through high-pressure incidents and handle situations calmly and confidently.
• Willingness to travel for onsite engagements and to support non-standard working hours as needed.
• Ability to work independently in a remote environment and coordinate across distributed teams.
• Willingness to travel up to 40% (domestic and international) to support customer engagements.
• Exposure to ICS/OT cybersecurity is a major plus.
• Prior consulting experience is preferred.

• Salary: $176,000
• Competitive Equity Package
• Comprehensive Benefits Plan

#LI-JF1 #LI-REMOTE

Dragos is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, state, or local laws. All new hires must pass a background check as a condition of employment.