OT Security Monitoring Specialist (m/f/d)

Job Description

As an OT Security Monitoring Specialist you will join a highly motivated and open team in the Siemens Cyber Defense Center (CDC) to create custom OT attack detection concepts for customer specific production plant environments with high protection requirements in order to enhance the detection capabilities of CDC's company-wide threat detection service and to keep Siemens secure. In addition, you will lead related customer projects and service enhancement activities in coordination with all service stakeholders.

What will be your challenge?

  • Lead and support customer projects to onboard new production plants into CDC's OT Anomaly Detection and Security Monitoring service.
  • Derive the most relevant attacks for a customer specific OT environment by analyzing factory architectures, production process, network infrastructure, protection concepts, audit findings etc
  • Based on that, design suiting detection concepts on top of CDC’s company-wide detection service and consult the CDC SecDevOps team to implement these detection concepts
  • Tune and enhance the detection concepts to production quality (e.g. regarding detection accuracy, alert handling effort etc)
  • Brief the CDC Security Analyst team to understand the new alert types resulting from the detection concepts and required follow-up actions
  • Work closely together with customers during the design and deployment projects and during the service operation to come up with suiting detection use cases and assure proper handling and escalation of resulting alerts
  • Support continuous service improvement through own initiative and collaboration with other CDC teams to enhance CDC’s detection capabilities (like the AI/Data Science team, SecDevOps team, Threat Hunting team, and Security Analyst team

Use your skills to move forward:

  • Solid and proven knowledge of typical highly automated OT environments (Purdue Model) to identify possible security risk and to design and develop custom threat detection to mitigate these risks
  • Solid and proven knowledge of production automation products like SCADA, HMI and PLC products and their corresponding communication protocols like PROFINET, MODBUS, SIMATIC S7/M7 and programming/configuration solutions like WinCC and STEP7
  • Good understanding of ISO 62443 requirements, cyber security landscapes, TTPs, and related initiatives like MITRE ATT&CK, SIGMA, OSSEM, HELK, OWASP
  • Overall experience in security monitoring/security operations center environments (SOCs) investigating security events, threat hunting, handling incidents, threats and/or vulnerabilities
  • Proficient in written and spoken English, good interpersonal skills, attention to details, and experience with customer projects
  • University degree (or equivalent experience) in computer science, IT security,

What we offer:

  • 2 to 3 days of mobile working per week as a future global standard
  • Development opportunities for both personal and professional growth 
  • An environment where everyone can bring their whole self to work and feel a sense of belonging
  • 30 leave days and a variety of flexible working models that allow time off for yourself and your family 
  • Share matching programs to become a shareholder of Siemens AG
  • Broad range of wellbeing offerings
  • Appealing Siemens pension benefits
  • Find more benefits here



Make your mark in our exciting world at Siemens. - if you would like to find out more about jobs & careers at Siemens.

FAQ - if you need further information on the application process.

As an equal-opportunity employer we are happy to consider applications from individuals with disabilities.


#CTCYS #cybersecurity #LI-DL



Organization: Cybersecurity

Company: Siemens AG

Experience Level: Mid-level Professional

Job Type: Full-time

Can't find what you are looking for?

Let's stay connected

Can't find what you are looking for?