Jobs Companies Gruve Security Analyst (OT SOC)

About this Security Analyst (OT SOC) role at Gruve

Gruve · Onsite · Pune, Maharashtra, India

About Gruve

Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks.

Position summary:

We are seeking a skilled Security Analyst (OT SOC) to join our OT Security Operations Center. The ideal candidate will have 3 - 6 years of experience in OT/ICS cybersecurity monitoring and incident investigation, with hands-on exposure to industrial environments such as ICS, SCADA, PLC, RTU, and HMI ecosystems. The analyst will act as the primary escalation point from L1, perform advanced monitoring and triage, support Nozomi and SIEM operations, assist integrations and deployments, and deliver high-quality customer support and reporting while safeguarding safety-critical industrial operations.

Key Roles & Responsibilities:

1. Security Monitoring and Incident Triage

Monitor OT and IT security alerts across SIEM and OT visibility platforms such as Splunk, QRadar, Sentinel, FortiSIEM, Elastic, and Nozomi Guardian.

Validate suspicious activities, correlate security events, monitor industrial communications, and track abnormal asset behavior in ICS/SCADA environments.

Escalate confirmed incidents with complete evidence, business impact, and recommended next actions.

2. Incident Investigation and Analysis

Investigate OT security alerts, malware indicators, unauthorized changes, policy violations, and suspicious network behavior affecting PLCs, RTUs, HMIs, historians, and engineering workstations.

Perform packet analysis using Wireshark, validate indicators of compromise, identify lateral movement, and support containment and recovery activities under defined runbooks.

3.SIEM, Nozomi, and Detection Administration

Support SIEM administration activities including log source validation, parser verification, dashboard usage, alert tuning, and false-positive reduction.

Assist in the administration and health monitoring of OT security monitoring platforms such as Nozomi Guardian and related collectors/sensors.

Contribute to the creation and maintenance of detection rules and OT use cases aligned to industrial threats and operational realities.

4.Deployment and Integration Support

Assist OT solution deployments by validating sensor connectivity, syslog forwarding, collector health, API integrations, use-case testing, and user acceptance activities.

Support integration of OT monitoring platforms with SIEM, SOAR, ticketing systems, and reporting workflows.

5. OT Log, Asset, and Protocol Analysis

Review logs, alarms, and network telemetry from OT and IT sources to identify anomalies and confirm incident context.

Demonstrate working knowledge of industrial protocols including Modbus, DNP3, OPC UA, IEC 60870-5-104, PROFINET, and related industrial Ethernet communications.

Support OT asset inventory validation, communication baseline analysis, and visibility improvement activities.

6. Customer Support and Troubleshooting

Provide remote troubleshooting, incident bridge support, health checks, upgrade support, and ticket resolution for customer OT security environments.

Communicate effectively with customers, internal stakeholders, and project teams while maintaining SLA commitments.

7. Reporting and Documentation

Prepare daily SOC reports, weekly incident summaries, asset visibility reports, security posture updates, and SLA-driven ticketing updates.

Maintain accurate incident records, SOPs, runbooks, troubleshooting notes, and knowledge-base documentation.

8. Collaboration and Escalation

Work closely with L1 analysts, L3 engineers, implementation teams, customer stakeholders, and cross-functional security teams to resolve operational issues.

Escalate complex OT incidents, persistent integration issues, and monitoring gaps to the appropriate engineering or management teams.

9.Compliance and Best Practices

Follow established OT security procedures, change controls, and documentation standards while supporting compliance and audit requirements.

Operate with awareness of plant safety, production availability, maintenance windows, and the sensitivity of safety-critical environments.

10. Continuous Improvement

Recommend improvements to alert quality, reporting accuracy, use cases, SOPs, dashboarding, and OT monitoring coverage.

Stay updated on OT cyber threats, industrial attack techniques, and evolving defensive controls relevant to manufacturing, utilities, energy, and other industrial sectors.

11. Report deviations and concerns to the SOC Manager

Basic Qualifications:

  • Bachelor’s degree in computer science, Information Technology, Cybersecurity, Electronics, Instrumentation, or a related field.
  • 3–6 years of experience in cybersecurity operations, OT SOC, ICS/SCADA monitoring, incident investigation, or industrial network security.
  • Hands-on exposure to SIEM platforms such as Splunk, QRadar, Sentinel, FortiSIEM, or Elastic, and familiarity with Nozomi Guardian or similar OT monitoring tools.
  • Working knowledge of OT/ICS environments including ICS, SCADA, PLC, RTU, HMI, historians, industrial switches, and engineering workstations.
  • Understanding of industrial protocols such as Modbus, DNP3, OPC UA, IEC 60870-5-104, PROFINET, and related traffic analysis concepts.
  • Experience with Wireshark, Syslog, Linux, Windows, Excel, and PowerShell for troubleshooting, analysis, and reporting.
  • Strong analytical thinking, documentation discipline, customer interaction skills, time management, and team collaboration.
  • Ability to work in rotational shifts, manage ticket queues, and operate effectively in high-availability industrial environments.

Preferred Qualifications:

  • Certifications such as Security+, Microsoft SC-200, Splunk Power User, QRadar Analyst, Nozomi Fundamentals, GICSP (foundation level exposure), or equivalent.
  • Exposure to SOAR workflows, API-based integrations, threat intelligence enrichment, and OT vulnerability management processes.
  • Knowledge of Purdue Model, network segmentation, jump hosts, remote access controls, firewall policy validation, and OT asset inventory concepts.
  • Experience supporting industrial customers in sectors such as manufacturing, energy, utilities, oil and gas, pharma, or critical infrastructure.
  • Strong interest in building deeper expertise across OT detection engineering, incident response, industrial protocols, and customer-facing delivery.

Why Gruve

At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you.

Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.

Ready to apply to Gruve?
Apply to Gruve

Similar jobs

Sign up for suggestions tailored to the jobs you open and the searches you save.

More jobs at Gruve

See all jobs at Gruve →

Apply now
🤖

Whoa — hold up

JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

Catch your next role the second it’s posted.

Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

Create free account

Free forever · takes 30 seconds · already have one?

Get an edge on your job hunt.

Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

Join the channel — it's free