OT Threat Detection SIEM Engineer

About the role

Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data, and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. About the role: As an OT Threat Detection SIEM Engineer, you will play a key role in strengthening cyber security monitoring and detection capabilities across critical operational technology (OT) environments. Working within complex industrial and critical national infrastructure (CNI) environments, you'll be responsible for designing, implementing and optimising SIEM capabilities that enable effective threat detection, investigation and response. You'll work closely with OT cyber security specialists, engineers and client stakeholders to improve visibility across industrial systems, develop high-quality detection content and ensure security monitoring is aligned to real-world operational risks. This is an opportunity to work at the forefront of OT cyber security, helping protect essential infrastructure while contributing to the evolution of detection engineering practices across industrial environments. As an OT Threat Detection SIEM Engineer, you will: Configure, onboard and administer SIEM platforms within OT environments Develop and maintain log parsing, data pipelines and ingestion processes for OT data sources Build, manage and continuously improve OT-specific detection content and use cases Analyse telemetry from diverse OT environments, including firewalls, network sensors, historians, control systems and supporting infrastructure Identify visibility gaps, validate data quality and ensure telemetry supports detection requirements Map detection use cases against MITRE ATT&CK Enterprise and ICS frameworks Apply a threat-informed approach to detection engineering using known adversary tactics, techniques and procedures (TTPs) Continuously tune detection logic to reduce false positives, improve alert quality and increase operational value Support the triage and investigation of OT security events and incidents Configure enrichment and contextual data sources, including asset inventories, criticality ratings and network segmentation information Integrate threat intelligence feeds and external intelligence sources into detection workflows Build and optimise correlation pipelines that improve monitoring effectiveness and operational visibility Interpret industrial protocol activity and identify abnormal behaviours while minimising disruption to legitimate operations We're looking for someone with strong experience in security monitoring, detection engineering and SIEM technologies, ideally gained within OT, ICS or industrial environments. You'll bring: Hands-on experience administering and optimising SIEM platforms within OT or industrial environments Experience developing, tuning and maintaining threat detection use cases Experience working with OT logs, telemetry and industrial data sources Knowledge of MITRE ATT&CK Enterprise and ICS frameworks and their application within detection engineering Understanding of OT, ICS and SCADA environments and the challenges associated with securing them Experience with log parsing, data pipelines and data enrichment techniques Analytical and investigative capabilities with experience supporting security event triage and incident investigation Ability to balance security objectives with operational, safety and availability requirements in industrial environments Confidence communicating with engineers, security teams and client stakeholders A collaborative approach with the ability to work effectively across multidisciplinary teams Experience with one or more of the following would be advantageous: Industrial protocols including DNP3, IEC 60870-5-104, Modbus and OPC OT network monitoring, traffic analysis and anomaly detection Security monitoring architectures within OT and ICS environments Threat intelligence integration and operationalisation Detection engineering, security operations or incident response practices Industrial network segmentation and asset visibility solutions Working within critical national infrastructure (CNI) or highly regulated environments Security monitoring tools, correlation engines and alert management processes Supporting the continuous improvement of detection content and monitoring effectiveness At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life. In addition to a Competitive Salary, here's what you can expect as

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Sword Group? Share your experience