Senior OT Network Security Analyst

Dragos is on a relentless mission to defend industrial organizations that provide us with the necessities of modern civilization; running water, functioning electricity, and safe industrial working environments. As the market leader in ICS/OT Cybersecurity, we are dedicated to arming our customers with best-in-class technology, threat intelligence, and services to protect their systems as effectively and efficiently as possible. We're a remote-first culture with operations in North America, Europe, the Middle East, and APAC. We're looking for mission-oriented teammates who embody our core values of authenticity, transparency, and trust. Are you ready to make a difference? Come join a mission that can save the world

About the Role:

As a Senior Security Analyst on the OT Watch Complete team, you will help lead a frontline monitoring and triage unit responsible for identifying potential adversary activity in customer operational technology (OT) environments. You will work closely with other experienced industrial defenders and mentor junior analysts to investigate anomalous network behaviors, validate detection triggers, and support threat hunters and incident responders with high-quality escalations. You will also operate and maintain the Dragos platform on behalf of customers, helping manage vulnerabilities, tune detections, properly classify OT assets, and provide input on response recommendations.

This is a great opportunity for experienced individuals passionate about cybersecurity - especially industrial security - who want to build hands-on experience in active security operations for OT networks.

Responsibilities:

• Lead shift operations where analysts triage detection alerts and network telemetry generated by the Dragos Platform in customer environments.
• Serve as a senior investigator for suspicious activity and assist with identification of misconfigurations, anomalies, and potential malicious behaviors in OT networks.
• Perform initial and deeper analysis, apply context, and escalate relevant findings to Dragos Incident Responders or threat hunters with appropriate detail and documentation.
• Collaborate with other security analysts, threat hunters, incident responders, and platform engineers to improve alert fidelity and detection performance.
• Tune and improve detection logic to minimize false positives and improve response workflows.
• Create and deliver incident summaries and operational reports to clearly communicate security observations to internal stakeholders and customers.
• Participate in continuous learning around ICS/OT protocols, adversary tactics, and threat intelligence specific to industrial environments.
• Support other functions of the OT Watch Complete service, to include asset classification, detection tuning, and vulnerability management within customers' Dragos platforms.
• Deliver hardening and response recommendations and answer information requests from customers.
• Serve as shift leader for all OT Watch Complete analysts in your region with support from the OTW leadership when on shift.
• Work with the Detection Engineering team to provide feedback on detections and develop/update Detection Playbooks.
• Generate ideas for potential new Dragos Platform detections.

Requirements:

• 3-5 years of relevant work experience in network security.
• Strong understanding of networking concepts (e.g., TCP/IP, firewalls, DNS, packet analysis).
• Experience with cybersecurity monitoring tools or platforms (e.g., IDS/IPS, SIEM, network traffic analyzers).
• Excellent written and verbal communication skills, with a strong attention to detail.
• Enthusiasm for learning about ICS/OT cybersecurity and defending critical infrastructure.
• Ability to work independently in a remote environment and coordinate across distributed teams.
• Flexibility to participate in shift-based coverage and occasional weekend/on-call work as needed. Note: Initial scheduling for employees will start as a Monday-Friday 8am-5pm (MT for US, CEST for Europe, AEST for ANZ shifts), with on-call weekends. Schedule will later change to working a 4 day a week 10-hour shift model, which includes a day on the weekend. Shift schedules under the 4-day schedule will run Sunday-Wednesday and Wednesday-Saturday. Applicants will have the option to pick from either of the two shift schedules (Sunday-Wednesday or Wednesday-Saturday).

Preferred Qualifications:

• Experience working on a Security Operations Center (SOC) team.
• Familiarity with OT protocols (e.g., Modbus, DNP3, Ethernet/IP) and ICS environments.
• Applied knowledge of adversary tactics and frameworks relevant to OT (e.g., MITRE ATT&CK for ICS).
• Hands-on lab or internship experience in cybersecurity operations, threat hunting, or digital forensics.
• Experience in packet capture (PCAP) analysis or basic scripting (e.g., Python, Bash).

Compensation:

• Salary: AUD 130,000
• Competitive Equity Package
• Comprehensive Benefits Plan

#LI-JF1 #LI-REMOTE

Dragos is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics, or any other basis forbidden under federal, state, or local laws. All new hires must pass a background check as a condition of employment.