Senior Operational Technology Incident Response Engineer
Description
As a Senior Operational Technology (OT) Incident Response Engineer, you will lead complex OT incident-response engagements, perform deep-dive forensics, and help customers rapidly contain and eradicate threats in critical-infrastructure environments. Though embedded in GuidePoint Security’s OT Practice, you will work in close partnership with GuidePoint’s Digital Forensics & Incident Response (DFIR) practice, providing OT-specific expertise to broader IR efforts and ensuring seamless, end-to-end support for clients. Your creativity and technical depth will be essential as we continue to evolve our service offerings in a fast-changing adversarial landscape while mentoring teammates and collaborating with OT leadership to anticipate emerging threats and client needs.
Roles Requirements
Deliver OT IR services
Immediate on-site/remote IR, compromise assessments, and root-cause analysis
OT-focused digital forensics (PLC, historian, HMI, network captures, log review)
Tabletop exercises and purple-team simulations for OT environments
Development and validation of ICS/SCADA IR playbooks, runbooks, and detection logic
OT threat-hunting and proactive compromise assessments
Coordinate closely with DFIR counterparts to exchange findings, integrate evidence, and maintain a unified incident narrative
Author clear, actionable deliverables that explain technical findings, business impact, and pragmatic remediation steps for executive and technical audiences.
Advance the practice by contributing research, conference talks, blogs, and white papers on OT IR trends, malware, and defensive techniques.
Strengthen skills continuously to stay at the forefront of OT threat TTPs, tooling, and defensive controls.
Foster strong client relationships through collaborative communication and high-impact guidance.
Perform other duties as assigned.
Education, Credentials & Experience
Solid understanding of ISA/IEC 62443, NIST 800-82, NIST-CSF, NERC CIP, Purdue Model.
3+ years dedicated to OT security. At least 2 years leading or co-leading live OT/ICS incident-response engagements.
2+ years in a client-facing consulting or services role.
5+ years combined experience across IT/OT networking, security monitoring, or digital forensics preferred.
Preferred certifications: GIAC GRID, GCIP, GCFA, GICSP, or equivalent practical expertise.
Demonstrated community involvement (conference speaker, white paper author, podcast guest) strongly preferred.
Knowledge, Skills & Abilities
Proven ability to lead engagements and provide technical oversight to analysts.
Deep knowledge of OT/ICS attack lifecycles, ransomware impacts on industrial processes, and relevant threat frameworks (e.g., ATT&CK for ICS).
Hands-on experience with OT visibility/security platforms (Dragos, Claroty, Nozomi, Forescout, Armis, Tenable OT, Fortinet OT, etc.).
Competence in packet analysis (Wireshark), log analytics (ELK, Splunk), memory forensics (Volatility, Rekall), and scripting for automation (Python, PowerShell, or Go).
Strong written communication; reports generally need minimal editing before client delivery.
Ability to manage multiple workstreams, meet deadlines, and calmly navigate demanding client situations.
Passion for continuous learning, adaptability, and contributing to a high-performance team culture.
Senior Operational Technology Incident Response Engineer
Description
As a Senior Operational Technology (OT) Incident Response Engineer, you will lead complex OT incident-response engagements, perform deep-dive forensics, and help customers rapidly contain and eradicate threats in critical-infrastructure environments. Though embedded in GuidePoint Security’s OT Practice, you will work in close partnership with GuidePoint’s Digital Forensics & Incident Response (DFIR) practice, providing OT-specific expertise to broader IR efforts and ensuring seamless, end-to-end support for clients. Your creativity and technical depth will be essential as we continue to evolve our service offerings in a fast-changing adversarial landscape while mentoring teammates and collaborating with OT leadership to anticipate emerging threats and client needs.
Roles Requirements
Deliver OT IR services
Immediate on-site/remote IR, compromise assessments, and root-cause analysis
OT-focused digital forensics (PLC, historian, HMI, network captures, log review)
Tabletop exercises and purple-team simulations for OT environments
Development and validation of ICS/SCADA IR playbooks, runbooks, and detection logic
OT threat-hunting and proactive compromise assessments
Coordinate closely with DFIR counterparts to exchange findings, integrate evidence, and maintain a unified incident narrative
Author clear, actionable deliverables that explain technical findings, business impact, and pragmatic remediation steps for executive and technical audiences.
Advance the practice by contributing research, conference talks, blogs, and white papers on OT IR trends, malware, and defensive techniques.
Strengthen skills continuously to stay at the forefront of OT threat TTPs, tooling, and defensive controls.
Foster strong client relationships through collaborative communication and high-impact guidance.
Perform other duties as assigned.
Education, Credentials & Experience
Solid understanding of ISA/IEC 62443, NIST 800-82, NIST-CSF, NERC CIP, Purdue Model.
3+ years dedicated to OT security. At least 2 years leading or co-leading live OT/ICS incident-response engagements.
2+ years in a client-facing consulting or services role.
5+ years combined experience across IT/OT networking, security monitoring, or digital forensics preferred.
Preferred certifications: GIAC GRID, GCIP, GCFA, GICSP, or equivalent practical expertise.
Demonstrated community involvement (conference speaker, white paper author, podcast guest) strongly preferred.
Knowledge, Skills & Abilities
Proven ability to lead engagements and provide technical oversight to analysts.
Deep knowledge of OT/ICS attack lifecycles, ransomware impacts on industrial processes, and relevant threat frameworks (e.g., ATT&CK for ICS).
Hands-on experience with OT visibility/security platforms (Dragos, Claroty, Nozomi, Forescout, Armis, Tenable OT, Fortinet OT, etc.).
Competence in packet analysis (Wireshark), log analytics (ELK, Splunk), memory forensics (Volatility, Rekall), and scripting for automation (Python, PowerShell, or Go).
Strong written communication; reports generally need minimal editing before client delivery.
Ability to manage multiple workstreams, meet deadlines, and calmly navigate demanding client situations.
Passion for continuous learning, adaptability, and contributing to a high-performance team culture.