infraone’s purpose is to protect the critical infrastructure modern life depends on—from factories that produce essential goods to utilities and water supply—by providing world-class cybersecurity and network services to operational-technology (OT) environments .
Born from an engineering company in 2011, we have delivered 700+ cybersecurity and IT/OT infrastructure projects and maintain 24 × 7 support for leading manufacturers across Europe . Guided by the values of Ownership, Customers First, Trust, Ambition, and Excellence , we are building Europe’s leading OT-cybersecurity services firm.
The Opportunity
You will be a key member of our SOC team focused on industrial environments, acting as the escalation point for N1 analysts and the technical bridge to incident response and engineering teams. As an N2 SOC Consultant, you will own the investigation and resolution of complex security incidents in OT environments for some of the most prominent pharmaceutical, food, and chemical companies in Europe.
You will not only respond to what comes in, you will proactively build and tune detection logic, design use cases, document procedures, and help shape how our SOC operates. You will work side by side with other senior engineers and consultants in projects that combine monitoring, detection, response, and continuous improvement.
Your day-to-day will include:
In-depth investigation and response to escalated security incidents in OT environments, including root cause analysis, containment recommendations, and coordination with client teams.
Advanced analysis and correlation of alerts and telemetry from:
SIEM platforms (Microsoft Sentinel, Splunk, QRadar, Elastic, etc.)
OT monitoring platforms (Nozomi Networks, Claroty xDome / CTD)
Industrial firewalls (Fortinet, Palo Alto, Cisco)
Industrial IDS/IPS and network sensors
EDR solutions
Design and development of detection use cases for OT and IT/OT environments: identifying detection gaps, defining requirements, building correlation rules, and validating them end to end.
Elaboration and maintenance of SOC procedures: triage procedures, investigation guides, response playbooks, runbooks, and operational documentation aligned with client services and SLAs.
SIEM engineering: rule creation and tuning, log source onboarding, parsing and normalization, dashboards, and continuous improvement of detection coverage.
Mentoring N1 analysts: reviewing their triage, supporting their escalations, and contributing to their technical growth.
Reporting to clients and stakeholders: writing clear incident reports, post-mortems, and recommendations, and presenting findings to both technical and non-technical audiences.
Continuous improvement of SOC processes and service quality, in alignment with IEC 62443, NIS2, and industry best practices.
You will have the support of senior mentors and the autonomy to lead investigations and propose improvements. We look for extraordinary results by working with extraordinary people—if you identify with this, you will keep growing with us into senior and lead roles within the SOC.
Requirements
Degree in Engineering / Computer Science / Telecommunications / Cybersecurity, or equivalent professional experience.
2–4 years of experience in a SOC or similar security operations role, with hands-on incident investigation and response.
Solid hands-on experience with SIEM platforms (Microsoft Sentinel, Splunk, QRadar, Elastic, or equivalent), including:
Writing, tuning, and maintaining detection rules and correlation logic
Designing and implementing detection use cases end to end
Working with query languages (KQL, SPL, EQL, or similar)
Log source onboarding, parsing, and normalization
Experience writing and maintaining SOC procedures, playbooks, and runbooks, and a structured approach to documenting operational knowledge.
Solid understanding of:
TCP/IP, Ethernet, routing and switching fundamentals
Network segmentation, firewalls, and secure architectures (Purdue model is a plus)
Common attack techniques and the MITRE ATT&CK framework (ATT&CK for ICS is a strong plus)
Hands-on experience with EDR solutions (CrowdStrike, Defender for Endpoint, etc.).
Strong analytical mindset, structured approach to problem-solving, and clear written and verbal communication—able to explain complex incidents to both engineers and plant managers.
Ownership mindset: you escalate when needed, but you don't pass problems along.
Nice to have
Hands-on experience with OT monitoring platforms (Nozomi Networks, Claroty).
Experience with industrial or next-gen firewalls and IDS/IPS.
Experience in industrial environments (OT, PLCs, SCADA, DCS, historians, engineering workstations).
Knowledge of IEC 62443, NIS2, NIST CSF, or similar frameworks applied to OT.
Familiarity with scripting and automation (Python, PowerShell, KQL, SPL) for detection, enrichment, or SOAR playbooks.
Industry certifications such as GCIA, GCIH, GCFA, GICSP, GRID, CompTIA CySA+, Microsoft SC-200, or vendor-specific OT certifications (Nozomi, Claroty).
Experience mentoring or training junior analysts.
English level B2 or higher.
Permanent contract with competitive salary
Flexible compensation package (meal vouchers, childcare, ticket transportation)
Continuous training on leading technologies
Our Values
Ownership: We take responsibility and make things happen.
Customer First: We obsess over client value and outcomes.
Team Play: We win together.
Ambition: We set bold goals and push boundaries.
Excellence: We aim to be the best at what we do.