OT Cyber Security Analyst

We are seeking a highly skilled and experienced OT Senior Cyber Security Analyst to join our dynamic Security Operations team at Thames Water. As the UK's largest water company, we are committed to ensuring the highest level of security and compliance, protecting the critical infrastructure that delivers essential water services to 15 million customers.

In this role, you will be responsible for maintaining SecOps solutions, controls, and processes across the organisation, while mentoring and leading the SOC team to ensure effective management of OT alerts and incidents.

This position requires a deep understanding of SecOps concepts, technologies, and best practices, specifically across IT and OT environments. You will be tasked with ensuring robust incident management, proactive threat detection, and continuous improvement of our security posture. Strong communication and collaboration skills are essential as you will work closely with cross-functional teams to mitigate risks and protect Thames Water's essential services.

What you'll do as an OT Senior Cyber Security Analyst

1. Contextualise OT Specific Threats: Understand the Operational Technology (OT) estate, specific OT threats, and controls in place to mitigate risks. Use tools like Claroty to analyse network traffic and OT hardware limitations, ensuring minimal downtime due to active scans. Build direct relationships with Operations teams to understand and articulate operational and cyber risk.
2. Maintain Security Operations: Maintain effective security operations processes, ensuring continuous improvement across security tools and services. Support an effective security operations environment using tools such as Microsoft Sentinel, SOAR, EDR/XDR, and PAM. Achieve reductions in repetitive alerts and improve the time taken to investigate and resolve incidents.
3. Proactive Risk Remediation: Identify, analyse, and evaluate security risks, applying a risk-based approach to implement appropriate and proportionate controls. Perform proactive activities such as threat hunting to uncover vulnerabilities and ensure continuous risk reduction. Provide tangible metrics to demonstrate risk reduction and reduced technical debt.
4. Incident Readiness & Response: Lead the incident triage and response process, ensuring effective management and remediation of cyber security incidents. Improve incident management by reducing business impacts and the time between incident identification and closure. Ensure the business is regularly educated on incident management procedures and that all staff know how to report cyber security incidents.
5. Continuous Improvement: Drive process improvements to increase operational efficiency, using automation to reduce manual tasks. Demonstrate improvements over time through KPIs, dashboards, and reporting, showing better response times and proactive security measures.

Key relationships and interactions include CISO, Operational Technology Teams, IT Operations, Security Operations Manager, Security Architecture Manager, Cyber Security Programme Manager, Cyber Resilience Manager, Network Operations Manager, Business Change and Engagement, Key Business Stakeholders, and Service Owners.

What you should bring to the role Essential Experience:

• Minimum of 3 years of experience working with technical Cyber Security controls, preferably in an enterprise or critical infrastructure environment.
• Minimum of 3 years of experience in control systems of essential services, including ICS, SCADA, and CNI.
• Exposure to working in or with a security operations centre (SOC).
• Experience in triaging issues and incidents in a structured, disciplined manner.
• Proven track record of remediating cyber risks in dynamic and evolving digital environments.

Essential Technical Skills & Qualifications:

• Ability to simplify complex IT and Security problems for non-technical audiences.
• Strong understanding of OT infrastructure, networking, and end-user computing.
• Proficiency in writing Kusto Query Language (KQL) for creating and tuning SIEM queries and alerts.
• Experience in configuring and troubleshooting MFA, Privileged Access Management (PAM), and Security Information & Event Management (SIEM) systems, particularly Microsoft Sentinel.

Desirable Experience:

• Familiarity with managing network security capabilities such as NAC, Firewalls, Proxies/VPN, IDS/IPS, etc.
• Leadership experience in mentoring and managing a team to deliver operational excellence.

Desirable Technical Skills & Qualifications:

• Degree in Cyber Security, Computer Science, Information Technology, Engineering, or a related field.
• Microsoft SecOps certification(s) such as Microsoft Security Operations Analyst (SC-200, AZ-900).
• Any industry-recognised cyber security certifications, such as CCSP or OT-specific certifications like Clarity Cybersecurity Analyst.

What's in it for you?

Competitive salary up to £65,000 per annum, depending on experience. Annual Leave - 26 days holiday per year, increasing to 30 with the length of service (plus bank holidays). Generous Pension Scheme through AON. Access to lots of benefits to help you take care of your and your family's health and wellbeing, and your finances - from annual health MOTs and access to physiotherapy and counselling, to Cycle to Work schemes, shopping vouchers, and life assurance.

Who are we?

We're the UK's largest water and wastewater company, with more than 16 million customers relying on us every day to supply water for their taps and toilets. We want to build a better future for all, helping our customers, communities, people, and the planet to thrive. It's a big job and we've got a long way to go, so we need help from passionate and skilled people, committed to making a difference and getting us to where we want to be in the years and decades to come.

Learn more about our purpose and values

Working at Thames Water provides a unique, rewarding, and diverse environment where every day you can make a difference. We offer fast-tracked career opportunities, flexible working arrangements, and excellent benefits. Whether in call centres or science labs, we're looking for passionate individuals eager to make things better.

If you're seeking a sustainable and successful career where you can impact millions and help protect water resources, we'll support you every step of the way. Join us to build a better future for our customers, region, and planet.

Our commitment to diversity and inclusion means we welcome all applications and provide support throughout the recruitment process. We aim to remove barriers to success; if you need assistance, we're here to help. Additionally, as part of Team Thames, you can volunteer to support our customers on the frontline, with full training provided, offering a rewarding experience and opportunities to learn more about our business.

Disclaimer: Due to high application volume, we may close the advert early. We encourage you to apply promptly to avoid missing out.