OT SOC Engineer OT Cyber Security · Basingstoke ·

Purpose of Role

You will be working in the OT SOC team and will report directly into the OT Cybersecurity Services Lead (Line Manager). The role will be focused on the day‑to‑day monitoring of the OT service platform(s) and any other required security applications. You will be the first line of support for clients who have existing support services. The standard working hours for this role are Monday to Friday, 9:00 AM to 5:30 PM. In addition, you will participate in an on‑call rotation on a 1‑in‑4 basis. On‑call duties fall outside your regular working hours and run from Monday at 9:00 AM through to the following Monday at 8:59 AM.

Key Responsibilities

• Continuous / Proactive monitoring of OT security tools (e.g., Nozomi, Fortinet, TXOne) for alerts and anomalies.
• Acknowledge, analyse and validate alerts triggered from the OT security tools to reduce false positives and elevate genuine incidents.
• Proactively collaborate with internal Axians engineers and customers to assess operational and BAU alerts, establishing baselines to minimise unnecessary noise within OT service security tools.
• Triage, investigate, and respond to security incidents, performing root cause analysis and taking steps to mitigate the threat.
• Take immediate action on potential and identified cyber security incidents in accordance with agreed SLA’s and KPI’s.
• Proactively research emerging threats and vulnerabilities to find and address potential weaknesses before they are exploited.
• Identify potential weaknesses in systems and networks and suggest or help implement preventative measures like firewalls or improved access controls.
• Escalate incidents to Level 2 OT SOC or OT Cybersecurity Engineers as per service documentation (i.e. Playbooks or Alert/Incident Management processes).
• Adhere to all internal service‑related processes such as Alert & Incident Management processes.
• Assist with the creation of processes as and when required and to have these align with existing processes.
• Document incident reports including actions taken in SOC Ticketing systems.
• Analyse data from logs, network traffic, and forensics to create detailed reports on findings and lessons learned. To be utilised in daily / weekly SOC reports for OT Environments.
• Management and ownership of service‑related documentation such as knowledge bases and playbooks.
• Provide training to additional or new members of the Business Unit as and when required.
• Assist with liaising with manufacturers or tool set providers regarding product or toolset specific issues.
• Prepare, maintain, and adhere to procedures for logging, reporting, and statistically monitoring data as directed.
• Ensuring time is accurately logged against client work, for billing purposes.
• Identify new technology opportunities to enhance the product and service portfolio.
• Respond to emergency outages in accordance with business continuity and disaster recovery plans.
• Adopt a proactive approach towards all client activities.
• Collaborate with all the Technical Service departments when required to ensure business objectives are met.
• Support delivery of projects with chosen technologies as and when required.
• Own personal training plan that is put in place with line manager.
• Highlight areas for improvement to supervisor where applicable.
• Ensuring adherence to Axians’ Management System Manual for Quality (ISO 9001), InfoSec (ISO 27001) and ESG (ISO 14001).
• Follow established OT security procedures aligned with IEC 62443, NIST CSF, and company policies.
• Translate complex technical threats into clear business risks for management and collaborate with GRC (Governance, Risk, and Compliance) teams.
• Work with other SOC analysts, technical teams, and stakeholders to coordinate responses and share information.
• Provide input on and help optimise security tools, such as EDR/XDR and SIEM platforms.
• Expectation to assist with other tasks requested by line manager.

Desired Skills / Qualifications / Experience

• Degree in Cybersecurity or similar.
• Experience with Cyber Security Monitoring tools.
• Experience working in an IT Support or Security/SOC team.
• Experience working in an OT environment.
• Understanding or knowledge of devices specific to an OT environment.
• Understanding of OT specific legislations or regulations such as IEC62443.
• Basic understanding of ICS/SCADA systems and OT network architecture.
• Common OT protocols (Modbus, DNP3, OPC).
• Experience/Understanding of SIEM/SOAR solutions and OT‑specific monitoring platforms (e.g., Nozomi Vantage).
• Knowledge of network environments (routing/switching/VLANS/Security/Wireless/etc.).
• Knowledge of Firewalls (IDS/IPS/DPI/WAF/Web Filter/App Control).
• Knowledge of security concepts (CIA/MITRE ATT&CK Framework/Vulnerabilities).
• Knowledge of cybersecurity fundamentals (CIA triad, threat vectors).
• Knowledge of ITIL disciplines such as Incident, Problem and Change Management.
• CompTIA Security+ / CySA+ or similar.
• Vendor Certifications – Cisco, Nozomi, Fortinet.
• Knowledge of scripting – Python, Powershell, Perl desirable.
• Drive to work off own initiative.
• Ability to work in a fast paced, changing environment.
• Understanding of ticket management systems and SLAs.
• Strong analytical and problem‑solving skills.
• Ability to follow structured service‑related documents such as Alert & Incident response playbooks.

Personal Attributes

• Must be self‑motivated with a positive can‑do attitude.
• Must be able to work un‑supervised, on own initiative as well as within a team.
• Must be a logical thinker.
• Must remain calm under pressure.
• Be confident in both spoken and written communications.
• An excellent problem solver with strong analytical skills.
• Must stay up to date with the latest security trends, threats, and technologies and to report and communicate these to the technical teams.
• Can meet deadlines and maintain high standards even when under pressure.
• Must have understanding and appreciation to rigid process adherence.
• Must be willing to take on the unknown with the desire to learn.
• Must hold full driving licence valid in UK.
• Ability to work as part of a team but virtually at times due to remote and solo working.
• Must attend the office workplace as and when requested.

Value Demonstration: Consistently embody and demonstrate Axians’ UK core values— Trust, Solidarity, Responsibility, Entrepreneurial Mindset and Autonomy —in all interactions and behaviours, both internally and externally.

Salary & Benefits

• Salary is based on experience and location.
• Company Shares Scheme
• Pension
• Medical Insurance
• Financial Planning Support
• Death in Service
• Medicash Healthcare Cash Plan
• Permanent Total Disability Insurance
• Enhanced Maternity/Paternity/Adoption Pay
• Company Sick Pay
• Hybrid Working
• Investment in personal and professional training
• Professional Memberships
• Health checks
• Wellbeing training and support
• Employee Assistance Program
• Flu jabs
• Eyecare
• Paid holiday

Work Environment

Axians is a fun and growing business both in the UK and globally. We are part of a network of businesses where you can learn from and work with peers worldwide to help you achieve your ambitions. Supporting our employees and customers is at the heart of who we are. This means we can support a hybrid work environment, but we always work best in teams in person, either in our offices or on customer sites.

About Us

Axians UK is a technology services partner that delivers transformative solutions to accelerate our customers’ ambitions in today’s ever‑changing world. Whether they need tried‑and‑tested platforms or cutting‑edge innovation, we commit to customer excellence and invest in long‑term thinking. The strength of Axians’ global network as part of VINCI Energies means our customers can rely on our incredible people to deploy technology that achieves critical operational outcomes, wherever you are and whatever your need.