ICS / OT Team Lead (MDR) (m/w/d)

Are you already experienced in the world of security and would you like to develop yourself technically and in your career? At NVISO you have the opportunity and we look forward to getting to know you!

Who are we?

It all starts with the mission: NVISO is here to protect European society from potentially devastating cyber attacks! This means we offer cyber security services to private and governmental organizations to help them better prepare for, prevent, detect and respond to cyber security incidents.

All of this is built on four fundamental values that define who we are: We are Proud, We Break Barriers, We Care and No BS! 

What will you do?

You have a strong interest in cyber security and believe the following to be applicable to you?

As the MDR for ICS / OT Team Lead (m/w/d), you will report to the Head of Managed Security Services and lead a team of ICS / OT focused Security Analysts. You will focus on the following activities:

Leadership and Team Management:

  • Lead, mentor, and grow a team of SOC analysts;
  • Ensure team adherence to best practices in ICS / OT security monitoring and incident response;
  • Foster a culture of continuous learning and improvement.

Operational Excellence:

  • Oversee the daily operations of the SOC team, ensuring effective monitoring, detection, and response to threats in industrial environments. As the team lead, you will also focus on adherence to and reporting of Service Level Agreements (SLAs);
  • Develop and refine SOC processes and procedures specific to ICS / OT;
  • Collaborate with stakeholders to understand unique industrial control systems and tailor SOC services accordingly.

Threat Intelligence and Analysis:

  • Together with NVISO’s detection engineering team, maintain up-to-date knowledge of emerging threats and vulnerabilities in the ICS / OT space;
  • Guide the team in advanced analysis of security incidents and provide expert insights.

Client Engagement and Communication:

  • Act as the primary point of contact for clients regarding SOC services;
  • Prepare and present reports on security posture, incidents, and improvements.

Technology and Tool Proficiency:

  • Ensure the team is proficient with both typical SOC technologies (SIEM, EDR, SOAR,…), but also with specific ICS / OT monitoring tooling (e.g. Nozomi, Claroty, Defender for IoT,…);
  • Work closely with the SOC Analysts and SOC Engineering teams to ensure the efficacy of deployed detections in the monitored environments;
  • Analyse alert statistics to reduce false positives and maintain the alert queue of the SOC at healthy levels;
  • Design automation playbooks to enrich alerts, properly triage and remediate security incidents and contribute to multiple phases of the alert’s lifecycle;
  • Maintain and expand the existing tooling for automating tedious day-to-day tasks;
  • Design procedures and workflows within the team with a scale up mentality.


We understand we are looking for a bit of a unicorn here. If you only meet a few of the requirements below, but are motivated and intrigued by the job, please do still reach out!

  • You are eligible for a NATO clearance;
  • Completion of a Bachelor’s degree or equivalent program in Computer Science, Computer Engineering, Electrical Engineering, Network Security, Information Security, Information Technology, or Mathematics (or equivalent work experience);
  • Knowledge and experience of OT / ICS systems (SCADA, DCS, PLC, EMS, etc.);
  • Knowledge of OT cybersecurity standards and frameworks (IEC ISA 99/62443, NIST SP 800-82, NIST CSF, ISO27001, etc.);
  • 5+ years of experience with at least 2 years in cyber security for ICS / OT environments. Previous experience in a SOC environment is a plus;
  • Certifications: GCIA, GCIH, GNFA, GRID, or similar certification preferable but not required;
  • Experience with ICS / OT monitoring technologies such as Nozomi, Claroty and Defender for IoT;
  • Excellent communication and interpersonal skills.

What do we offer

At NVISO, we care. We are committed to offering you a highly competitive remuneration package including financial and non-financial components:

  • Working and learning from the best people in the European cyber security industry. We have multiple SANS Instructors working at NVISO, our staff has presented at popular hacking conferences (BlackHat, BruCON, OWASP, etc) and all of our technical staff can acquire deep technical security certifications (GSE, GXPN, GREM, GCFA, OSCP, etc);
  • A training budget of 10,000 EUR plus 10 days paid time off rolling over two years;
  • Regular team-building and fun events with legendary off-site events once a year. The location of the next team building is one of the most closely guarded secrets at NVISO… We can however disclose that we’ve visited Lisbon, Dubai and Malta over the past few years;
  • Our commitment to coach and counsel you and help you grow; each employee receives a personal coach within the team, whose role is to ensure your well-being and helps you grow in your career!
  • Flexible working hours and home office possibilities;
  • Reimbursement of public transfer ticket + BahnCard50 1st class;
  • BusinessBike Leasing;
  • Working abroad options;
  • 30 holidays.


Rue Guimard 8 1000 Brussels +32 2 318 58 31
Holzgraben 5 60313 Frankfurt am Main Machtlfinger Str. 21 81379 München +49 69 9675 8554
Am Euro Platz 2
 (Euro Plaza 4) 
1120 Wien+43 1 717 28 466
Feidiou 9 10678 Athens+30 211 955 7637