Operational Technology (OT) Cyber Threat Analyst
Description
RMC is seeking an Operational Technology (OT) Cyber Threat Analyst for a full-time in-office position in San Antonio, TX!
Position Summary
The OT Cybersecurity Analyst supports the protection and resilience of critical infrastructure environments through threat intelligence analysis, security monitoring, incident response, and vulnerability assessment activities focused on Operational Technology (OT) and Industrial Control Systems (ICS).
Essential Functions
Monitor, collect, and analyze cyber threat intelligence from open-source, commercial, and government feeds (ISACs, CISA, sector-specific advisories) with specific focus on threats targeting critical infrastructure sectors (energy, water, transportation, manufacturing)
Assess threat actor TTPs (Tactics, Techniques, and Procedures) relevant to ICS/SCADA environments using frameworks such as MITRE ATT&CK for ICS and the Purdue Model
Produce timely, actionable threat intelligence reports tailored to both technical and executive audiences
OT/ICS Security Monitoring
Perform continuous monitoring of OT/ICS network environments, including SCADA systems, PLCs, RTUs, HMIs, and historian servers, for anomalous or malicious activity
Analyze network traffic, asset telemetry, and security events across IT/OT boundaries using OT-aware tools (e.g., Claroty, Dragos, Nozomi Networks, Tenable OT)
Identify and document Indicators of Compromise (IoCs) and Indicators of Attack (IoAs) specific to industrial control system environments
Incident Detection, Response & Support
Triage, investigate, and escalate security incidents in accordance with client incident response plans and sector-specific regulatory requirements
Support containment, eradication, and recovery activities for cyber incidents affecting OT/ICS environments, with acute awareness of operational safety and uptime constraints
Maintain detailed incident timelines, chain-of-custody documentation, and post-incident lessons-learned reports
Vulnerability & Risk Assessment
Conduct vulnerability assessments of OT assets, applying risk-based prioritization that accounts for operational impact, compensating controls, and the consequences of patching in live industrial environments
Map identified vulnerabilities to threat actor capabilities and likelihood of exploitation to support client risk decisions
Track remediation efforts and validate closure of identified findings
Client Engagement & Reporting
Serve as a day-to-day technical point of contact for assigned clients, delivering regular briefings on threat landscape changes, incident status, and security posture
Develop and maintain client-specific threat profiles, asset inventories, and sector risk assessments
Communicate findings clearly and professionally across technical, operational, and executive stakeholder levels
Regulatory & Standards Compliance Support
Support clients in understanding and meeting cybersecurity obligations under relevant frameworks and regulations, including NERC CIP, NIST SP 800-82, IEC 62443, TSA Security Directives, and AWIA 2018, as applicable by sector
Assist in the development and review of OT security policies, procedures, and security plans
Collaboration & Intelligence Sharing
Coordinate with government partners, sector ISACs (E-ISAC, WaterISAC, MS-ISAC), and peer organizations to share and receive actionable threat information
Collaborate with internal red team, engineering, and advisory practice staff to integrate findings into broader client security programs
Participate in tabletop exercises, drills, and wargames simulating OT-targeted attack scenarios
Continuous Improvement
Stay current on emerging OT/ICS threats, vulnerabilities, and adversary campaigns through ongoing research, training, and industry engagement
Contribute to the firm’s internal knowledge base, playbooks, and methodology development
Pursue and maintain relevant certifications (GICSP, GRID, CISA, GCIH, or equivalent)
Requirements
Education & Experience Requirements: Bachelor’s degree and 4-10 years of experience in the industry
Desired Certificates & Licenses: Security+, CISSP, GICSP
Other Requirements: Security Clearance (Optional), Valid Passport, Travel Flexibility, Telecommunication Authorization
Reasonable Accommodations Statement: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable Accommodations may be made to enable qualified individuals with disabilities to perform the essential functions.