OT Detection Engineer
Fox-IT
Posted on May 30, 2026
Our Global Detection Engineering Team provides detection capabilities for various security products used in our 24/7 managed monitoring service with customers all over the world. This role will be to join our detection engineering team, where you will focus on developing the best detections for OT environments utilizing our Network Sensor, supporting our NDR for OT service. You will use our latest
Threat Intelligence and your own creativity to write and maintain detection logic for our customers. Previous experience with detection engineering is not a prerequisite. We're looking for a wide range of backgrounds for potential candidates, the exact responsibilities of any candidate can be tailored given their experience and skillset. Any candidate that only partially matches the skillset is encouraged to apply.
Threat Intelligence and your own creativity to write and maintain detection logic for our customers. Previous experience with detection engineering is not a prerequisite. We're looking for a wide range of backgrounds for potential candidates, the exact responsibilities of any candidate can be tailored given their experience and skillset. Any candidate that only partially matches the skillset is encouraged to apply.
The Opportunity:
- Develop, validate, tune and optimise network sensor detection logic specific to OT environments.
- Integrate network telemetry into SIEM and SOAR platforms.
- Support client facing teams in network sensor deployments and configuration baselines.
- Write and maintain detection tests cases.
- Review findings of TI, CERT, and Red Team activities and evaluate from a detection engineering improvement perspective.
- Department
- Cyber Services and Capabilities
- Employment Type
- Permanent
- Location
- NLD Rijswijk
- Workplace type
- Hybrid
Key Responsibilities
- Researching data sets and potential IOCs for distribution.
- Running tools/techniques to get data.
- Researching log sources and data sets.
- Writing rules and alert logic.
- Writing test processes and procedures for the logic.
- Monitoring test output and bug fixing.
- Monitoring the system & data health.
- Add global filters to detection logic based on operational feedback.
- Deploy new analytics to existing customers using our deployment pipeline(s).
- Ensuring work is up-to-date or tracked.
Skills, Knowledge & Expertise
Minimum Requirements
- Proven experience with and understanding of industrial environments and protocols (such as, but not excluded to: Modbus, S7Comm, S7Comm+, Bacnet, Profinet, DNP3, OPC, MQTT).
- Proven experience and general understanding of detection engineering, tuning and optimization of detection logic with Suricata, Zeek or vendor platforms (such as Dragos, Nozomi, Claroty, Armis or Darktrace).
- Proven experience in SOC or Managed Detection Services
OR
- Proven experience in Analytically-minded IT Systems administration/Network Administration and looking for a change in career/focus on Security
- Excellent oral and written communication skills in English
- Ability to work with client engagement teams and NCC colleagues to continuously improve the service we deliver
- Good understanding of IT Systems and platforms from a security context
Desired Requirements:
- A security mindset and demonstrable experience or knowledge of the contemporary attack tactics and techniques specific for OT environments.
- Forensics or Incident Response competency would be considered valuable.
- Strong knowledge of the latest threats in security or is eager to build this knowledge.
- Experience with simulating attacks. Certificates such as CEH and OSCP are not required but are a plus.
- Experience with network detection tools, preferably Zeek, Suricata, Nozomi, Claroty, Armis or Dragos.
- Experience with Scripting languages such as PowerShell, Python, Bash.
- Experience with version control (Git, Azure Dev Ops, etc.).
And has knowledge of one or more of the below:
- Networking fundamentals.
- ICS/SCADA
Job Benefits
- Flexible Working: Balance your work and personal life with our flexible working options.
- Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
- Medicash & Critical Illness Scheme
- Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
- Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
- Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
- Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
- Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
- Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.
About NCC Group
We assess, develop and manage cyber threats across our increasingly connected society. We advise global technology, manufacturers, financial institutions, critical national infrastructure providers, retailers and governments on the best way to keep businesses, software and personal data safe.
With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face.
We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security.
Headquartered in Manchester, UK, with over 35 offices across the world, NCC Group employs more than 2,000 people and is a trusted advisor to 15,000 clients worldwide.
With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face.
We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security.
Headquartered in Manchester, UK, with over 35 offices across the world, NCC Group employs more than 2,000 people and is a trusted advisor to 15,000 clients worldwide.
We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.
If you do not want us to retain your details, you can utilise the Manage Your Data tool provided by Pinpoint or contact us directly at: global.ta@nccgroup.com. All personal data is held in accordance with the NCC Group Privacy Notice.
We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage.
Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process.
If you do not want us to retain your details, you can utilise the Manage Your Data tool provided by Pinpoint or contact us directly at: global.ta@nccgroup.com. All personal data is held in accordance with the NCC Group Privacy Notice.
We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage.
Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process.
Not quite right? Register your interest to be notified of any roles that come along that meet your criteria.
