OT Cybersecurity Architect

About The Position

Requirements

• Minimum of 8–10 years of experience in cybersecurity, with at least 4+ years dedicated explicitly to OT/ICS cybersecurity architecture or engineering.
• Bachelor’s degree in Electrical Engineering, Computer Engineering, Computer Science, or a related technical field (or equivalent practical experience).
• Proven experience working within large-scale, heavy industrial environments (e.g., manufacturing, pharmaceuticals, utilities, chemicals, or oil & gas).
• Deep understanding of proprietary and open industrial protocols (e.g., Modbus, Profinet, EtherNet/IP, DNP3, OPC UA).
• Expert-level knowledge of ISA/IEC 62443, ISO 27001, NIST SP 800-82, and the Purdue Model.
• Proven ability to architect defense-in-depth approaches around legacy, unpatchable operating systems and embedded firmware without disrupting deterministic operations.
• Experience designing zero-trust or secure multi-factor remote access solutions for internal engineers and third-party OEMs.

Nice To Haves

• SANS GIAC: GICSP (Global Industrial Cyber Security Professional), GRID (GIAC Response and Industrial Defense), or GCIP.
• ISA/IEC 62443 Cybersecurity Design/Expert.
• CISSP (Certified Information Systems Security Professional) with a strong portfolio of physical site experience.
• Demonstrated proficiency in cloud-native architectures utilizing MQTT and other Pub/Sub methodologies.

Responsibilities

• Define OT Security Architecture: Design, maintain, and govern a secure, standardized global OT cybersecurity architecture utilizing the Purdue Model and ISA/IEC 62443 frameworks.
• Network Segmentation: Design robust Industrial Demilitarized Zones (iDMZs), firewalls, and micro-segmentation strategies to securely separate IT enterprise networks from the OT environment.
• Technology Roadmap: Evaluate, select, and architect OT-specific security tools (e.g., asset discovery, passive network monitoring, endpoint protection for legacy systems, and industrial SIEM/SOC integration).
• Governance & Standards: Establish and maintain enterprise-wide OT security governance and standards for Programmable Logic Controllers (PLCs), SCADA systems, Distributed Control Systems (DCS), Human-Machine Interfaces (HMIs), and other operational technologies relevant to manufacturing.
• Bridge the IT/OT Divide: Act as the trusted liaison between Corporate IT/Security teams and Plant Engineering/Operations teams. Translate complex cyber risks into operational impacts for leadership.
• Architecture Review Board (ARB): Lead architectural cyberstrategy and review for all projects affecting OT assets, guarding against unmitigated threats to manufacturing uptime or changes that violate defined cybersecurity policies and safety protocols.
• Vendor Management: Partner with major automation vendors to ensure third-party systems and remote access connections comply with corporate security architecture.
• Risk Assessments: Lead threat modeling and vulnerability assessments across disparate manufacturing sites, prioritizing remediation based on operational risk and safety impacts.
• Incident Response Integration: Partner with the Enterprise Security Operations Center to architect OT-specific logging, monitoring, and incident response playbooks that respect the realities of a live production environment.

Benefits

• medical, dental, and vision insurance
• paid time off
• retirement savings
• opportunities for professional development