Principal Operational Technology Security Engineer (HYBRID)

About the position

We seek a Principal Security Network Engineer experienced in IT and OT (Operational Technology) systems, specializing in federally regulated domestic industries, including energy (electric oil and gas), maritime, pharmaceutical, chemical, manufacturing/warehousing, and critical municipal infrastructures. The ideal candidate will have a strong background in IEC 62443 cybersecurity standards and protocols and a proven track record in assessing and implementing secure IT/OT network infrastructures within these sectors. This position is Hybrid within a commutable distance to one of our facilities in Andover MA, Beaverton OR, Broomfield CO, Irvine CA, Milpitas CA, or Rochester NY.

Responsibilities

• Develop and execute a comprehensive OT security strategy aligned with industry standards and regulatory requirements.
• Continuously assess and update the OT security strategy to address emerging threats and vulnerabilities.
• Design and implement secure OT architectures and solutions for industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, and other OT assets.
• Ensure that OT systems are designed with security as a fundamental consideration, including network segmentation and access controls.
• Implement and manage security controls and technologies specific to OT environments, such as intrusion detection systems (IDS), firewalls, and network monitoring tools.
• Configure and maintain OT security solutions to detect and respond to anomalies and threats.
• Perform regular vulnerability assessments and penetration testing of OT systems.
• Collaborate with OT teams to remediate identified vulnerabilities and weaknesses.
• Develop and maintain incident response plans and procedures for OT security incidents.
• Lead incident response efforts in the event of security breaches or incidents.
• Provide guidance and training to OT teams on security best practices, including secure configurations and access controls.
• Foster a culture of security awareness within the OT organization.
• Ensure OT environments comply with relevant industry-specific standards and regulations, such as NERC CIP or IEC 62443.
• Collaborate with compliance teams to conduct assessments and audits.
• Maintain detailed documentation of OT security architectures, policies, and procedures.
• Produce reports and recommendations for management and stakeholders.
• Stay current with industry trends, emerging threats, and evolving technologies. Drive continuous improvement in IT and OT network and security solutions.

Requirements

• 8+ years of recent experience supporting network and security projects.
• Proficient in the first four layers of the OSI model.
• Familiarity with IEC 62443 and the Purdue model.
• Proven experience with SCADA, DCS, and ICS systems.
• A proactive individual capable of navigating uncertainty and managing multiple project tasks simultaneously.
• Security: Cisco, Fortinet, F5, Check Point and Palo Alto firewalls, WAF, IDS/IPS and VPN.
• WAN routing solutions: MPLS, SD-WAN with VPN overlays.
• LAN/WAN platforms: Cisco Nexus, ACI, Catalyst, ISR route/switch, Fortinet, Aruba, especially multi-chassis, multi-context, ruggedized, and virtualized systems.
• OT Networking & PLC Vendors: GE, Schweitzer, Schneider, Siemens, Red Lion, Antaira, Hirschmann, Emerson, Phoenix Contact, Moxa.
• Cloud: Azure VNETs, Peering, Virtual Gateway, VLAN, DNS, Load Balancing.
• Authentication Systems: TACACS, RADIUS, LDAP, Cisco ISE, FortiAuthenticator.
• Wireless: Client and point-to-point/multipoint wireless, radio and cellular solutions.

Benefits

• Salary Pay Range: $150k - $175k per year.
• Discretionary annual bonus.
• Comprehensive benefits package including health insurance coverage (medical, dental and vision).
• 401(k) with company match.
• Life and disability insurance.
• 12 paid holidays.
• Sick time.
• 15 paid vacation days.
• 6 weeks fully paid parental leave.
• Adoption assistance.
• Tuition reimbursement.