OT Cybersecurity Engineer

Onsite OT/ICS cybersecurity engineer responsible for auditing, designing, and implementing OT cybersecurity controls across global ICS/OT environments, leading risk assessments, monitoring, and threat detection to protect data center operations.

Responsibilities

• Collaborate with the Senior OT Cybersecurity Engineer to represent OT cybersecurity regionally, participating in meetings with site operations, vendors, and internal stakeholders to drive consistent OT cybersecurity practices.
• Implement and manage Secure Remote Access (SRA) and Privileged Access Management (PAM) solutions to control and monitor third party access to critical OT environments.
• Perform OT asset discovery, inventory management, and risk classification using OT monitoring platforms; support the deployment and configuration of ICS/OT IDS solutions.
• Conduct vulnerability assessments on OT assets and coordinate remediation with Automation Systems, Site Operations, Network, and Cyber Security teams.
• Support integration of OT security monitoring into SOC workflows, including alert tuning and playbook development.
• Coordinate with data center teams to ensure cybersecurity controls do not impact uptime or operational resilience.
• Conduct cybersecurity assessments of products and technologies considered by Data Center teams prior to adoption and deployment.
• Perform OT Cybersecurity Risk assessments against best practices and industry frameworks (ISA/IEC 62443, NIST SP 800-82, NIST CSF) and participate in audits.
• Implement and support OT cybersecurity monitoring and analytics tools to improve threat detection, threat hunting, and forensic investigations.
• Assess criticality of OT systems and evaluate potential operational impacts of failures or cyberattacks to inform resilient OT architecture design.
• Research, develop, operationalize, evaluate, and improve OT defensive TTPs for detecting and responding to cyber threats.
• Research and develop OT Cyber Resiliency solutions, including OT/ICS SCADA cyber defense architectures.
• Collaborate with other departments to review network architectures and ensure security best practices are utilized.
• Engage with vendors to ensure detailed diagrams, procedures, and deployment plans are created and maintained for each deployment.
• Maintain and create documentation as needed and represent the Cybersecurity team in meetings with clients' vendors and stakeholders.
• Stay informed about industry trends, threats, and tools to support enterprise security.
• Perform ad hoc duties to support the company’s security goals.

Requirements

• 5 to 10 years of experience in OT cybersecurity.
• Hands-on experience deploying and configuring OT security solutions in an OT environment.
• Design and implementation experience for IDS, SRA, network segmentation, firewalls, and endpoint security.
• Experience with Building Management Systems (BMS), Electrical Power Management System (EPMS), SCADA platforms, and PLC platforms (Siemens, Schneider, Rockwell).
• Familiarity with industrial protocols (Modbus, DNP3, BACnet, OPC, S7, CIP) and passive OT monitoring solutions (Tenable, Nozomi, Claroty).
• Experience with firewalls (IDS/IPS/DPI/WAF/Web Filter/App Control), networking environments (routing, switching, VLANs, security, wireless), SIEM, SOAR, and XDR.
• Knowledge of Windows and Linux server architectures in IT/OT environments, plus cloud and virtualization platforms supporting OT workloads.
• Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or related field, or 4 additional years of engineering experience (military/public/private sectors).
• 3 years of experience performing cybersecurity risk assessments in IT/OT environments.
• Strong understanding of cybersecurity frameworks for ICS/OT environments and OT network protocols/topologies.
• ISA/IEC 62443 certificates are preferable; related certifications such as GICSP, GRID, CIP, CISSP, CompTIA Security+, CompTIA Network+, or CISM are preferred.
• Understanding of MITRE ATT&CK for ICS or NERC CIP frameworks; familiarity with NIST SP 800-61 Rev. 2, 800-82; PERA; ISO/IEC 27001/27002, NIST CSF, and NIST SP 800-53.
• Demonstrated project and program management skills; strong Excel proficiency; excellent written and verbal communication.
• Travel expectations: < 20% initially, potentially higher during construction projects; available outside standard hours as required.

Technologies

• Secure Remote Access (SRA), Privileged Access Management (PAM)
• Building Management Systems (BMS), Electrical Power Management System (EPMS), SCADA
• PLC Platforms (Siemens, Schneider, Rockwell); Modbus, DNP3, BACnet, OPC, S7, CIP
• Passive OT monitoring tools (Tenable, Nozomi, Claroty)
• IDS/IPS/DPI/WAF/Web Filter/App Control, Routing, Switching, VLANs, Security, Wireless
• SIEM, SOAR, XDR; Windows and Linux servers; Cloud and virtualization platforms

Benefits

• Health insurance including medical, dental, and vision
• Life and AD&D insurance
• Short-term and long-term disability insurance
• Paid time off
• Employee assistance program
• 401k with company match
• Additional voluntary benefits

Additional Preferred Requirements

• Networking certifications (eg, CCNA, CCNP)
• Security certifications such as CISSP, CompTIA Security+, CompTIA Network+, or CISM
• SANS certifications (GICSP, GIAC GRID, GCIA, GNFA, etc.)
• Certified SCADA Security Architect (CSSA)
• Data center experience strongly preferred

Physical Demands and Special Requirements

• Occasional standing, walking, sitting, and use of hands to handle objects; reaching with hands and arms; climbing stairs; balancing; stooping or kneeling; talking and hearing
• Occasional lifting and/or moving up to 25 pounds

Additional Details

• Salary Range: 110,000 to 120,000 USD base with bonus potential; varies by location
• Eligible for full benefits package including medical, dental, vision, life, disability, PTO, 401k match
• Compensation may exceed the stated range based on qualifications and experience
• Employment classification: on-site, hybrid arrangements may apply