Senior OT Network Architect

Responsibilities

Architecture & Design

• Design and implement a segmented OT network architecture transitioning from flat Layer 2 networks to SD-WAN-enabled, zone-based architectures.
• Define network segmentation strategy (ISA/IEC 62443 zones and conduits model) to isolate critical OT assets and control east-west traffic.
• Engineer ring and/or resilient topologies across substations and core OT sites to ensure deterministic communication and fault tolerance.
• Develop SD-WAN design standards including:
  • Underlay/overlay architecture
  • Path selection policies (latency, jitter, packet loss)
  • QoS for ICS protocols (e.g., DNP3, Modbus, IEC 61850)

Security & Compliance

• Develop and enforce OT-specific cybersecurity controls, including micro-segmentation, firewall zoning, and least-privilege access.
• Define and implement firewall policies to restrict inter-zone communication and prevent unauthorized access to OT systems.
• Conduct risk and vulnerability assessments aligned with OT threat models (ransomware, lateral movement, supply chain risks).
• Ensure compliance with NERC CIP standards and other applicable frameworks.

Implementation & Operations

• Lead deployment of SD-WAN solutions across OT sites, including integration with existing switching infrastructure (e.g., industrial-grade switches).
• Configure and maintain high availability mechanisms:
  • Redundant paths and failover (active/active or active/standby)
  • Rapid spanning tree / ERPS / MPLS-TP where applicable
• Support incident response and root cause analysis for OT network disruptions.
• Manage projects and deliver on time with periodic status reports to management.

Qualifications

Basic Qualifications

• 10+ years of experience in network design and architecture, preferably in OT environments.
• Experience with industrial protocols (e.g., Modbus, DNP3, OPC, Ethernet/IP).
• Familiarity with IT/OT convergence principles.

Desired Skills

• Strong understanding of networking concepts, including routing, switching, and firewall configurations.
• Proficiency in network monitoring and management tools.
• Knowledge of cybersecurity best practices for OT networks.
• Experience with industrial control systems (ICS) and SCADA systems.

Minimum Technical Experience

• Knowledge of design, configuration, installation, testing, and maintenance of local and wide area computer wired and wireless networks (Cisco Systems preferred).
• Knowledge of computer network characteristics, network operating system software, and network components
• Troubleshooting skills and the ability to diagnose/resolve network system problems.
• Ability to interpret and apply complex technical manuals and reference materials.
• Ability to assist with developing network security and related procedures; and performing network management activities.

Education Requirements

• Bachelor’s degree in computer science, computer networks, or a related field.
• Certification in related fields (CCNA, CCNP) required. Security and Cisco Certified Internetwork Expert (CCIE), and experience in Extreme network switches is a plus.