OT Cyber Solution Architect
Role details
Job location
Tech stack
Job description
We are seeking a reliable, approachable, responsive, and hands-on OT Cyber Solution Architect to take complete technical ownership of a major Zero Trust architecture rollout. The successful contractor will be responsible for owning the design and implementation lifecycle across a complex, safety-critical Operational Technology (OT) environment
You will lead dedicated OT teams and Subject Matter Experts (SMEs), providing clear technical and design direction while ensuring that all solutions are practical, deployable, and heavily aligned with operational and plant-floor constraints.
Key Deliverables and Accountabilities
You will own the complete Zero Trust architecture and design lifecyclefrom initial requirements gathering and POCs to roll-out, deployment, and eventual BAU transition.
Your key outputs will include:
- High-Level Designs (HLD) and Low-Level Designs (LLD) for a secure, scalable, and resilient OT security fabric.
- Comprehensive Testing Plans and Strategies.
- Change Impact Assessments to ensure safe, non-disruptive deployment in safety-critical industrial environments.
Program Workstreams and Technical Scope
The deployment spans across a heavily federated estate and is broken down into three core technical workstreams:
- Network Access Control (NAC)
- Technology Stack: FortiNAC.
- Objectives: Implement NAC (802.1X) across Layer 2 switches to achieve robust device authentication, posture checking, and dynamic access control/segmentation without disrupting active operations.
- Endpoint Detection and Response (EDR)
- Technology Stack: SentinelOne (for air-gapped endpoints) and Microsoft Defender for Endpoint (MDE) (for internet-exposed endpoints).
- Objectives: Deploy behavior-based threat detection safely within highly constrained, legacy OT hardware environments.
- Network Detection and Response (NDR) + OT Visibility
- Technology Stack: Claroty + FortiGate + FortiGuard + FortiNAC.
- Objectives: Establish comprehensive perimeter threat detection, continuous visibility, and native SOC integration.
Requirements
- OT Security Expertise: Proven track record as a Cyber Security Architect working natively within safety critical industrial environments (e.g., Utilities, Water, Energy, Oil and Gas, or Rail).
- Lifecycle Ownership: Direct experience writing production-grade HLDs and LLDs, alongside conducting successful Proof of Concepts (POCs) for security tooling.
- Tooling Mastery: Deep architectural knowledge of at least two of the primary stack components: FortiNAC, Claroty, SentinelOne, or Microsoft Defender for Endpoint (MDE).
- Framework Alignment: Strong understanding of OT network security segmentation principles (Purdue Model) and industrial standards such as IEC 62443 or the NCSC CAF.