Operational Technology (OT) Networking Engineer

OT Networking Engineer

Core Networking Skills: L2/L3 switching & routing: STP/RSTP/MSTP, EtherChannel/LACP, VLAN, ACLs, HSRP/VRRP, OSPF, BGP, QoS. Hands-on with Cisco/Juniper/Aruba/HPE networking; Palo Alto/Fortinet/Cisco firewalls. DNS/DHCP/NTP/IPAM/syslog; packet tracing with Wireshark. OT/ICS Skills: Knowledge of Purdue Model, ICS/SCADA architecture, IT–OT DMZ, historian connectivity. Experience with Modbus, Profinet, EtherNet/IP, OPC UA, DNP3 & serial-to-IP transitions. Operational Excellence: ITIL-based incident/change/problem management. Experience with vendor/OEM coordination and plant shutdown activities. Preferred Certifications: Networking: CCNP, JNCIP, PCNSA/PCNSE, Fortinet NSE 4–7, Network+. OT/Security: GICSP, ISA/IEC 62443 certifications, CISSP/SSCP (ICS knowledge). Soft Skills: Excellent stakeholder management with plant operations, OEMs, and IT/OT teams. Strong documentation, communication, and structured troubleshooting ability. Ownership mindset and willingness to support production-critical events. Cloud/SD-WAN: Azure Network Engineer, AWS Advanced Networking, Viptela/Prisma/Fortinet SD-WAN. Network Design & Implementation: Architect and deploy L2/L3 networks across IT–OT zones (Access/Distribution/Core) following the Purdue Model (Levels 0–5). Configure VLANs, VRFs, ACLs, OSPF, BGP, Static Routing, NAT, micro/macro segmentation, and IT–OT DMZ solutions. Implement and manage firewalls: Palo Alto, Fortinet, Cisco ASA/FTD, App-ID, security profiles, and threat prevention. Build resilient connectivity for SCADA, PLCs, RTUs, HMIs, Historians, Industrial IoT gateways with redundancy, QoS, and TSN. Deploy secure remote access via VPN, jump servers, bastion hosts for OEMs/service partners. Operations, Monitoring & Troubleshooting: Use NMS and OT monitoring tools (SolarWinds, PRTG, Zabbix, Nozomi, Claroty) for performance monitoring and threat detection. Troubleshoot L2/L3 issues, packet flows, ICS communication using Wireshark/tcpdump. Maintain HLD/LLD, network diagrams, IPAM, runbooks, and RACI documentation. Drive ITIL-based incident, problem, change management and RCA for network/plant outages. OT & Industrial Protocols: Support and secure Modbus/TCP, Profinet, EtherNet/IP, OPC UA, DNP3, BACnet, IEC 104/61850. Implement protocol-aware filtering, segmentation, and allowlisting for ICS assets. Collaborate with plant operations, OEMs, SI partners for SCADA/DCS/PLC/RTU migrations and upgrades. Compliance: Apply IEC 62443 (zones/conduits, SLs, patching, access control, logging). Implement IDS/IPS, NAC (802.1X), secure configs, and firmware governance. Support audits, vulnerability assessments, NIST CSF, ISA-99, ISO 27001 OT controls. Cloud & Edge: Connect OT data securely to Azure/AWS/GCP, edge gateways, data lakes. Configure Azure ExpressRoute, AWS Direct Connect, SD-WAN policies, zero-trust architectures.