L3 OT SME; m​/f​/d

We are seeking a highly experienced Level 3 OT SME to serve as the ultimate technical authority for Operational Technology environments, including ICs, SCADA, DCS, PLCs, RTUs, and converged IT/OT networks.

• Act as the final escalation point for unresolved L1/L2 incidents, conducting advanced diagnostics, forensic analysis, and root‑cause investigations on OT systems, protocols, and anomalies.
• Lead complex troubleshooting and resolution of critical OT issues, including rare failures, intermittent problems, protocol‑level defects, or multi‑system interactions that impact safety or production.
• Design and architect OT network topologies, segmentation (per Purdue Model), security controls, and resilience strategies aligned with ISA/IEC 62443, NIST SP 800-82, NERC CIP, and other standards.
• Perform advanced threat hunting, vulnerability research, and risk assessments tailored to OT/ICS environments; develop custom mitigation strategies for zero‑days or high‑severity threats.
• Collaborate with vendors (e.g., Rockwell, Siemens, Schneider, Honeywell) on deep technical escalations, patches, firmware updates, and custom configurations.
• Lead incident response for major OT events, including post‑incident reviews, forensic preservation, and improvement recommendations.
• Develop advanced playbooks, standards, reference architectures, and automation/scripts for OT monitoring, patching, and recovery.
• Mentor L1/L2 teams, provide cross‑training, and contribute to knowledge transfer and continuous improvement programs.
• Participate in strategic initiatives such as IT/OT convergence projects, zero‑trust implementations, and regulatory audits/compliance efforts.
• Serve as the primary OT technical liaison for audits, executive briefings, and cross‑functional projects involving engineering, operations, and cybersecurity.

• Bachelor's or Master's degree in Electrical/Industrial Engineering, Computer Science, Cybersecurity, or related field (or equivalent extensive experience).
• 8–12+ years of hands‑on experience in OT/ICS environments, industrial automation, SCADA/DCS engineering, or critical infrastructure protection.
• 4+ years in advanced/support/escalation roles (L2 or higher), with proven track record resolving the most complex OT issues.
• Deep expertise in industrial protocols (Modbus TCP/RTU, DNP3, OPC UA/DA, Profinet, Ether Net/IP, IEC 61850, etc.) and their security implications.
• Extensive knowledge of Purdue Enterprise Reference Architecture (PERA), DMZ design, network segmentation, and IT/OT convergence challenges.
• Proficiency with OT‑specific tools (e.g., Nozomi, Claroty, Dragos, Tenable OT, industrial IDS/IPS) and general forensics/log analysis tools.
• Strong understanding of OT cybersecurity frameworks (ISA/IEC 62443, NIST CSF 2.0, NIST SP 800-82r3) and regulatory requirements (NERC CIP, CFATS, etc.).
• Experience with PLC/HMI programming, configuration management, change control, and vendor‑specific ecosystems (Rockwell Automation, Siemens, Schneider, etc.).

• ISA/IEC 62443 Cybersecurity Expert (or multiple certifications in the 62443 series, including Fundamentals + Specialist levels) – required
• GIAC Global Industrial Cyber Security Professional (GICSP) – required
• GIAC Response and Industrial Defense (GRID) or equivalent advanced OT incident response cert – required
• One or more of the following advanced certifications:
  • Certified Information Systems Security Professional (CISSP) with OT/ICS focus or experience
  • GIAC Critical Infrastructure Protection (GCIP)
  • SANS ICS
    515: ICS Visibility, Detection, and Response (or equivalent advanced SANS OT cert)