Senior Network Security Engineer - OT

** At Elanco (NYSE: ELAN) – it all starts with animals!
**** At Elanco, we pride ourselves on fostering a diverse and inclusive work environment. We believe that diversity is the driving force behind innovation, creativity, and overall business success. Here, you’ll be part of a company that values and champions new ways of thinking, work with dynamic individuals, and acquire new skills and experiences that will propel your career to new heights.
**** Making animals’ lives better makes life better – join our team today!
** We are seeking a Senior Network Security Engineer (OT) to assist us in designing and implementing firewall and network access control (NAC) technology solutions across IT and OT networks. The Senior Network Security Engineer will contribute to delivering various technical products in collaboration with other engineers, architects, and operational support teams.

The Senior Network Security Engineer will be part of the team responsible for developing and supporting Elanco’s Network Security Platform. The team collaborates closely with technical service owners, architects, and the operations team to continuously raise the reliability bar for our services while guiding the adoption of Elanco’s network and security platform. The team provides direction for implementing modern technologies and a zero-trust strategy throughout all stages of the service development life cycle.
** Your Responsibilities:
*** Partner with Info Sec and Network Architecture to define and evolve enterprise firewall, NAC, and segmentation architecture across corporate and manufacturing environments.
* Lead design, implementation, and lifecycle management of Palo Alto firewall policies, zone-based segmentation, and security services, including secure north-south and east-west controls.
* Design and enforce segmentation strategies aligned to Purdue Model principles in manufacturing networks, balancing cybersecurity, availability, safety, and regulatory requirements.
* Apply security controls with awareness of industrial protocols such as Modbus/TCP, Ether Net/IP (CIP), PROFINET, OPC/OPC-UA, DNP3, and BACnet, accounting for legacy systems and deterministic traffic flows.
* Own medium- to high-complexity firewall and NAC initiatives from design through operational handover, including structured documentation and runbooks.
* Design and implement Network Security Policy Management (NSPM) solutions to support rule lifecycle governance, risk analysis, attestation, and compliance validation.
* Drive policy lifecycle management across firewalls and NAC, including rule review, optimization, consolidation, and risk reduction.
* Conduct and influence network security design reviews in collaboration with Info Sec, Tech Ops, and site IT/OT stakeholders.
* Ensure all solutions are secure-by-design and compliant with IT Security, Privacy, Quality, and regulatory standards (including GxP where applicable).
* Continuously assess and improve the overall network security posture through threat-informed adjustments and evaluate the capability of emerging capabilities.
* Provide senior-level technical leadership, mentorship, and cross-functional security consultancy.
** What you need to Succeed (minimum qualifications):
*** 5+ years of network security engineering experience, including hands-on design and administration of Palo Alto Networks next-generation firewalls
* Experience with Palo Alto Panorama, logging infrastructure, Global Protect VPN, licensing, and related cloud-delivered security services
* Proven experience designing and implementing segmentation strategies in enterprise and manufacturing/OT-heavy environments
* Experience in engineering or administering a Network Access Control platform (e.g., Forescout Counter

ACT), including visibility, classification, and enforcement workflows
* Experience designing and implementing an NSPM solution for firewall rule governance, compliance validation, and lifecycle management
* Understanding of industrial control system (ICS) environments and common OT protocols (Modbus, Ether Net/IP, PROFINET, OPC/UA, DNP3, BACnet)
* Experience maturing network security controls, procedures, and policy…