OT Cybersecurity Engineer

Contractor will support delivery and implementation across Industrial Cybersecurity Services Portfolios including:

• Plant Security Services: Security Assessments, Industrial Security Consulting, Remote Industrial Operations Services (RIOpS)
• Network Security Services: Industrial Next Generation Firewall, Industrial DMZ Infrastructure, Remote Platform SaaS (cRSP)
• System Integrity Services: Endpoint Protection, Vulnerability Services (incl. Vilocify + PoC), Patch Management, Backup & Restore

• Execute industrial/OT security assessments (site/remote) including asset inventory validation, risk findings, and actionable remediation plans aligned to customer environments (plant/line/cell, ICS/SCADA).
• Design and implement network security controls: segmentation approach, Industrial DMZ patterns, firewall policy/ruleset development, and OT/IT integration hardening for industrial networks.
• Support remote operations enablement (RIOpS / cRSP): define secure remote access patterns, operational runbooks, monitoring/incident handling procedures, and customer handover artifacts.
• Deliver system integrity services: endpoint protection rollout support, vulnerability scanning coordination (Vilocify services + PoC support), patching strategy and execution planning, and backup/restore validation.
• Produce customer-ready deliverables (assessment reports, architectures, implementation plans, as-builts, and SOPs) and contribute to standard Siemens playbooks/templates for repeatability.

• Bachelor's degree in Cybersecurity, Computer Science, Engineering, or equivalent practical experience.
• 5+ years cybersecurity experience with 3+ years in OT/industrial environments (manufacturing, utilities, energy, etc.).
• Proven experience with ICS/OT architectures and security controls (segmentation, remote access, jump hosts, logging/monitoring).
• Familiarity with common OT security frameworks/standards (e.g., IEC 62443 / NIST concepts) and translating them into practical controls.
• Hands-on firewall and segmentation experience (policy design, NAT, VPN, routing, rule lifecycle, troubleshooting).
• DMZ design/implementation experience for industrial environments.
• Endpoint protection deployment support and troubleshooting.
• Vulnerability assessment lifecycle (scan planning, validation, triage, remediation guidance, reporting); ability to support Vilocify-based engagements and PoCs.
• Strong customer-facing consulting skills: requirements capture, clear documentation, executive-level readouts, and tight project coordination.
• Ability to work independently, manage priorities, and collaborate across sales/delivery/engineering.