Description
OT System Architect
Our client is a leading North American provider of industrial products, specialized services, and infrastructure solutions that support essential industries and critical operations. With a broad operational footprint across multiple jurisdictions, the organization serves customers in sectors such as water treatment, energy, manufacturing, mining, agriculture, and other industrial markets.
Through an extensive network of production facilities, distribution assets, and operational sites, the company delivers products and services that help customers operate safely, efficiently, and sustainably. Its offerings play a key role in supporting environmental compliance, critical infrastructure, industrial processes, and the delivery of essential services.
As an established industry leader, the organization is committed to operational excellence, safety, innovation, and environmental responsibility. The company continues to invest in modernizing its operations and enhancing its digital and cybersecurity capabilities, creating opportunities for technology professionals to contribute to the protection and advancement of critical industrial environments.
Title: OT System Architect
Location: Anywhere in North America
Work model: Remote position however would require travel 25%
Type of position: Full time, permanent
Salary: 200k-225k + 20% bonus + 4 weeks vacation + comprehensive benefits and pension contribution.
Job summary
The OT Systems Architect will play a key role in designing and supporting secure OT networks
across the company’s manufacturing facilities. This role focuses on strengthening the reliability of OT network, OT/IT network segmentation, and cybersecurity controls in alignment with industry standards (ISA, NIST, NERC IP etc). The architect will work closely with the Lead to implement the company’s OT Cybersecurity Program, while supporting connectivity and security for PLC, DCS, BMS, and SIS systems across their facilities.
Key Responsibilities:
Design and deploy security solutions to protect OT systems against cyber threats, including
firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint security solutions.
• Support the OT Cybersecurity Lead in implementing Chemtrade’s OT Cybersecurity Program,
including network design, segmentation, and monitoring across plant environments.
• Design, configure, and maintain Cisco networking infrastructure, including switches, routers, VLANs,
wireless controllers, and firewalls within OT environments.
• Administer and manage WatchGuard, Fortinet, and Palo Alto firewalls to secure OT networks, OT
DMZs, and remote access connections.• Design, configure, and implement OT Demilitarized Zones (OT DMZs) to strengthen network
security and segregation.
• Manage and maintain OT AWS network infrastructure and connectivity.
• Implement Purdue Model–aligned network segmentation based on ISA-95, ISA/IEC 62443, and NIST
SP 800-82 standards to separate IT, OT DMZ, and plant-level environments.
• Collaborate with IT, Corporate Electrical Reliability, and site teams to securely integrate PLCs, DCS,
BMS, SIS, and other industrial control systems within OT networks.
• Implement and support secure remote access solutions for vendors and third parties, including
VPNs, jump hosts, and multi-factor authentication (MFA).
• Support asset inventory management, vulnerability assessments, intrusion detection, and incident
response activities using tools such as Claroty, Palo Alto, and SIEM platforms.
• Monitor, troubleshoot, and optimize network performance to ensure high availability and reliability
across OT environments.
• Develop and maintain network diagrams, architecture documentation, standards, and configuration
baselines for OT infrastructure.
• Participate in OT risk assessments, compliance audits, disaster recovery planning, and remediation
initiatives.
• Provide technical support and troubleshooting for OT networking issues across multiple Chemtrade
locations.
• Establish and manage Process Control Network (PCN) domains, user access controls, and
authentication mechanisms.
• Partner with IT infrastructure teams to integrate, implement, and maintain cybersecurity tools
across OT environments.
• Coordinate with third-party vendors and contractors to ensure systems and services meet
cybersecurity and compliance requirements.
• Stay current on industry best practices, emerging threats, regulatory requirements, and new
technologies related to OT cybersecurity.
• Collaborate with IT and engineering teams to securely integrate OT systems with enterprise IT
infrastructure.
• Analyze, investigate, and respond to cybersecurity incidents, alerts, and events using security tools
and manual analysis techniques.
• Support internal and external audit activities, including remediation tracking and evidence
collection.
• Assess current and emerging threat landscapes, providing risk analysis and recommendations to
strengthen operational cybersecurity posture.
• Assist in developing cybersecurity training materials, operational procedures, and technical
documentation for internal and external stakeholders.
• Apply strong expertise in supporting, maintaining, and troubleshooting enterprise and industrial
network infrastructure assets.
Qualifications
Bachelor’s degree in Electrical Engineering, Electronics Engineering, Computer Science,
Information Technology, or a related discipline.
• Relevant industry certifications such as CCNA, CCNP, GICSP, Fortinet NSE, or Palo
Alto PCNSE are considered strong assets.
• 7+ years of experience designing, implementing, and maintaining industrial OT/ICS
network infrastructure.• Strong understanding of the Purdue Model and OT network zoning principles.
• Working knowledge of OT cybersecurity frameworks and standards, including NIST SP
800-82, NIST CSF, IEC 62443, and CIS Controls.
• Experience administering Microsoft operating systems, Windows Server environments,
and Hyper-V virtualization platforms.
• Knowledge of networking and connectivity requirements for enterprise process historians
such as AVEVA PI and Canary.
• Hands-on experience with Cisco networking technologies including switches, routers,
VLANs, and routing protocols.
• Experience managing and configuring industrial firewalls (WatchGuard, Fortinet, Palo
Alto), VPNs, DMZs, and secure remote access solutions.
• Knowledge of PLC, DCS, BMS, and SIS architectures and their integration within OT
environments, preferably with platforms from Rockwell, Emerson, Honeywell, or ABB.
• Familiarity with industrial communication protocols including Modbus, DNP3,
EtherNet/IP, OPC UA, and PROFINET.
• Experience with OT asset management, monitoring, and threat detection platforms such
as Claroty and Nozomi.
• Knowledge of AWS cloud services, including EC2, S3, and VPC networking.
• Experience with Active Directory, Domain Controllers, and Windows-based identity and
access management integrated with network infrastructure.
• Experience deploying cybersecurity controls within OT environments, including network
segmentation, zoning, isolation, and endpoint protection.
• Understanding of broader cybersecurity frameworks and standards, including ISO
27001/27002, ISO 15408, NIST CSF, and NIST SP 800-53.
• Hands-on experience implementing modern OT systems technologies, architectures, and
cybersecurity solutions.
• Knowledge of ISA/IEC 62443 cybersecurity standards and best practices.
• Strong troubleshooting, analytical, and problem-solving skills.
• Excellent communication and interpersonal skills, with the ability to engage effectively
with both technical and non-technical stakeholders.
• Demonstrated ability to collaborate across multiple teams, functions, and organizational
levels.
• Strong organizational, time management, and documentation skills.
• Self-motivated with the ability to work independently and as part of a team.
• Safety-focused mindset and experience working within industrial or chemical plant
environments.
• Willingness and ability to travel approximately 25% to Chemtrade facilities across North
America.
• Demonstrated ability to quickly learn and adapt to new technologies, processes, and
business requirements.
