Job Type: Contract
Work Mode: Onsite (Client)
Department: OT / ICS Architecture
Role Overview
We are seeking a highly experienced Network Architect with 10–15+ years of relevant experience in SCADA and OT network architecture.
The role requires strong expertise in designing, securing, and governing large-scale industrial network infrastructures across multi-site critical environments. The candidate must bring deep hands-on knowledge along with architectural leadership in industrial networking, SCADA integration, VLAN segmentation, routing, NAT, and critical infrastructure compliance.
This is a senior technical leadership role responsible for end-to-end architecture, implementation governance, and security alignment within regulated OT environments.
Key Responsibilities
Architecture & Design
• Design end-to-end SCADA and OT/ICS network architectures.
• Define secure VLAN segmentation strategy:
o VLAN 10 – OT/ICS
o VLAN 20 – Management
o VLAN 40 – SCADA
• Architect multi-site routing, static routes, and NAT configurations.
• Define secure MPLS and IPSEC VPN tunnel architecture for remote connectivity and 4G failover backup links.
• Design transition VLAN models for integration between legacy and new SCADA environments.
• Ensure SCADA traffic flows securely without bypassing defined security zones.
• Develop detailed high-level and low-level network architecture documentation and diagrams.
Security & Compliance
• Ensure compliance with:
o NIS Directive (Critical Infrastructure Security)
o IEC 62443 Cybersecurity Framework
o Water OTASP standards (Asset Monitoring, Telemetry, Automation, SCADA design)
o OT security governance frameworks
• Architect secure zone-to-zone communication and firewall rule frameworks.
• Define OT security logging and monitoring architecture:
o SIEM logging
o Qualys vulnerability scanning
o Microsoft Defender
• Lead Azure AD integration for SCADA IPC authentication.
• Ensure regulatory audit readiness and documentation compliance.
Implementation Governance & Technical Oversight
• Provide architectural oversight for:
o Cisco IR1101 router deployments
o Schneider managed switches
o VLAN configuration
o Routing and NAT validation
• Validate multi-site routing and NAT configurations.
• Ensure end-to-end connectivity between SCADA and PLC devices (local and remote).
• Oversee firewall updates for new IP addresses and NAT configurations.
• Ensure legacy system connectivity is maintained without unnecessary re-IP.
• Lead troubleshooting strategy for complex, multi-site industrial environments.
• Provide technical direction and mentoring to Network Engineers.
Required Skills & Experience
• 10–15+ years of experience in networking, with strong OT/ICS exposure.
• Proven experience designing SCADA and industrial network architectures.
• Advanced expertise in:
o Routing protocols
o Static routes
o NAT
o VLAN segmentation
o MPLS and IPSEC VPN
• Strong knowledge of Cisco IOS (IR1101 preferred).
• Experience with Schneider managed switches.
• Deep understanding of industrial networks and SCADA systems.
• Strong working knowledge of:
o NIS Directive
o IEC 62443
o Critical infrastructure cybersecurity frameworks
• Experience in water utility or similar regulated OT environments.
• Strong documentation and stakeholder communication skills.
Preferred Qualifications
• CCNP / CCIE certification preferred.
• OT cybersecurity certifications (IEC 62443, CISSP, etc.).
• Experience leading multi-site OT transformation or modernization programs.
• Experience working in water treatment, pumping stations, or industrial control environments.