Job Title: OT Cybersecurity Engineer - Purdue Level 1/2 Zoning & Firewall Design
Location: Baton Rouge, LA
Contract 12 months
Must Have: ICS Exp, TWIC Card needed.
Role Overview:
We are seeking a highly skilled Operational Technology (OT) Cybersecurity Engineer with deep expertise in industrial control system (ICS) security architecture, focusing on Purdue Model Level 1 and Level 2 zoning, firewall configuration, and secure network segmentation within complex refinery and chemical processing environments. The ideal candidate will possess hands-on experience designing and implementing OT cybersecurity zones and controls that comply with NIST 800-82, ISA/IEC 62443, and other industry best practices. This role requires both technical acumen and the ability to perform detailed on-site assessments, vulnerability analysis, and operational risk mitigation in highly secure industrial facilities.
Key Responsibilities:
OT Network Security Architecture & Firewall Design
• Develop and implement Purdue Model Level 1/2 network zones including secure segmentation of ICS devices (PLCs, HMIs, RTUs) from enterprise IT systems.
• Build, review, and maintain detailed firewall rulesets using vendor platforms such as Palo Alto, Fortinet, ensuring least privilege access and protocol whitelisting.
• Design and deploy DMZs, data diodes, and read-only gateways to enable secure one way data flow between OT and IT domains, preventing lateral movement of threats.
• Collaborate with network and OT engineers to design resilient, redundant, and fail-safe architectures in compliance with industry standards.
Onsite Security Assessments & Asset Discovery
• Conduct comprehensive plant walkthroughs to assess OT network topology, device configurations, and physical security controls.
• Perform asset discovery and classification using tools like Tenable OT, Dragos, or other ICS vulnerability scanners.
• Identify and document vulnerabilities, risks, and compliance gaps, producing actionable reports and mitigation plans for OT teams.
• Work closely with process and maintenance personnel to align cybersecurity initiatives with operational requirements and constraints.
Automation, Monitoring & Incident Response
• Develop and maintain PowerShell and Python scripts for automated log monitoring, anomaly detection, and incident alerting across OT infrastructure.
• Integrate log sources into Security Information and Event Management (SIEM) platforms while ensuring OT-specific telemetry is correctly interpreted.
• Support incident response efforts by performing root cause analysis and remediation for OT-related cybersecurity events.
Compliance & Standards Alignment
• Apply NIST 800-82, ISA/IEC 62443, CISA energy sector guidelines, and other relevant cybersecurity frameworks to ensure regulatory compliance.
• Prepare and maintain technical documentation including firewall policies, network diagrams, asset inventories, and cybersecurity policies tailored for OT environments.
• Liaise with third-party auditors and regulators during cybersecurity audits and assessments.
Must-Have Qualifications & Skills:
• Minimum 10+ years of experience in industrial control system (ICS) cybersecurity, specifically within energy, oil & gas, or chemical sectors.
• Proven track record designing and implementing Purdue Model Level 1 and 2 zones, secure firewall configurations, and DMZ architectures in OT environments.
• Expertise configuring and managing firewalls and network security appliances from Palo Alto, Fortinet, or equivalent platforms in ICS/OT settings.
• Hands-on experience with asset discovery and vulnerability assessment tools such as Tenable OT, Dragos, Claroty or Nozomi.
• Proficient in PowerShell and Python scripting for automation of security monitoring and operational controls.
• Strong understanding of ICS protocols (Modbus, DNP3, OPC-UA) and OT network architectures.
• Excellent communication skills for cross-team collaboration and report writing.
• TWIC Card needed for secure site access.
Preferred Skills & Certifications:
• Certifications such as GICSP (Global Industrial Cyber Security Professional), ISA/IEC 62443 Cybersecurity Expert, CISSP, or CEH.
• Familiarity with SIEM tools like Splunk, QRadar, or ArcSight integrated with OT telemetry.
• Experience with ICS Incident Response, digital forensics in OT environments, and industrial malware detection techniques.
• Prior experience working with similar large energy/refining companies.
Work Environment & Travel:
• Role requires onsite presence in Baton Rouge, LA, with frequent field visits to chemical/refinery plant areas.
• Must adhere to all safety, security, and operational protocols, including wearing proper PPE and following plant access procedures.
• Will be required to participate in shift work, emergency on-call rotations, and incident response drills as necessary.