Position: OT Cybersecurity Engineer – Purdue Level 1/2 Zoning & Firewall Design
Location: Baton Rouge, LA
Role Overview:
We are seeking a highly skilled Operational Technology (OT) Cybersecurity Engineer with deep
expertise in industrial control system (ICS) security architecture, focusing on Purdue Model
Level 1 and Level 2 zoning, firewall configuration, and secure network segmentation within
complex refinery and chemical processing environments. The ideal candidate will possess
hands-on experience designing and implementing OT cybersecurity zones and controls that
comply with NIST 800-82, ISA/IEC 62443, and other industry best practices. This role requires
both technical acumen and the ability to perform detailed on-site assessments, vulnerability
analysis, and operational risk mitigation in highly secure industrial facilities.
Key Responsibilities:
OT Network Security Architecture & Firewall Design
• Develop and implement Purdue Model Level 1/2 network zones including secure
segmentation of ICS devices (PLCs, HMIs, RTUs) from enterprise IT systems.
• Build, review, and maintain detailed firewall rulesets using vendor platforms such as
Palo Alto, Fortinet, ensuring least privilege access and protocol whitelisting.
• Design and deploy DMZs, data diodes, and read-only gateways to enable secure one-
way data flow between OT and IT domains, preventing lateral movement of threats.
• Collaborate with network and OT engineers to design resilient, redundant, and fail-safe
architectures in compliance with industry standards.
Onsite Security Assessments & Asset Discovery
• Conduct comprehensive plant walkthroughs to assess OT network topology, device
configurations, and physical security controls.
• Perform asset discovery and classification using tools like Tenable OT, Dragos, or other
ICS vulnerability scanners.
• Identify and document vulnerabilities, risks, and compliance gaps, producing actionable
reports and mitigation plans for OT teams.
• Work closely with process and maintenance personnel to align cybersecurity initiatives
with operational requirements and constraints.
Automation, Monitoring & Incident Response
• Develop and maintain PowerShell and Python scripts for automated log monitoring,
anomaly detection, and incident alerting across OT infrastructure.
• Integrate log sources into Security Information and Event Management (SIEM) platforms
while ensuring OT-specific telemetry is correctly interpreted.
• Support incident response efforts by performing root cause analysis and remediation for
OT-related cybersecurity events.
Compliance & Standards Alignment
• Apply NIST 800-82, ISA/IEC 62443, CISA energy sector guidelines, and other relevant
cybersecurity frameworks to ensure regulatory compliance.
• Prepare and maintain technical documentation including firewall policies, network
diagrams, asset inventories, and cybersecurity policies tailored for OT environments.
• Liaise with third-party auditors and regulators during cybersecurity audits and
assessments.
Must-Have Qualifications & Skills:
• Minimum 10+ years of experience in industrial control system (ICS) cybersecurity,
specifically within energy, oil & gas, or chemical sectors.
• Proven track record designing and implementing Purdue Model Level 1 and 2 zones,
secure firewall configurations, and DMZ architectures in OT environments.
• Expertise configuring and managing firewalls and network security appliances from
Palo Alto, Fortinet, or equivalent platforms in ICS/OT settings.
• Hands-on experience with asset discovery and vulnerability assessment tools such as
Tenable OT, Dragos, Claroty, or Nozomi.
• Proficient in PowerShell and Python scripting for automation of security monitoring and
operational controls.
• Strong understanding of ICS protocols (Modbus, DNP3, OPC-UA) and OT network
architectures.
• Excellent communication skills for cross-team collaboration and report writing.
• TWIC Card strongly preferred for secure site access.
Preferred Skills & Certifications:
• Certifications such as GICSP (Global Industrial Cyber Security Professional), ISA/IEC
62443 Cybersecurity Expert, CISSP, or CEH.
• Familiarity with SIEM tools like Splunk, QRadar, or ArcSight integrated with OT telemetry.
• Experience with ICS Incident Response, digital forensics in OT environments, and
industrial malware detection techniques.
• Prior experience working with similar large energy/refining companies.
...a YouTube Shorts expert that can help us create about 5 short videos per day for the upcoming months. The main goal of the channel is... ...know how to create engaging shorts and implement the right video editing thats needed for a high retention video.- You respond quickly...
...Job Summary: We are seeking a Senior Business Analyst Lead with expertise in Kronos/UKG Pro Workforce Management (WFM) to support the upgrade from Kronos Workforce Central (WFC) to UKG Pro WFM. The project includes consolidating five WFC instances into a single...
...access, and adherence to age regulations. DoorDash offers instant payment options and a straightforward process suitable for both part-time and full-time work. Why Deliver with DoorDash? DoorDash is the #1 category leader in food delivery, food pickup, and convenience...
Electrical Engineering Production Support Vandalia, OH Mandatory Skills: Electrical PCB.GE needs one dedicated engineer to support on Production support failures. DO-160 experience (vibe, acceleration, temperature, temperature variation, etc) Knowledge...
Board Certified Behavior Analyst (BCBA) School Based Educational and Behavioral Consultant $65,000-$85,000 | Full-Time Join Community Autism Services - Deliver High-Quality ABA Care with a Team Committed to Growth, Excellence & Innovation! Community Autism Services...