Operational Technology (OT) Cybersecurity & Infrastructure Specialist

Job Description:

Industry/SectorNot Applicable

SpecialismCybersecurity & Privacy

Management LevelSenior Associate

Job Description & SummaryThe OT Cybersecurity & Infrastructure Specialist is responsible for designing, implementing, securing, and maintaining IT-OT infrastructures that enable safe, reliable, and efficient industrial operations. The role focuses on protecting control environments through secure-by-design architectures, Purdue Model segmentation, and end-to-end visibility using advanced OT monitoring platforms.
The ideal candidate brings deep technical knowledge across ICS/SCADA systems, industrial networking, wireless OT systems, and cybersecurity frameworks such as SANS ICS, IEC 62443, NIST 800-82, and CIS Controls - with proven experience in greenfield and brownfield deployments, OT modernization, and security integration projects

1. IT-OT Infrastructure & Operations

* Design, implement, and maintain secure IT-OT infrastructure ensuring reliability, performance, and cyber resilience.
* Provide expert technical support and resolve complex IT-OT integration and security issues to minimize downtime.
* Maintain a comprehensive asset inventory (wired, wireless, and IIoT) for visibility and configuration management.
* Act as a subject matter expert (SME) in OT security and infrastructure lifecycle management.

2. OT Cybersecurity Governance & Implementation

* Develop, implement, and enforce cybersecurity policies and standards in alignment with SANS, IEC 62443, NIST, and CIS frameworks.
* Conduct security assessments, audits, and compliance reviews across control networks and critical systems.
* Integrate IDS/IPS and SIEM solutions to monitor and detect OT-specific cyber threats.
* Utilize OT cybersecurity monitoring tools (e.g., Dragos, Nozomi, Claroty, Armis) for continuous threat visibility and anomaly detection.
* Use network and infrastructure monitoring platforms (e.g., SolarWinds, Zabbix, NetBrain) for performance tracking, topology mapping, and proactive incident management.
* Maintain measurable compliance and security posture reporting for enterprise and regulatory requirements.

3. Secure OT Migration & Deployment (Greenfield / Brownfield Projects)

* Lead secure OT migration initiatives for modernization or technology upgrades.
* Design greenfield OT environments with security integrated from concept to commissioning.
* Assess and retrofit brownfield environments, addressing vulnerabilities in legacy systems.
* Develop and execute migration roadmaps aligned with Purdue Model (Levels 0-5) for secure network segregation.
* Collaborate with engineering and operations teams to ensure secure deployment of new OT technologies.

4. Security Architecture & Purdue Model Segmentation

* Architect secure OT network topologies aligned with the Purdue Enterprise Reference Architecture (PERA).
* Implement network segmentation (zones and conduits) to isolate critical control systems and prevent lateral movement.
* Configure and deploy firewalls, VLANs, routers, and switches using Cisco, Palo Alto Networks, or equivalent solutions.
* Conduct network segmentation reviews to ensure compliance with IEC 62443 and enterprise policies.
* Develop and document zoning, conduit policies, and access controls for OT systems.

5. Wireless and IIoT Security

* Design and secure wireless OT communications (Wi-Fi, Bluetooth, LoRa, Zigbee, 4G/5G) used in IIoT and industrial telemetry.
* Implement wireless security controls such as 802.1X authentication, WPA3-Enterprise, and NAC.
* Perform wireless vulnerability assessments to detect rogue access points, weak encryption, or interference risks.
* Integrate wireless telemetry systems with enterprise SIEM and SOC platforms for unified visibility.

6. Threat, Risk, and Control Management

* Identify threats, vulnerabilities, and attack paths specific to industrial control systems and connected OT assets.
* Build security control libraries, design patterns, and reusable best practices mapped to industry standards.
* Evaluate and optimize existing controls and defense mechanisms to ensure a multi-layered security posture.
* Provide detailed configuration and deployment playbooks for consistent and secure implementation.

7. Integration, Collaboration & Continuous Improvement

* Collaborate with IT, OT, and engineering teams to align cybersecurity architecture with operational and business objectives.
* Identify and remediate security gaps in solution designs, ensuring effective risk management.
* Support integration of OT monitoring platforms with enterprise-level analytics and response systems.
* Demonstrate operational excellence and continuous improvement across all project phases and engagements.

Qualifications & Skills:

* Education: Bachelor's or Master's in Computer Science, Electrical, Electronics, or Industrial Engineering.
* Experience: 5-10 years in OT/ICS cybersecurity, network engineering, or industrial automation.

Certifications (Preferred):

* SANS GICSP, GRID, GIAC ICS Defender, GCIP
* CISSP, CISM, CEH, CompTIA Security+ / CySA+
* ISA/IEC 62443 Expert / Practitioner
* Cisco CCNP Security, Palo Alto PCNSE, CWSP / CWNA (for wireless OT)

Technical Competencies:

* Deep expertise in ICS/SCADA, DCS, and PLC systems (e.g., Siemens, Rockwell, Schneider).
* Proficient in industrial protocols (Modbus, DNP3, OPC-UA, Profinet, EtherNet/IP).
* Experience with network segmentation and Purdue Model architecture (Levels 0-5).
* Skilled in OT visibility and monitoring tools:
* Dragos, Nozomi Networks, Claroty, Armis (for OT cybersecurity and asset discovery).
* SolarWinds, Zabbix, NetBrain (for network performance monitoring and topology mapping).
* Hands-on experience with firewalls, IDS/IPS, SIEM, NAC, and VPNs in OT/industrial environments.
* Knowledge of wireless OT security, IIoT device hardening, and cloud-connected OT visibility.
* Familiar with risk management, threat modeling, and incident response for OT systems.

Soft Skills:

* Strong analytical and problem-solving mindset.
* Excellent communication and stakeholder coordination skills.
* Ability to balance security rigor with operational uptime.
* Commitment to security-by-design, documentation, and continuous improvement.

All qualified applicants will receive consideration for employment at PwC without regard to ethnicity; creed; color; religion; national origin; age; disability; neurodiversity; sexual orientation; gender identity or expression; marital; or any other status protected by law. PwC is proud to be an inclusive organization and equal opportunity employer.

Travel RequirementsNot Specified

Job Posting End Date