IT-OT Network Consultant

The OT Network Consultant plays a critical role in the design, deployment, and lifecycle support of secure, resilient, and high-performing network infrastructures that underpin industrial control system (ICS) and operational technology (OT) environments. This role provides advanced technical expertise across switching, routing, firewalls, network segmentation, VPN/remote access, and cybersecurity controls that support SCADA, HMI, IIoT, and other industrial applications. The Consultant leads the implementation of OT network architectures by defining technical requirements, designing and configuring network components, validating security and performance, and ensuring compliance with client, regulatory, and industry cybersecurity standards. Working closely with project managers, senior engineers, and client stakeholders, the Consultant takes ownership of network design packages, configuration baselines, change management processes, and technical deliverables. Responsibilities include leading commissioning and cutover activities, troubleshooting complex network and communication issues, optimizing network performance and resiliency, and advising clients on best practices for segmentation, secure connectivity, and OT network governance. The Consultant also contributes to strategic initiatives by identifying opportunities for modernization, standardization, and improved cybersecurity posture across client networks. Beyond hands-on implementation, the OT Network Consultant provides strategic guidance to clients, supports project planning and architecture reviews, and ensures that all solutions align with operational, security, and compliance objectives. Through a blend of technical leadership, strong communication, and deep understanding of industrial networking and OT security principles, this role ensures that deployed networks remain secure, scalable, stable, and aligned with organizational quality and service standards. Serve as the primary technical lead for the design, integration, configuration, and lifecycle support of OT network infrastructures, including switching, routing, firewalls, wireless links, secure remote access, and segmentation architectures that support SCADA, ICS, and critical OT applications. Collaborate within a small, fast-paced consulting team, effectively managing priorities and delivering high-quality network solutions in time-sensitive or high-pressure industrial environments. Establish and maintain strong working relationships with technical, operational, and cybersecurity stakeholders, acting as a trusted advisor on OT network design, security, and best practices for industrial communications. Lead and contribute to technical discussions, offering expert guidance on network architecture, firewall/security design, communication paths, redundancy strategies, and secure connectivity across IT-OT boundaries. Work closely with clients and internal teams to collect network requirements, assess operational needs, evaluate constraints, and develop tailored OT network solutions that emphasize reliability, resiliency, and compliance. Collaborate with cross-functional teams—including control system engineers, cybersecurity teams, server/virtualization specialists, and project management—to ensure aligned, secure, and successful deployment of OT network infrastructure. Translate client requirements into actionable network design and configuration deliverables, leading the development of network segmentation strategies, firewall rule sets, routing architectures, and secure communication paths. Deliver advanced technical services, including network monitoring, incident response leadership, packet capture analysis, firewall and switch configuration, vulnerability mitigation, and performance optimization within OT network environments. Perform in-depth network assessments, identifying risks, architectural gaps, misconfigurations, vulnerabilities, modernization opportunities, and improvements aligned with cybersecurity frameworks such as IEC 62443 or NIST CSF. Prepare and deliver network-focused technical presentations, workshops, and training for clients and internal teams to support knowledge transfer and adoption of secure OT network practices. Lead the execution of network-related project tasks, producing design documentation, configuration baselines, implementation plans, testing/validation artifacts, and change management deliverables. Provide escalated technical support and troubleshooting for complex OT communication issues—including protocol failures, route instability, firewall misconfigurations, segmentation constraints, or performance bottlenecks. Maintain expert-level knowledge of industrial networking and OT cybersecurity, including ICS communication protocols, modern firewall architectures, VLAN segmentation, zero-trust concepts, and regulatory or industry security expectations. Ensure service level agreements (SLAs) and client expectations are met, providing clear, proactive communication and documenting all troubleshooting, changes, and resolutions to maintain transparency and traceability. Develop and maintain detailed OT network documentation, including logical/physical network diagrams, firewall rule sets, routing tables, IP addressing schemes, configuration archives, and operational procedures. Adopt a client-focused, consultative approach, ensuring all solutions, recommendations, and support efforts align with client operational goals, cybersecurity requirements, and long-term system resilience. Bachelor’s degree in Information Technology, Computer Science, Network Engineering, Cybersecurity, or a related field; equivalent industry experience may be considered in lieu of formal education. 3–8 years of hands-on experience designing, deploying, or supporting network infrastructure in industrial, utility, energy, manufacturing, oil and gas, or other OT/ICS environments. Proven experience with core network infrastructure, including configuration, optimization, and lifecycle support for switches, routers, firewalls, VPN solutions, and network segmentation. Strong understanding of industrial networking principles, including VLANs, Layer 2/Layer 3 routing, redundancy protocols (e.g., RSTP/MSTP, VRRP/HSRP), NAT, ACLs, and zone-based architectures. Hands-on experience implementing OT security architectures aligned with the Purdue Model (PERA)—including segmentation between Levels 0–5, DMZ design, ICS/SCADA zone isolation, and secure pathways between enterprise and control system networks. Strong familiarity with OT cybersecurity standards and frameworks, including ISA/IEC 62443, NIST CSF, and general defense-in-depth strategies applicable to industrial environments. Experience with major network and security platforms, such as Cisco, Hirschmann/Belden, Stratix/Allen-Bradley, Palo Alto, Fortinet, or other industrial-grade networking and firewall solutions. Understanding of ICS/SCADA communication protocols, such as Modbus, DNP3, EtherNet/IP, OPC UA/DA, PROFINET, MQTT, or similar, and how they behave within segmented industrial networks. Demonstrated troubleshooting and diagnostic skills, with the ability to identify network performance issues, communication failures, bottlenecks, misconfigurations, or security risks in live operational environments. Ability to collaborate effectively with OT engineering, IT networking, cybersecurity, SCADA/controls, and operations teams to align network designs with operational and security requirements. Strong communication and documentation abilities, including the ability to explain complex networking concepts to technical and non-technical audiences and produce clear diagrams, configuration files, and architectural documentation. Experience participating in project execution, including network design development, hardware selection, configuration, FAT/SAT testing, commissioning, change management, and adherence to quality and traceability standards. Familiarity with modern network architectures and tools, including zero trust segmentation, cloud-connected monitoring, network visibility/packet brokers, OT IDS systems, or hybrid cloud/edge integrations is a plus. Self-driven, organized, and accountable, capable of working independently or within small consulting teams to deliver reliable and secure network solutions. Willingness to travel up to 25% for site assessments, commissioning activities, troubleshooting support, workshops, or other project-related needs. Master’s or Bachelor’s degree in Information Technology, Network Engineering, Cybersecurity, Computer Engineering, or a related discipline, ideally with coursework or hands-on experience in OT networking or IT-OT convergence. Relevant industry certifications, such as Cisco CCNA/CCNP/CCIE, CompTIA Security+/CySA+, CISSP, Fortinet NSE, Palo Alto PCNSE, VMware VCP-NV, GICSP, or ISA/IEC 62443 cybersecurity credentials. Experience working for a systems integrator, OT networking provider, EPC, or industrial services firm, particularly those serving critical infrastructure sectors such as energy, utilities, oil & gas, water/wastewater, transportation, or manufacturing. Familiarity with ITSM and project coordination tools, such as ServiceDesk Plus, ServiceNow, Jira Service Management, or equivalent platforms used for managing tickets, changes, and project workflows. 5. Proficiency with scripting or automation tools (e.g., PowerShell, Python, Bash, Ansible, or YAML-based automation frameworks) to support network configuration automation, log parsing, compliance checks, or troubleshooting tasks. Working knowledge of industrial cybersecurity and IACS standards, including ISA/IEC 62443, NIST CSF, NERC CIP concepts, and practical network segmentation practices guided by the Purdue Model. Experience supporting consulting or client-facing engagements, including technical discovery sessions, network assessments, scoping input, proposal writing, or participation in pre-sales or solution design discussions. Advanced familiarity with virtualization and network infrastructure, including VMware, Hyper-V, virtual networking (vSwitches, DVS), clustering, network storage, and best practices for DMZs, security zoning, and ICS network segmentation. Experience with cloud or hybrid network architectures, including Azure, AWS, cloud-connected monitoring tools, virtual firewalls, backup solutions, or cloud-based security services as part of modernized OT networking strategies. Hands-on experience with industrial networking hardware, such as Cisco IE line, Hirschmann/Belden, Moxa, Siemens Scalance, or Stratix/Allen-Bradley switches, is a strong plus. Pay: $70,000.00 - $91,000.00 per year Benefits: 401(k) 401(k) matching Dental insurance Flexible schedule Health insurance Health savings account Life insurance Paid time off Parental leave Professional development assistance Retirement plan Vision insurance Work Location: In person