OT Security Architect

Must Have Technical/Functional Skills• Proven leader with a strong background in OT cybersecurity architecture and execution, capable of designing and driving implementation of complex, multi-site solutions in manufacturing environments.• Strong foundation in network engineering and infrastructure, with experience in network design, segmentation, and secure architectureespecially in hybrid IT/OT environments.• Delivered full lifecycle solutions including: o Secure remote access o Network and OT segmentation (macro and micro) o OT IDMZ design and deployment o Proxy integrations o Legacy asset protection and internet restriction policies• Hands-on experience with OT security platforms such as Claroty, Nozomi, or Ordr, integrated with NAC (Aruba or Cisco), firewalls, and identity-based controls.• Deep experience in infrastructure implementation, including routing, switching, and zoning technologies within modern and legacy manufacturing networks.• Expertise in domain architecture best practices for OT, including designing isolated OT domains, proper Active Directory (AD) trust models, and secure domain controller (DC) placement and hardening strategies.• Experience addressing domain controller patching challenges in OT environments, including: o Developing segmentation strategies to isolate legacy systems from fully patched domain controllers o Designing dedicated legacy-supporting domain controllers with restricted access o Aligning firewall rules, DNS, and authentication flows to reduce risk from unpatched or constrained systems• Skilled in developing and enforcing zoning and segmentation strategies, aligned with ISA/IEC 62443, NIST CSF, and the Purdue Model.• Strong ability to coordinate across global sites, driving standardization of architecture, tooling, and governance.• A vocal and assertive leader who can influence decisions, rally teams, and gain alignment across cybersecurity, IT, OT, and operations stakeholders.• Excellent communicator with the ability to document strategy and architecture clearly and drive adoption from the boardroom to the plant floor.• Demonstrated ability to manage technical debt, balance operational risk, and deliver scalable, resilient security solutions in production environments.Roles & Responsibilities• Proven leader with a strong background in OT cybersecurity architecture and execution, capable of designing and driving implementation of complex, multi-site solutions in manufacturing environments.• Strong foundation in network engineering and infrastructure, with experience in network design, segmentati on, and secure architectureespecially in hybrid IT/OT environments.• Delivered full lifecycle solutions including: o Secure remote access o Network and OT segmentation (macro and micro) o OT IDMZ design and deployment o Proxy integrations o Legacy asset protection and internet restriction policies• Hands-on experience with OT security platforms such as Claroty, Nozomi, or Ordr, integrated with NAC (Aruba or Cisco), firewalls, and identity-based controls.• Deep experience in infrastructure implementation, including routing, switching, and zoning technologies within modern and legacy manufacturing networks.• Expertise in domain architecture best practices for OT, including designing isolated OT domains, proper Active Directory (AD) trust models, and secure domain controller (DC) placement and hardening strategies.• Experience addressing domain controller patching challenges in OT environments, including: o Developing segmentation strategies to isolate legacy systems from fully patched domain controllers o Designing dedicated legacy-supporting domain controllers with restricted access o Aligning firewall rules, DNS, and authentication flows to reduce risk from unpatched or constrained systems• Skilled in developing and enforcing zoning and segmentation strategies, aligned with ISA/IEC 62443, NIST CSF, and the Purdue Model.• Strong ability to coordinate across global sites, driving standardization of architecture, tooling, and governance.• A vocal and assertive leader who can influence decisions, rally teams, and gain alignment across cybersecurity, IT, OT, and operations stakeholders.• Excellent communicator with the ability to document strategy and architecture clearly and drive adoption from the boardroom to the plant floor.• Demonstrated ability to manage technical debt, balance operational risk, and deliver scalable, resilient security solutions in production environments.Salary Range $140000-$170000 yearTCS Employee Benefits Summary: Discretionary Annual Incentive. Comprehensive Medical Coverage: Medical & Health, Dental & Vision, Disability Planning & Insurance, Pet Insurance Plans. Family Support: Maternal & Parental Leaves. Insurance Options: Auto & Home Insurance, Identity Theft Protection. Convenience & Professional Growth: Commuter Benefits & Certification & amp; Training Reimbursement. Time Off: Vacation, Time Off, Sick Leave & Holidays. Legal & Financial Assistance: Legal Assistance, 401K Plan, Performance Bonus, College Fund, Student Loan Refinancing.