Network Engineer

Network Engineer Houston, TX - Onsite with 30-35% travel within the USContract-to-hire or Full-time - Depending on experience The Network Engineer, OT is a senior technical professional responsible for architecting, implementing, and maintaining enterprise-grade network infrastructure supporting both operational technology (OT) environments and IT systems across critical power generation facilities. This advanced role requires deep expertise in industrial control systems networking, cybersecurity architecture, and enterprise IT integration. The position demands proficiency in Cisco and Fortinet technologies, NERC-CIP compliance frameworks, and the ability to bridge IT/OT convergence challenges while maintaining the highest levels of system availability and security for mission-critical energy infrastructure.Position Responsibilities:Design and implement sophisticated network architectures for SCADA, DCS, historian systems, and industrial control networks using Cisco Industrial Ethernet switches and Cisco Catalyst infrastructureEngineer and maintain next-generation firewalls (NGFWs) for network segmentation, UTM, application control, and IPS/IDS functionality across IT/OT boundariesDeploy and manage Cisco SD-WAN solutions for multi-site connectivity, optimize configurations, and implement advanced routing protocols (OSPF, EIGRP, BGP) for enterprise and industrial networksConfigure redundant network topologies utilizing protocols such as RSTP, PRP, HSR, and Cisco StackWise for high-availability industrial applicationsImplement Quality of Service (QoS) policies, VLAN architectures, and traffic shaping to prioritize real-time control system communications and support converged IT/OT networksDesign and maintain enterprise Wi-Fi infrastructure using Wireless LAN Controllers and access point solutions for both corporate and industrial environmentsManage network infrastructure supporting virtualization platforms (VMware vSphere), cloud connectivity (Azure), and hybrid IT architecturesDeploy and optimize network monitoring solutions including SolarWinds, Cisco Catalyst Center, and FortiAnalyzer for comprehensive visibility across IT/OT environmentsArchitect and implement defense-in-depth security strategies and network access control (NAC) technologiesConfigure and manage Firewall security policies, SSL/IPsec VPN tunnels, and secure remote access solutions for critical infrastructure personnelDesign Electronic Security Perimeters (ESP) compliant with NERC-CIP standards, implementing defense mechanisms including firewalls, unidirectional gateways, and DMZ architectureDeploy and maintain intrusion detection/prevention systems (IDS/IPS) using next-gen technologies for continuous threat monitoringImplement zero-trust network architectures, micro-segmentation strategies, and least-privilege access controls across IT and OT domainsMaintain comprehensive compliance with NERC-CIP and related standards for critical infrastructure protectionConduct vulnerability assessments, penetration testing coordination, and security hardening of network devices following ISA/IEC 62443 and NIST Cybersecurity Framework guidelinesLead incident response activities for network security events, coordinate forensic analysis, and implement corrective action plansConfigure and optimize industrial protocol communications including Modbus TCP/RTU, DNP3, OPC UA, IEC 61850, and Profinet across control system networksImplement protocol gateways, serial-to-Ethernet converters, and ensure proper encapsulation for legacy industrial communicationsSupport historian database connectivity, real-time data acquisition systems, and SCADA master-to-RTU communication architecturesDesign redundant communication paths for critical control functions utilizing diverse routing and automatic failover mechanismsTroubleshoot deterministic Ethernet configurations, time-sensitive networking (TSN), and precision time protocol (PTP/IEEE 1588) implementationsCoordinate with controls engineers on PLC/DCS network requirements including Allen-Bradley ControlLogix, GE Mark series, and Siemens S7 platformsIntegrate OT networks with enterprise IT services including Active Directory, DNS, DHCP, NTP, and Windows Server infrastructure while maintaining proper segmentationConfigure and manage network infrastructure for Microsoft 365/Azure AD integration, site-to-site VPNs, and cloud service connectivityImplement network solutions for audio/visual conferencing systems, IP telephony (VoIP), and unified communications platformsDeploy network infrastructure for physical security systems including IP camera networks, access control integration, and building management systems (BMS)Manage patch management, firmware updates, and change control processes for network devices across IT and OT environments using ServiceNow or similar ITSM platformsMonitor and optimize network performance utilizing advanced analytics, NetFlow/sFlow analysis, and packet capture tools (Wireshark, tcpdump) for troubleshootingImplement redundancy and high-availability solutions ensuring 99.99% uptime for critical OT communications and 24/7 operational support capabilitiesConduct capacity planning, bandwidth analysis, and network lifecycle management to support growing operational and business data requirementsDesign and test disaster recovery/business continuity procedures for network infrastructure, including backup configurations and restoration processesMaintain comprehensive network documentation including logical/physical topology diagrams, IP address management (IPAM), and configuration management databases (CMDB)Lead network design and implementation for new facility construction, equipment installations, and technology refresh initiativesParticipate in commissioning activities, factory acceptance testing (FAT), and site acceptance testing (SAT) for control system network infrastructureProvide technical leadership for vendor evaluations, RFP development, and technology selection processes for network equipment and servicesMentor junior engineers and technicians on advanced networking concepts, Cisco/Fortinet technologies, and OT security best practicesDevelop and maintain standards, procedures, and technical documentation including network design templates and troubleshooting guidesCoordinate with IT Operations teams on service delivery, SLA management, and continuous improvement initiatives across infrastructure domainsEducation & Experience:Bachelor's degree in Computer Science, Information Technology, Electrical Engineering, or related technical disciplineMinimum 7-10 years of progressive experience in network engineering with at least 5 years focused on industrial/OT environmentsDemonstrated experience in power generation, oil & gas, manufacturing, or other critical infrastructure industriesProven track record of managing complex, multi-site network infrastructure projects from design through implementationTechnical Expertise:Expert-level proficiency with Cisco enterprise and industrial networking technologies including Catalyst switches, Nexus data center switches, ISR/ASR routers, and Industrial Ethernet (IE-4000/IE-5000) platformsAdvanced expertise in Fortinet FortiGate firewalls, FortiManager central management, FortiAnalyzer logging/reporting, and Security Fabric integrationDeep understanding of Cisco IOS/IOS-XE command-line interface, configuration management, and troubleshooting methodologiesComprehensive knowledge of routing protocols (OSPF, EIGRP, BGP), switching technologies (STP/RSTP/MST), and VLAN design principlesAdvanced experience with SCADA networks, DCS infrastructure, and industrial control system communications architectureStrong proficiency in industrial protocols including Modbus TCP/RTU, DNP3, OPC UA, and Ethernet/IPIn-depth understanding of NERC-CIP Critical Infrastructure Protection standards, particularly CIP-005, CIP-007, and Electronic Security Perimeter requirementsWorking knowledge of PLC/PAC technologies including Allen-Bradley ControlLogix, Rockwell Automation FactoryTalk, and Siemens SIMATIC platformsExperience with network security technologies including VPN (IPsec/SSL), NAC, 802.1X authentication, and identity management solutionsProficiency with network monitoring and management tools such as SolarWinds, Cisco Prime Infrastructure, PRTG, or equivalent platformsUnderstanding of IT infrastructure including Windows Server environments, Active Directory, virtualization (VMware/Hyper-V), and cloud networking conceptsSecurity & Compliance Knowledge:Comprehensive understanding of cybersecurity frameworks including ISA/IEC 62443, NIST Cybersecurity Framework, and ISO 27001Experience implementing defense-in-depth security architectures, network segmentation strategies, and zero-trust principlesKnowledge of vulnerability management, penetration testing, and security assessment methodologies for industrial control systemsUnderstanding of incident response procedures, security event analysis, and forensic investigation techniquesCertifications:Cisco CCNP Enterprise or CCNP Security certification (current and active)Fortinet NSE 4 FortiGate Network Security certification (minimum required)ISA/IEC 62443 Cybersecurity Certificate demonstrating industrial security expertiseCompTIA Security+ or equivalent baseline cybersecurity certificationStrongly Preferred Certifications:Cisco CCIE Enterprise Infrastructure or CCIE Security (highly valued)Fortinet NSE 7 Enterprise Firewall or NSE 8 certificationCisco CCNA Industrial or equivalent industrial networking certificationNERC-CIP certification for critical infrastructure protectionGIAC Industrial Control Systems Professional (GICSP) or similar OT security certificationIndustrial automation vendor certifications (Rockwell Automation, Schneider Electric, GE Digital, Siemens)CISSP, CISM, or other advanced security certifications