Operational Technology (OT) Cybersecurity & Infrastructure Specialist

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Senior Associate

Job Description & Summary

The OT Cybersecurity & Infrastructure Specialist is responsible for designing, implementing, securing, and maintaining IT-OT infrastructures that enable safe, reliable, and efficient industrial operations. The role focuses on protecting control environments through secure-by-design architectures, Purdue Model segmentation, and end-to-end visibility using advanced OT monitoring platforms.
The ideal candidate brings deep technical knowledge across ICS/SCADA systems, industrial networking, wireless OT systems, and cybersecurity frameworks such as SANS ICS, IEC 62443, NIST 800-82, and CIS Controls — with proven experience in greenfield and brownfield deployments, OT modernization, and security integration projects

1. IT-OT Infrastructure & Operations

• Design, implement, and maintain secure IT-OT infrastructure ensuring reliability, performance, and cyber resilience.
• Provide expert technical support and resolve complex IT-OT integration and security issues to minimize downtime.
• Maintain a comprehensive asset inventory (wired, wireless, and IIoT) for visibility and configuration management.
• Act as a subject matter expert (SME) in OT security and infrastructure lifecycle management.

2. OT Cybersecurity Governance & Implementation

• Develop, implement, and enforce cybersecurity policies and standards in alignment with SANS, IEC 62443, NIST, and CIS frameworks.
• Conduct security assessments, audits, and compliance reviews across control networks and critical systems.
• Integrate IDS/IPS and SIEM solutions to monitor and detect OT-specific cyber threats.
• Utilize OT cybersecurity monitoring tools (e.g., Dragos, Nozomi, Claroty, Armis) for continuous threat visibility and anomaly detection.
• Use network and infrastructure monitoring platforms (e.g., SolarWinds, Zabbix, NetBrain) for performance tracking, topology mapping, and proactive incident management.
• Maintain measurable compliance and security posture reporting for enterprise and regulatory requirements.

3. Secure OT Migration & Deployment (Greenfield / Brownfield Projects)

• Lead secure OT migration initiatives for modernization or technology upgrades.
• Design greenfield OT environments with security integrated from concept to commissioning.
• Assess and retrofit brownfield environments, addressing vulnerabilities in legacy systems.
• Develop and execute migration roadmaps aligned with Purdue Model (Levels 0–5) for secure network segregation.
• Collaborate with engineering and operations teams to ensure secure deployment of new OT technologies.

4. Security Architecture & Purdue Model Segmentation

• Architect secure OT network topologies aligned with the Purdue Enterprise Reference Architecture (PERA).
• Implement network segmentation (zones and conduits) to isolate critical control systems and prevent lateral movement.
• Configure and deploy firewalls, VLANs, routers, and switches using Cisco, Palo Alto Networks, or equivalent solutions.
• Conduct network segmentation reviews to ensure compliance with IEC 62443 and enterprise policies.
• Develop and document zoning, conduit policies, and access controls for OT systems.

5. Wireless and IIoT Security

• Design and secure wireless OT communications (Wi-Fi, Bluetooth, LoRa, Zigbee, 4G/5G) used in IIoT and industrial telemetry.
• Implement wireless security controls such as 802.1X authentication, WPA3-Enterprise, and NAC.
• Perform wireless vulnerability assessments to detect rogue access points, weak encryption, or interference risks.
• Integrate wireless telemetry systems with enterprise SIEM and SOC platforms for unified visibility.

6. Threat, Risk, and Control Management

• Identify threats, vulnerabilities, and attack paths specific to industrial control systems and connected OT assets.
• Build security control libraries, design patterns, and reusable best practices mapped to industry standards.
• Evaluate and optimize existing controls and defense mechanisms to ensure a multi-layered security posture.
• Provide detailed configuration and deployment playbooks for consistent and secure implementation.

7. Integration, Collaboration & Continuous Improvement

• Collaborate with IT, OT, and engineering teams to align cybersecurity architecture with operational and business objectives.
• Identify and remediate security gaps in solution designs, ensuring effective risk management.
• Support integration of OT monitoring platforms with enterprise-level analytics and response systems.
• Demonstrate operational excellence and continuous improvement across all project phases and engagements.

Qualifications & Skills:

• Education: Bachelor’s or Master’s in Computer Science, Electrical, Electronics, or Industrial Engineering.
• Experience: 5–10 years in OT/ICS cybersecurity, network engineering, or industrial automation.

Certifications (Preferred):

• SANS GICSP, GRID, GIAC ICS Defender, GCIP
• CISSP, CISM, CEH, CompTIA Security+ / CySA+
• ISA/IEC 62443 Expert / Practitioner
• Cisco CCNP Security, Palo Alto PCNSE, CWSP / CWNA (for wireless OT)

Technical Competencies:

• Deep expertise in ICS/SCADA, DCS, and PLC systems (e.g., Siemens, Rockwell, Schneider).
• Proficient in industrial protocols (Modbus, DNP3, OPC-UA, Profinet, EtherNet/IP).
• Experience with network segmentation and Purdue Model architecture (Levels 0–5).
• Skilled in OT visibility and monitoring tools:
  • Dragos, Nozomi Networks, Claroty, Armis (for OT cybersecurity and asset discovery).
  • SolarWinds, Zabbix, NetBrain (for network performance monitoring and topology mapping).
• Hands-on experience with firewalls, IDS/IPS, SIEM, NAC, and VPNs in OT/industrial environments.
• Knowledge of wireless OT security, IIoT device hardening, and cloud-connected OT visibility.
• Familiar with risk management, threat modeling, and incident response for OT systems.

Soft Skills:

• Strong analytical and problem-solving mindset.
• Excellent communication and stakeholder coordination skills.
• Ability to balance security rigor with operational uptime.
• Commitment to security-by-design, documentation, and continuous improvement.

All qualified applicants will receive consideration for employment at PwC without regard to ethnicity; creed; color; religion; national origin; age; disability; neurodiversity; sexual orientation; gender identity or expression; marital; or any other status protected by law. PwC is proud to be an inclusive organization and equal opportunity employer. 

Travel Requirements

Not Specified

Job Posting End Date