Position: OT Cybersecurity Engineer – Purdue Level 1/2 Zoning & Firewall Design
Location: Baton Rouge, LA
Role Overview:
We are seeking a highly skilled Operational Technology (OT) Cybersecurity Engineer with deep
expertise in industrial control system (ICS) security architecture, focusing on Purdue Model
Level 1 and Level 2 zoning, firewall configuration, and secure network segmentation within
complex refinery and chemical processing environments. The ideal candidate will possess
hands-on experience designing and implementing OT cybersecurity zones and controls that
comply with NIST 800-82, ISA/IEC 62443, and other industry best practices. This role requires
both technical acumen and the ability to perform detailed on-site assessments, vulnerability
analysis, and operational risk mitigation in highly secure industrial facilities.
Key Responsibilities:
OT Network Security Architecture & Firewall Design
• Develop and implement Purdue Model Level 1/2 network zones including secure
segmentation of ICS devices (PLCs, HMIs, RTUs) from enterprise IT systems.
• Build, review, and maintain detailed firewall rulesets using vendor platforms such as
Palo Alto, Fortinet, ensuring least privilege access and protocol whitelisting.
• Design and deploy DMZs, data diodes, and read-only gateways to enable secure one-
way data flow between OT and IT domains, preventing lateral movement of threats.
• Collaborate with network and OT engineers to design resilient, redundant, and fail-safe
architectures in compliance with industry standards.
Onsite Security Assessments & Asset Discovery
• Conduct comprehensive plant walkthroughs to assess OT network topology, device
configurations, and physical security controls.
• Perform asset discovery and classification using tools like Tenable OT, Dragos, or other
ICS vulnerability scanners.
• Identify and document vulnerabilities, risks, and compliance gaps, producing actionable
reports and mitigation plans for OT teams.
• Work closely with process and maintenance personnel to align cybersecurity initiatives
with operational requirements and constraints.
Automation, Monitoring & Incident Response
• Develop and maintain PowerShell and Python scripts for automated log monitoring,
anomaly detection, and incident alerting across OT infrastructure.
• Integrate log sources into Security Information and Event Management (SIEM) platforms
while ensuring OT-specific telemetry is correctly interpreted.
• Support incident response efforts by performing root cause analysis and remediation for
OT-related cybersecurity events.
Compliance & Standards Alignment
• Apply NIST 800-82, ISA/IEC 62443, CISA energy sector guidelines, and other relevant
cybersecurity frameworks to ensure regulatory compliance.
• Prepare and maintain technical documentation including firewall policies, network
diagrams, asset inventories, and cybersecurity policies tailored for OT environments.
• Liaise with third-party auditors and regulators during cybersecurity audits and
assessments.
Must-Have Qualifications & Skills:
• Minimum 10+ years of experience in industrial control system (ICS) cybersecurity,
specifically within energy, oil & gas, or chemical sectors.
• Proven track record designing and implementing Purdue Model Level 1 and 2 zones,
secure firewall configurations, and DMZ architectures in OT environments.
• Expertise configuring and managing firewalls and network security appliances from
Palo Alto, Fortinet, or equivalent platforms in ICS/OT settings.
• Hands-on experience with asset discovery and vulnerability assessment tools such as
Tenable OT, Dragos, Claroty, or Nozomi.
• Proficient in PowerShell and Python scripting for automation of security monitoring and
operational controls.
• Strong understanding of ICS protocols (Modbus, DNP3, OPC-UA) and OT network
architectures.
• Excellent communication skills for cross-team collaboration and report writing.
• TWIC Card strongly preferred for secure site access.
Preferred Skills & Certifications:
• Certifications such as GICSP (Global Industrial Cyber Security Professional), ISA/IEC
62443 Cybersecurity Expert, CISSP, or CEH.
• Familiarity with SIEM tools like Splunk, QRadar, or ArcSight integrated with OT telemetry.
• Experience with ICS Incident Response, digital forensics in OT environments, and
industrial malware detection techniques.
• Prior experience working with similar large energy/refining companies.
...Certification (or willingness to obtain) Management experience in the tree care industry experience preferred Successful candidates will... ...Business management as well as knowledge of General Tree Care, Plant Health Care or Lawn Care is preferred Why You Might Love...
...while advancing your career in a rewarding environment. This is a fully remote position, offering the flexibility to work from the location of your choice. As our Remote Administrative Assistant, you will be the first point of contact for our patients, providing...
...has an exciting opportunity for a mid-level Composite Design Engineer. This position is located at our San Diego, CA location and reports... ...company dedicated to providing innovative solutions for aerospace and defense customers. Position Summary: The Composite Design...
...all related tasks associated with their assigned application(s). The Credentialed Trainer works with the Principal Trainers, Clinical Informatics Analysts, Clinical Informaticists, Health System leaders and Education to assure end users can use the system. They identify...
Job Description Job Description Benefits: ~ Paid time off JOB DUTIES INCLUDE: SETUP AND OPERATE CNC DRILLING AND MILLING MACHINE. KNOLEDGE OF G AND M CODES HELPFUL. ON JOB TRAINING AVAILABLE.