W2 only - Senior OT Network Security Architect

Job Title: Senior OT Network Architect

Location: Manassas, VA (Onsite – 5 days in a week)

Position Type: Contract position

Responsibilities:

Job Description:

Architecture & Design:

• Design and implement a segmented OT network architecture transitioning from flat Layer 2 networks to SD-WAN-enabled, zone-based architectures.
• Define network segmentation strategy (ISA/IEC 62443 zones and conduits model) to isolate critical OT assets and control east-west traffic.
• Engineer ring and/or resilient topologies across substations and core OT sites to ensure deterministic communication and fault tolerance.
• Develop SD-WAN design standards including:
• Underlay/overlay architecture
• Path selection policies (latency, jitter, packet loss)
• QoS for ICS protocols (e.g., DNP3, Modbus, IEC 61850)

Security & Compliance:

• Develop and enforce OT-specific cybersecurity controls, including micro-segmentation, firewall zoning, and least-privilege access.
• Define and implement firewall policies to restrict inter-zone communication and prevent unauthorized access to OT systems.
• Conduct risk and vulnerability assessments aligned with OT threat models (ransomware, lateral movement, supply chain risks).
• Ensure compliance with NERC CIP standards and other applicable frameworks.

Implementation & Operations:

• Lead deployment of SD-WAN solutions across OT sites, including integration with existing switching infrastructure (e.g., industrial-grade switches).
• Configure and maintain high availability mechanisms:
• Redundant paths and failover (active/active or active/standby)
• Rapid spanning tree / ERPS / MPLS-TP where applicable
• Support incident response and root cause analysis for OT network disruptions.
• Manage projects and deliver on time with periodic status reports to management.

Basic Qualifications:

• 10 years of experience in network design and architecture, preferably in OT environments.
• Experience with industrial protocols (e.g., Modbus, DNP3, OPC, Ethernet/IP).
• Familiarity with IT/OT convergence principles.

Desired Skills:

• Strong understanding of networking concepts, including routing, switching, and firewall configurations.
• Proficiency in network monitoring and management tools.
• Knowledge of cybersecurity best practices for OT networks.
• Experience with industrial control systems (ICS) and SCADA systems.

Minimum Technical Experience:

• Knowledge of design, configuration, installation, testing, and maintenance of local and wide area computer wired and wireless networks (Cisco Systems preferred).
• Knowledge of computer network characteristics, network operating system software, and network components
• Troubleshooting skills and the ability to diagnose/resolve network system problems.
• Ability to interpret and apply complex technical manuals and reference materials.
• Ability to assist with developing network security and related procedures; and performing network management activities.

Education Requirements:

• Bachelor’s degree in computer science, computer networks, or a related field.
• Certification in related fields (CCNA, CCNP) required. Security and Cisco Certified Internetwork Expert (CCIE), and experience in Extreme network switches is a plus.