Job Title: Senior OT Network Architect
Position Type: Contract
Location: Manassas, VA (Onsite Role)
Job Description:
Architecture & Design
Design and implement a segmented OT network architecture transitioning from flat Layer 2 networks to SD-WAN-enabled, zone-based architectures.
Define network segmentation strategy (ISA/IEC 62443 zones and conduits model) to isolate critical OT assets and control east-west traffic.
Engineer ring and/or resilient topologies across substations and core OT sites to ensure deterministic communication and fault tolerance.
Develop SD-WAN design standards including:
Underlay/overlay architecture
Path selection policies (latency, jitter, packet loss)
QoS for ICS protocols (e.g., DNP3, Modbus, IEC 61850)
Security & Compliance
Develop and enforce OT-specific cybersecurity controls, including micro-segmentation, firewall zoning, and least-privilege access.
Define and implement firewall policies to restrict inter-zone communication and prevent unauthorized access to OT systems.
Conduct risk and vulnerability assessments aligned with OT threat models (ransomware, lateral movement, supply chain risks).
Ensure compliance with NERC CIP standards and other applicable frameworks.
Implementation & Operations
Lead deployment of SD-WAN solutions across OT sites, including integration with existing switching infrastructure (e.g., industrial-grade switches).
Configure and maintain high availability mechanisms:
Redundant paths and failover (active/active or active/standby)
Rapid spanning tree / ERPS / MPLS-TP where applicable
Support incident response and root cause analysis for OT network disruptions.
Manage projects and deliver on time with periodic status reports to management.
Basic Qualifications
10+ years of experience in network design and architecture, preferably in OT environments.
Experience with industrial protocols (e.g., Modbus, DNP3, OPC, Ethernet/IP).
Familiarity with IT/OT convergence principles.
Desired Skills
Strong understanding of networking concepts, including routing, switching, and firewall configurations.
Proficiency in network monitoring and management tools.
Knowledge of cybersecurity best practices for OT networks.
Experience with industrial control systems (ICS) and SCADA systems.
Minimum Technical Experience
Knowledge of design, configuration, installation, testing, and maintenance of local and wide area computer wired and wireless networks (Cisco Systems preferred).
Knowledge of computer network characteristics, network operating system software, and network components
Troubleshooting skills and the ability to diagnose/resolve network system problems.
Ability to interpret and apply complex technical manuals and reference materials.
Ability to assist with developing network security and related procedures; and performing network management activities.
Education Requirements
Bachelor’s degree in computer science, computer networks, or a related field.
Certification in related fields (CCNA, CCNP) required. Security and Cisco Certified Internetwork Expert (CCIE), and experience in Extreme network switches is a plus.