OT Cybersecurity Engineer

OT Cybersecurity Engineer

Job Description

Hybrid--60% remote but 40% on site, so must be local.

Job Description

Contractor will support delivery and implementation across Industrial Cybersecurity Services Portfolios including:

Plant Security Services: Security Assessments, Industrial Security Consulting, Remote Industrial Operations Services (RIOpS)
Network Security Services: Industrial Next Generation Firewall, Industrial DMZ Infrastructure, Remote Platform SaaS (cRSP)
System Integrity Services: Endpoint Protection, Vulnerability Services (incl. Vilocify + PoC), Patch Management, Backup & Restore

Responsibilities (TBD, needs refinement):

Execute industrial/OT security assessments (site/remote) including asset inventory validation, risk findings, and actionable remediation plans aligned to customer environments (plant/line/cell, ICS/SCADA).
Design and implement network security controls: segmentation approach, Industrial DMZ patterns, firewall policy/ruleset development, and OT/IT integration hardening for industrial networks.
Support remote operations enablement (RIOpS / cRSP): define secure remote access patterns, operational runbooks, monitoring/incident handling procedures, and customer handover artifacts.
Deliver system integrity services: endpoint protection rollout support, vulnerability scanning coordination (Vilocify services + PoC support), patching strategy and execution planning, and backup/restore validation.
Produce customer-ready deliverables (assessment reports, architectures, implementation plans, as-builts, and SOPs) and contribute to standard Client playbooks/templates for repeatability.


Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or equivalent practical experience.
5+ years cybersecurity experience with 3+ years in OT/industrial environments (manufacturing, utilities, energy, etc.).
Proven experience with ICS/OT architectures and security controls (segmentation, remote access, jump hosts, logging/monitoring).
Familiarity with common OT security frameworks/standards (e.g., IEC 62443 / NIST concepts) and translating them into practical controls.
Hands-on firewall and segmentation experience (policy design, NAT, VPN, routing, rule lifecycle, troubleshooting).
DMZ design/implementation experience for industrial environments.
Endpoint protection deployment support and troubleshooting.
Vulnerability assessment lifecycle (scan planning, validation, triage, remediation guidance, reporting); ability to support Vilocify-based engagements and PoCs.
Strong customer-facing consulting skills: requirements capture, clear documentation, executive-level readouts, and tight project coordination.
Ability to work independently, manage priorities, and collaborate across sales/delivery/engineering.


Nice to have (not required)
Relevant certifications (e.g., CISSP / GICSP / Security+ / vendor firewall certs).


Notes:
Mon–Fri, office hours (align to project/customer). Occasional off-hours support may be needed for patching/cutovers
Driving license required - Yes as travel to sites is expected

Hybrid--60% remote but 40% on site

VIVA is an equal opportunity employer. All qualified applicants have an equal opportunity for placement, and all employees have an equal opportunity to develop on the job. This means that VIVA will not discriminate against any employee or qualified applicant on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status