OT Network Security Architect/SME

Detailed Description From Employer:

OT Network Security Architect/SME

Our client, a leading global supplier for IT services, requires an experienced OT Network Security Architect/SME to be based at their client's office in Coventry, UK.

This is a hybrid role - you can work remotely in the UK and attend the Coventry office 2-3 days per week .

This is a 6+ month temporary contract to start asap

Day rate: Competitive Market rate

This role is dedicated to supporting OT Zero Trust delivery programmes by designing secure, scalable network and security solutions across on-premises, hybrid, and multi-cloud environments. The role will involve both strategy and hands-on architectural governance, supporting Operational Technology (OT) network initiatives.

Key Responsibilities:

Network Architecture Design & Implementation:

• Update and modernise OT site network architecture, including the removal of unmanaged switches
• Develop and maintain up-to-date site network drawings
• Assess technology hosting capability across updated network environments
• Select and design network segmentation tools and deploy them across relevant sites
• Map existing networks and data flows to inform segmentation and security strategies
• Define protect surfaces for critical assets within the OT network
• Design and govern the rollout of OT Next-Generation Firewalls, including selection, trials, and phased implementation
• Implement DNS security enhancements across the organisation

Access Control & Zero Trust Security:

• Select, trial, and implement Operational Technology (OT) Network Access Control tools
• Lead phased rollouts of Network Access Control, including integration with updated site networks
• Write strategic decision papers on Secure Service Edge (SSE) for leadership review and approval
• Select, design, and deploy Zero Trust Network Access (ZTNA) and Remote Browser Isolation (RBI) capabilities
• Oversee ZTNA implementation specifically for VPN access scenarios

Security Monitoring & Telemetry:

• Oversee Claroty Phase 2 rollout, including deployment of new telemetry sensors at Critical National Infrastructure (CNI) OT sites
• Ensure telemetry solutions align with architectural governance standards and Zero Trust Architecture

Architectural Governance & Strategy:

• Produce High-Level Designs (HLDs) and Low-Level Designs (LLDs) aligning with business and security requirements.
• Provide solution costing and budget estimates
• Present and defend designs to governance bodies (eg, Design Authority)
• Provide architectural governance and assurance throughout delivery phases
• Act as a subject matter expert and advisor to internal delivery teams

Key Requirements:

• Proven experience in enterprise and OT network architecture
• Expertise in hybrid cloud environments and multi-cloud network design
• Experience with network segmentation strategies and tools
• Strong background in Next-Generation Firewall (NGFW) design and implementation
• Experience designing and deploying NAC and ZTNA solutions
• Familiarity with Secure Service Edge (SSE) and Remote Browser Isolation (RBI) concepts
• Understanding of DNS security best practices
• Knowledge of telemetry and security monitoring tools, including solutions like Claroty
• Experience with architectural governance processes

Desirable:

• CCNP, CCIE, CISSP
• Extensive experience on Palo Alto, FortiGate or Checkpoint firewalls
• Knowledge of NIS-R framework and Zero Trust
• Familiarity with Water/Utilities sector and Critical National Infrastructure
• Understanding of Purdue Model and typical OT systems such as PLC/HMI/SCADA

Due to the volume of applications received, unfortunately we cannot respond to everyone

If you do not hear back from us within 7 days of sending your application, please assume that you have not been successful on this occasion.

Please do keep an eye on our website for future roles.