IT Network & Cybersecurity Engineer

The Network & Cybersecurity Engineer is responsible for designing, securing, and maintaining the organization’s converged IT/OT network infrastructure across datacenters, corporate environments, and industrial sites. The role ensures high-availability operations for critical systems such as SCADA, DCS, RTUs, PLCs, historians, and enterprise platforms, while maintaining compliance with cybersecurity and governance frameworks (ISO 27001, NIST, IEC 62443).

This position collaborates closely with Operations, IT, OT, and Cybersecurity teams to implement robust network architectures, enforce security policies, and support digital transformation initiatives.

Key Responsibilities

1. Network Architecture & Operations (IT & OT)
2. Design, implement, and maintain IP-based networks across corporate, datacenter, and industrial environments.
3. Manage Layer 2/Layer 3 switching, VLAN segmentation, routing (OSPF/BGP), and network resiliency protocols (STP/RSTP/VRRP).
4. Support and optimize distributed networks across multiple sites, including WAN/MPLS/SD-WAN.
5. Implement and maintain datacenter routing and switching architectures.
6. Maintain virtualization infrastructure (VMware/Hyper-V and Nutanix).
7. Administer DNS/DHCP, NTP, and network core services.

8. Cybersecurity Architecture & Defense
9. Implement and manage enterprise and industrial firewalls (Palo Alto, Fortinet, Cisco, industrial DMZ firewalls).
10. Maintain SIEM systems (Azure Sentinel, QRadar, Splunk, etc.) including rule tuning, log ingestion, alerts, and threat detection.
11. Conduct vulnerability assessments, patching cycles, and hardening of devices (network, servers, OT).
12. Implement Zero Trust and defense-in-depth strategies.
13. Monitor for unauthorized changes, anomalous traffic, and cybersecurity events.

14. OT Network & SCADA Security
15. Support and secure Industrial Control Systems including SCADA, RTUs, PLCs, DCS, historians, OPC/OPC-UA servers.
16. Implement segmentation and demilitarized zones (IDMZ), enforcing IEC 62443 network zones & conduits.
17. Protect industrial protocols (Modbus, DNP3, IEC 61850, PROFINET, BACnet, HART, etc.).
18. Support secure remote access for vendors, OEMs, and contractors via PAM/MFA.
19. Ensure availability of critical OT communications and telemetry.

20. Compliance, Governance & ISO 27001
21. Maintain alignment with ISO 27001:2022, NIST CSF, IEC 62443, and SOC principles.
22. Support internal and external audits with evidence collection and documentation.
23. Contribute to Risk Registers, Change Request processes, and Security Exceptions.
24. Develop and update cybersecurity policies, SOPs, and configuration baselines.

25. Change Management & Documentation
26. Participate in ITIL-aligned service management (Incident, Problem, Change, Release).
27. Maintain accurate documentation: network diagrams, asset inventory, configs, runbooks.
28. Prepare and implement change controls for network and security modifications.
29. Conduct impact assessments and root cause analysis for service interruptions.

30. Infrastructure Support & Troubleshooting
31. Troubleshoot network, firewall, VPN, and cybersecurity issues end-to-end.
32. Support high-availability environments (HA firewalls, redundant links, clustered servers).
33. Perform configuration backups, change diffs, and system restore testing.
34. Provide Level 3 technical support for critical incidents.

Required Qualifications & Certifications

• Technical Certifications
• CCNA (mandatory)
• CCNP (preferred/mandatory depending on role level)
• CISSP (strongly preferred or in progress)
• IEC 62443 certifications (preferred)
• Additional beneficial certifications:
• Fortinet NSE 4–7
• Palo Alto PCNSA/PCNSE
• Microsoft AZ-500 or SC-200
• VMware VCP
• CompTIA Security+/CySA+

Education

Bachelor’s degree in computer engineering, IT, Cybersecurity, or related fields.

Experience Requirements

• 5–12+ years of experience in IT/Network Engineering, Cybersecurity, or OT/SCADA systems.
• Hands-on experience with distributed sites, datacenter networks, and industrial operations.
• Experience securing OT environments in Oil & Gas, Energy, Utilities, Manufacturing, or Industrial plants.
• Proven ability to configure and manage enterprise firewalls and SIEM tools.
• Experience with network monitoring tools (SolarWinds, PRTG, Zabbix, Nagios, etc.).
• Deep knowledge of TCP/IP stack, routing protocols, network segmentation, NAC.
• Strong experience with virtualization and backup systems.

Key Skills & Competencies

• Strong analytical and troubleshooting skills in hybrid IT/OT environments.
• Ability to translate field issues into network or cybersecurity root causes.
• Strong documentation and communication abilities.
• High attention to detail with strong security-first mentality.
• Ability to work under pressure in production and critical site environments.
• Team-oriented with cross-functional collaboration across Engineering, OT, and IT.

Optional/Preferred Skills

• Knowledge of Azure, Microsoft 365 security stack, conditional access, identity governance.
• Familiarity with SASE/SD-WAN, NAC (Cisco ISE or FortiNAC).
• Experience with configuration automation (Ansible, Python scripting).
• Familiarity with DR/BCP planning and resilient architecture.
• Experience conducting cybersecurity awareness sessions for staff.