OT/ICS Security Architect

Dragonfli Group is a cybersecurity and IT consulting firm based in Washington, DC, serving both federal agencies and large commercial enterprises. We specialize in delivering mission-focused security solutions that help organizations safeguard critical systems, protect sensitive data, and enable resilient digital transformation.

We are seeking an OT/ICS Cybersecurity Architect to join our consulting practice in support of a large commercial enterprise. This is a fully on-site role. Candidates must be willing to present on-site 5 days per week (i.e., Houston, Texas). 

In this role, you will:

• Serve as the trusted security architect guiding industrial organizations through the complexities of Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity.
• Lead the design and implementation of secure architectures for SCADA, DCS, and PLC-based environments, ensuring safe, resilient, and compliant industrial operations.
• Partner with cross-functional IT and OT teams to close security gaps, integrate tools, and align operational risk management with industry standards such as NIST 800-82 and IEC 62443.
• Deploy and optimize leading security solutions including Claroty for asset discovery and vulnerability management, Palo Alto and Cradlepoint for secure networking, CrowdStrike for monitoring, BeyondTrust for privileged access, and Splunk/ServiceNow for visibility and incident management.
• Conduct consequence-based risk assessments, oversee vulnerability remediation programs, and ensure readiness for regulatory audits.
• Drive incident response preparedness by creating OT-specific playbooks and coordinating joint exercises across IT and OT teams.
• Deliver policies, training, and workshops that empower plant operators, engineers, and third-party vendors to uphold a strong cybersecurity posture.

This is an intermediate consulting position requiring both deep technical knowledge and strong leadership skills. The ideal candidate will have 7–10+ years of hands-on OT/ICS cybersecurity experience, demonstrated expertise in designing secure architectures, and the ability to communicate effectively with executives, engineers, and client stakeholders alike.

Key Responsibilities:

OT/ICS Security Architecture & Design

• Lead the design and implementation of OT/ICS cybersecurity architectures, including network segmentation, secure remote access, and integration with IT security controls.
• Develop and document security reference architectures, blueprints, and roadmaps tailored to client environments and industry standards (e.g., NIST 800-82, IEC 62443).
• Evaluate, select, and deploy OT/ICS cybersecurity technologies, with hands-on experience in:
• Claroty for OT asset discovery and vulnerability management
• Palo Alto and Cradlepoint for firewall configuration, segmentation, and secure connectivity
• CrowdStrike for OT monitoring and threat detection
• BeyondTrust for privileged secure remote access management
• Familiarity with other vendor tools such as Cisco (network security), ServiceNow (ticketing and workflow integration), Splunk (SIEM/log analytics), Crowdstrike (Falcon Discover for IoT) and TxOne (OT endpoint protection)
• Conduct security acceptance testing and validation of new or updated OT systems to ensure compliance with security requirements and industry best practices.

Risk Assessment & Vulnerability Management

• Perform consequence-based risk assessments for OT environments, utilizing methodologies such as Cyber Process Hazards Analysis (Cyber PHA) to identify, analyze, and prioritize cyber risks.
• Lead vulnerability management efforts for OT/ICS assets, including the use of Claroty for vulnerability identification, risk scoring, and remediation planning.
• Support clients in achieving regulatory compliance and readiness for audits related to OT/ICS cybersecurity.

Incident Response & Monitoring

• Design and implement OT/ICS security monitoring solutions, leveraging tools such as CrowdStrike for endpoint and network monitoring, and Splunk for log aggregation and analytics.
• Collaborate with IT and OT teams to develop and test incident response plans specific to industrial environments.
• Integrate monitoring and alerting workflows with ServiceNow for streamlined incident management.

Governance, Policy, and Training

• Develop and update OT/ICS cybersecurity policies, standards, procedures, and job aids.
• Deliver training and awareness programs for client personnel, including plant operators, engineers, and third-party vendors.
• Advise clients on governance frameworks and best practices for OT/ICS cybersecurity program development and maturity assessments.

Client Engagement & Leadership

• Serve as a subject matter expert in client meetings, workshops, and presentations, especially regarding the deployment, integration, and optimization of OT/ICS security tools.
• Lead project teams, mentor junior staff, and contribute to business development activities such as proposal writing and solution development.
• Stay current on emerging OT/ICS threats, vulnerabilities, and technologies, and share insights with clients and internal teams.

Required Qualifications

• Bachelor’s degree in Engineering, Computer Science, Information Security, or related field.
• 7+ years of experience in OT/ICS cybersecurity, including hands-on experience with industrial control systems (e.g., SCADA, DCS, PLCs) in sectors such as oil & gas, energy, utilities, or manufacturing.
• 4+ years of demonstrated experience designing and implementing OT/ICS security architectures and controls using tools such as Claroty, Palo Alto, Cradlepoint, CrowdStrike, BeyondTrust PRA, and familiarity with Cisco, ServiceNow, Splunk, and TxOne.
• Willingness to present onsite 5-days a week (i.e., Houston, Texas)

Preferred Qualifications

• Advanced degree preferred.
• Professional certifications such as GICSP, CISSP, CISM, ISA/IEC 62443, or equivalent.
• Strong knowledge of OT/ICS protocols (e.g., Modbus, DNP3, OPC, Profibus), network architectures, and common vulnerabilities.
• Experience with cloud-based OT/ICS security solutions and IT/OT convergence initiatives.
• Experience with OT/ICS cybersecurity technologies for asset discovery, vulnerability management, network monitoring, endpoint protection, and privileged access management.
• Familiarity with industry standards and frameworks (e.g., NIST 800-82, IEC 62443, NERC CIP).
• Experience conducting risk assessments, vulnerability management, and incident response in OT environments.
• Strong communication skills, with the ability to present complex technical concepts to both technical and non-technical audiences.
• Demonstrated leadership in project delivery and client engagement.
• Prior consulting experience with a focus on critical infrastructure or industrial sectors.
• Experience developing and delivering OT/ICS cybersecurity training programs.

Technical Core Competencies

• OT/ICS Architecture Design: Expert knowledge of SCADA, Distributed Control Systems (DCS), and Programmable Logic Controllers (PLCs).
• Network Segmentation: Expertise in the Purdue Model, DMZ design, and industrial firewall configuration.
• Industrial Protocols: Deep understanding of Modbus, DNP3, OPC, Profibus, and EtherNet/IP.
• Risk Assessment Methodologies: Experience with Cyber PHA (Process Hazards Analysis) and consequence-based risk modeling.
• Standards & Frameworks: Mastery of IEC 62443, NIST SP 800-82, and NERC CIP.
• Security Validation: Hands-on experience with security acceptance testing (SAT) for industrial environments.

Specific Toolset Proficiency

• Asset Discovery & Vulnerability Management: Claroty (Expert Level), TxOne.
• Network Security: Palo Alto Networks, Cradlepoint, Cisco.
• Detection & Monitoring: CrowdStrike (Falcon Discover/IoT), Splunk (SIEM).
• Access Management: BeyondTrust Privileged Remote Access (PRA).
• IT/OT Integration: ServiceNow (Workflow/Incident Management integration).

• Insurance - health, dental, and vision
• 11 Federal Holidays & PTO
• 401k and employer match