OT Security Architect / Consultant

A senior, customer‑oriented OT Security Architect / Consultant with strong expertise in industrial cybersecurity, secure architecture design, and advisory services for complex industrial environments.

Core Responsibilities

OT Security Consulting & Advisory

Act as a trusted advisor for customers on OT cybersecurity topics:

• Assess customer OT environments, cybersecurity maturity, and operational risks
• Support customers in defining OT cybersecurity strategies and roadmaps
• Conduct workshops, technical assessments, and advisory sessions
• Identify security gaps and propose realistic mitigation strategies
• Help customers balance cybersecurity, operational continuity, maintainability, and budget constraints
• Provide guidance aligned with industrial best practices and regulatory requirements

Support customers in areas such as:

• OT network segmentation and zoning
• Secure remote access
• OT visibility and monitoring
• OT/IT convergence
• Asset inventory and risk management
• OT governance and cybersecurity maturity improvement

OT Security Architecture & Design

Design and define secure OT architectures for industrial environments, including:

• Network segmentation aligned with Purdue / IEC 62443
• Secure connectivity between OT, IT, DMZ, cloud, and remote systems
• Firewall placement and rule design concepts
• Industrial network topologies and trust boundaries
• Secure infrastructure layouts for OT servers, applications, and virtualization platforms
• High‑availability and operational continuity considerations

Produce:

• Architecture diagrams and technical documentation
• High‑level and detailed technical designs
• Security recommendations and remediation plans
• Technical standards and reference architectures

Risk Assessments & Compliance

Lead or support OT cybersecurity assessments, including:

• OT risk assessments
• Security posture reviews
• Architecture reviews
• Gap analyses against IEC 62443 or customer standards
• Security improvement recommendations

Support customers in:

• Defining remediation roadmaps
• Prioritizing mitigation actions
• Improving OT cybersecurity governance
• Aligning with cybersecurity frameworks and standards

Technical Governance & Standards

Define and promote OT security best practices and architectural standards:

• Ensure alignment with IEC 62443 and Purdue principles
• Review and validate OT security designs and technical approaches
• Support internal engineering teams with architectural guidance
• Contribute to reusable methodologies, templates, and design patterns
• Participate in internal capability development and knowledge sharing

Pre‑Sales & Customer Engagement Support

Support pre‑sales and business development activities from a technical perspective:

• Participate in customer meetings and technical workshops
• Help define solution scope and technical assumptions
• Support proposal creation and effort estimation
• Translate customer requirements into realistic technical solutions
• Provide architecture guidance during bid and discovery phases

Act as the technical bridge between:

• Customers
• Sales teams
• Delivery teams
• OT engineers
• IT cybersecurity teams

Collaboration & Leadership

Work closely with:

• OT security engineers
• Automation and control system specialists
• IT security teams
• Project managers
• Sales and account teams
• External partners and technology vendors

Provide:

• Technical leadership during architecture and consulting activities
• Mentorship for junior engineers or consultants
• Guidance during critical project phases
• Support during audits, design reviews, and customer escalations

Required Technical Expertise

Strong expertise in OT cybersecurity and industrial networking, including:

• SCADA, PLCs, DCS, and industrial communication protocols
• Purdue model and IEC 62443 concepts
• Network segmentation and zoning
• Firewall and DMZ architecture principles
• Secure remote access solutions
• OT monitoring and asset visibility solutions
• Industrial network design and restructuring
• OT/IT integration concepts

Hands‑on or design‑level experience with:

• Fortinet solutions
• Cisco industrial networking
• Palo Alto firewalls
• Nozomi Networks or similar OT monitoring platforms
• Active Directory in hybrid IT/OT environments
• Virtualization and server infrastructure concepts

Good understanding of:

• Continuous monitoring technologies
• Industrial operational constraints
• Risk management methodologies
• Secure architecture principles

Soft Skills & Mindset

• Strong analytical and problem‑solving mindset
• Able to understand both technical and operational realities
• Excellent communication and consulting skills
• Comfortable engaging with technical and non‑technical stakeholders
• Pragmatic and solution‑oriented approach
• Structured thinker with strong documentation capabilities
• Collaborative and team‑oriented mindset
• Able to influence decisions through expertise and credibility
• Customer‑focused and business‑aware

Language & Location (France)

• French: native or near-native level (mandatory)
• English: professional working proficiency (mandatory)
• Preferred location: Lyon or nearby

Availability for occasional travel within France and Europe is expected.

Equal Opportunity Employment

AG Solution is an Equal Opportunity Employer.