Network Security Architect

Job Title: Network Security Architect
Location: Houston, TX (Remote eligible)
Job Type: Direct Hire

Responsibilities:

1. Design network architecture (Datacenter, Cloud, On-Prem, Field and OT).
2. Plan, design, and implement IT cybersecurity protection solutions.
3. Plan, design, and implement OT cybersecurity protection solutions.
4. Perform engineering, design, and implementation of OT security solutions and products, including architecture reviews, vendor engagement, product evaluation, implementation, configuration, and testing.
5. Provide engineering support, product management, lifecycle management, and solution architecture for OT security capabilities such as network security, threat and anomaly detection, vulnerability management, endpoint detection and response.
6. Collaborate with other stakeholders to ensure the architecture is aligned with business requirements.
7. Create the documentation artifacts of the architecture.
8. Work with Infrastructure, Enterprise Applications, DevOps, Development Engineering, other domain architects, and internal stakeholders to identify the best solutions for known and anticipated constraints.
9. Be the trusted technical advisor to Infrastructure, Enterprise Applications, and DevOps teams.
10. Perform design and reviews with peers and stakeholders.
11. Look for problems within the platform and its integrations and work to resolve issues.
12. Ensure the architecture supports business processes and technologies.
13. Participate in incident response activities, including investigating security incidents, analyzing root causes, and coordinating remediation efforts.
14. Conduct regular vulnerability assessments and penetration tests on systems and networks, identify weaknesses, and recommend security improvements.
15. Implement and manage security controls specifically tailored to protect critical infrastructure assets in the oil and gas sector.
16. Perform risk assessments and develop risk mitigation strategies to protect against cyber threats that could impact the safety and reliability of daily operations.
17. Promote a culture of cybersecurity awareness and best practices among employees and contractors working in the oil and gas sector.
18. Design, manage, and configure security tools and technologies relevant to the protection of critical infrastructure.

Qualifications:

• 5+ years of experience in network security engineering, specifically with data center networking and cloud architecture.
• 3+ years of experience designing and implementing ICS/OT systems.
• Moderate/Expert level understanding of IT-OT convergence, Purdue Model, IDMZ concepts, network technologies, systems, and concepts.
• Knowledge of ICS / SCADA System Security (design, controls).
• Strong understanding of OT network communication protocols (e.g., Ethernet/IP, CIP, Modbus, OPC, etc.) and industrial networking topologies.
• Experience working with cloud-based network infrastructures, such as AWS / Azure / GCP, including AWS Direct Connect and Azure Express Route.
• Experience with Infrastructure as Code, CI/CD, and tools for orchestration and configuration.
• Demonstrated experience with network protocols (BGP, OSPF, MPLS, VPLS, VRRP, GLBP, etc.).
• Experience deploying Cloud/SDN/SD-WAN technologies.
• Deep understanding of cloud security concepts, tools, and their integration with multimedia applications.
• Experience with next-generation firewall technology (Palo Alto, Cisco, Juniper, etc.).
• Demonstrated experience with Cloud Security.
• Deep understanding of industrial control systems (ICS), PLCs, and SCADA environments.
• Proficiency in deploying and configuring OT cybersecurity solutions.
• Familiarity with industry standards and regulations related to critical infrastructure protection.
• Strong documentation and diagramming skills ensure that all network topologies are accurately documented and recorded.
• Experience working with Ticking Systems and Change Control process adherence.
• Excellent analytical, interpersonal, and communication skills with the ability to communicate complex technical issues in an easy-to-understand manner at all levels of the organization.
• Knowledge of IDS / IPS, QoS, and traffic shaping policies and techniques.
• Knowledge of IoT protocols, standards, and technologies.
• Understanding of Cloud connectivity partners (Megaport, Equinix, Cloud Exchange, etc.).
• Self-starter with strong organizational and time management skills, working within demanding timeframes.
• Ability to work collaboratively with colleagues and staff to create a high-quality, results-driven, team-oriented environment.
• Demonstrated ability to use discretion, make sound decisions, and maintain confidentiality.
• Ability to handle high-pressure situations in a productive and professional manner.
• Strong analytical and problem-solving skills.

Nice to Have:

• Microsoft Certified: Azure Solutions Architect Expert.
• Cisco Certified Network Professional (CCNP).
• Cisco Certified Internetwork Expert (CCIE) / Cisco Certified Design Expert (CCDE).
• OT/ICS cybersecurity relevant accreditations such as GISCP, Certified SCADA Security Architect (CSSA), ISA/IEC62443 cybersecurity certificates.