Principal Engineer - Operational Technology Network Security

The Principal Engineer, provides strategic and technical leadership for securing Cencora's operational technology, industrial control systems, distribution center technologies, building automation systems, warehouse automation environments, and other network-connected OT assets. This role designs, implements, and governs secure OT network architectures that support resilient operations, reduce cyber risk, and align with enterprise security standards, regulatory expectations, and business continuity requirements.

The Principal Engineer serves as a subject matter expert for OT network segmentation, secure remote access, industrial network monitoring, vulnerability management, incident response, and security control implementation across complex hybrid environments. The role partners closely with Information Security, Infrastructure, Network Engineering, Facilities, Distribution Operations, Engineering, vendors, and business leaders to ensure security controls are practical, sustainable, and aligned to operational needs.

Primary Responsibilities:

• Provides technical leadership for OT network security strategy, architecture, standards, and roadmap development across operational environments, including distribution centers, automation platforms, industrial control systems, IoT/IoT devices, facilities systems, and supporting network infrastructure.

• Designs and leads implementation of secure OT network architectures using principles such as Purdue Model segmentation, zero trust, defense-in-depth, secure zones and conduits, least privilege, and controlled connectivity between IT, OT, cloud, and vendor-managed environments.

• Plans and leads upgrades to OT network security measures and tools to protect operational systems, networks, and connected assets while minimizing disruption to safety, quality, availability, and business operations.

• Analyzes trends, threat intelligence, vulnerabilities, regulatory expectations, and changes in the OT and industrial cybersecurity landscape; advises leadership on organizational risk and recommends mitigation strategies.

• Develops, refines, and implements OT security policies, standards, procedures, reference architectures, and technical patterns aligned to frameworks such as ISA/IEC 62443, NIST SP 800-82, NIST Cybersecurity Framework, ISO 27001, and applicable compliance requirements.

• Leads OT network segmentation initiatives, including firewall rule governance, access control, network access control, secure routing, remote access hardening, jump host architecture, micro-segmentation, and monitoring of traffic between IT and OT environments.

• Partners with network administrators, system administrators, facilities teams, automation engineers, and third-party vendors to ensure OT networks, servers, endpoints, controllers, network devices, and security technologies conform to approved security standards.

• Provides technical guidance for OT asset discovery, inventory management, vulnerability management, configuration baselines, patch risk assessment, compensating controls, and lifecycle planning for systems with operational or vendor constraints.

• Contributes to response activities for OT security incidents, including triage, investigation, containment, eradication, recovery, root cause analysis, lessons learned, and coordination with enterprise incident response teams and third-party responders.

• Formulates methodologies to monitor, detect, analyze, and respond to OT network security events; supports the integration of OT telemetry into SIEM, SOAR, network detection and response, vulnerability management, and enterprise cyber operations processes.

• Provides technical oversight for security controls in the acquisition, design, development, change management, and deployment lifecycle for OT systems, warehouse automation technologies, network-connected equipment, and third-party-managed platforms.

• Reviews technical and functional design documents, network diagrams, firewall requests, connectivity patterns, vendor proposals, and implementation plans to identify security risks and recommend practical remediation actions.

• Coordinates with senior technical leaders across Information Security, Infrastructure, Network Engineering, Cloud, Facilities, Distribution Operations, and Enterprise Architecture to design and implement resilient security solutions that protect physical and intangible assets.

• Provides technical guidance, coaching, and mentorship to engineers and analysts supporting OT security, network security, cyber operations, vulnerability management, and incident response activities.

• Maintains and contributes to service-level expectations, operational procedures, and governance processes to ensure OT security controls remain effective, measurable, and supportable.

• Communicates advanced OT and information security concepts clearly to technical teams, business leaders, vendors, auditors, and executive stakeholders.

• Develops metrics, KPIs, risk insights, remediation progress, and executive-level summaries related to OT network security posture.

• Researches, evaluates, and supports deployment of security technologies for OT and industrial environments, including industrial network monitoring, firewalls, secure remote access, network detection and response, asset discovery, vulnerability management, identity and access management, email security, endpoint controls, SIEM, SOAR, and cloud-connected OT security use cases.

• Serves as a subject matter expert for OT network security in support of product, engineering, facilities, distribution, enterprise infrastructure, and corporate information security initiatives.

Qualifications:

Education:

• Bachelor's Degree in Computer Science, Information Technology or any other related discipline or equivalent related experience.

Preferred Certifications:

• Global Industrial Cyber Security Professional (GICSP)

• GIAC Response & Industrial Defense (GRID)

• ISA/IEC 62443 Cybersecurity Certificate or related ISA/IEC 62443 certifications

• Certification in Information Security Strategy Management (CISM)

• Certified Information Systems Security Professional (CISSP)

• CompTIA Security + Certification

• Cisco Certified Network Designations (CCNA, CCNP, CCIE)

Work Experience:

• 8+ years of directly-related or relevant experience, preferably in OT security.

Skills & Knowledge:

Behavioral Skills:

• Conflict Resolution

• Creativity & Innovation

• Decision Making

• Assertiveness

• Influencing Skills

• Planning

• Presentation Skills

Technical Skills:

• Operational technology and industrial network security

• Network architecture, routing, switching, firewalling, VPN, IDS/IPS, proxies, and secure remote access

• OT network segmentation, Purdue Model architecture, zones and conduits, zero trust, and defense-in-depth

• Industrial cybersecurity frameworks and standards, including ISA/IEC 62443, NIST SP 800-82, NIST CSF, ISO 27001, PCI, and SOX where applicable

• Industrial protocols and environments such as Modbus, BACnet, OPC, Ethernet/IP, PROFINET, SCADA, PLCs, HMIs, and building automation systems

• Threat modeling, root cause analysis, vulnerability management, patch risk assessment, compensating controls, and exception management

• Identity and access management for privileged and remote access in OT environments

• Incident response, cyber operations, threat hunting, monitoring, and logging for hybrid IT/OT environments

• Cloud-connected OT and IoT/IIoT security considerations

• Security governance, compliance assessments, risk acceptance processes, and third-party risk reviews

• Business continuity, disaster recovery, and resilience considerations for operational environments

Tools Knowledge:

• Microsoft Office Suite

• Security Tools - SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti-virus, Firewalls, VPN IDS/IPS, AV, proxies, etc.

• OT and industrial security monitoring platforms such as Armis, Nozomi Networks, Claroty, Dragos, Microsoft Defender for IoT, or equivalent technologies

• Firewall and network platforms such as Palo Alto Networks, Fortinet, Cisco, Check Point, or equivalent technologies

• Ticketing, workflow, documentation, and collaboration tools

• Scripting or query languages such as Python, PowerShell, SQL, KQL, JavaScript, HTML/CSS, or equivalent tools used for automation, reporting, and analysis

We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members' ability to live with purpose every day. In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness. This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave. To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more. For details, visit https://www.virtualfairhub.com/cencora

Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.

The company's continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory.

Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email hrsc@cencora.com. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned