Operational Technology Network Security Engineer III

Summary:

The Operational Technology Network Security Engineer III is responsible for designing, implementing, maintaining, and improving security controls across operational technology, industrial control systems, and network environments. This role supports the protection of distribution, automation, facilities, warehouse, and other critical operational environments by applying cybersecurity best practices to OT networks, connected systems, and supporting infrastructure. The engineer partners with Information Security, Infrastructure, Operations, Engineering, Facilities, and business stakeholders to assess risk, strengthen network segmentation, monitor threats, support incident response, and ensure OT environments remain secure, resilient, and aligned with enterprise standards.

Primary Responsibilities:

• Designs, implements, and supports security controls for operational technology networks, industrial control systems, manufacturing systems, warehouse automation platforms, building management systems, and related connected environments.

• Assesses OT and ICS network architectures to identify risks, security weaknesses, segmentation gaps, insecure protocols, and opportunities to improve resilience and defense in depth.

• Partners with network engineering, infrastructure, operations, facilities, manufacturing, warehouse automation, and cybersecurity teams to implement secure network designs, firewall policies, access controls, and remote access solutions for OT environments.

• Supports development and maintenance of OT network security standards, procedures, reference architectures, and operational playbooks aligned to enterprise security requirements and relevant frameworks.

• Conducts & supports vulnerability, configuration, and risk assessments for OT assets, network devices, firewalls, remote access tools, and connected industrial systems while considering operational availability and safety requirements.

• Coordinates remediation planning with technical and business teams, balancing security risk reduction with operational continuity, safety, regulatory, and business constraints.

• Monitors OT security alerts, network activity, and threat intelligence to detect suspicious behavior, unauthorized access, policy violations, and indicators of compromise in OT environments.

• Supports incident response activities impacting OT networks and connected systems, including containment planning, evidence gathering, root cause analysis, recovery support, and post-incident recommendations.

• Implements and maintains security technologies that may include OT network monitoring, firewalls, IDS/IPS, NAC, SIEM integrations, remote access platforms, vulnerability management tools, and endpoint or asset visibility solutions.

• Reviews technical designs and change requests for OT network infrastructure to ensure security requirements are incorporated before implementation.

• Works closely with Information Security and line-of-business management to identify, formulate, and implement practical security solutions and controls for OT and industrial environments.

• Coordinates with systems, network, cloud, and security engineers to ensure OT-connected infrastructure conforms to security standards and that security devices and controls are operating as intended.

• Gathers and analyzes reporting, metrics, and key performance indicators related to OT network security posture, control effectiveness, vulnerabilities, remediation status, and operational risk.

• Provides security briefings and technical recommendations to leadership, peers, stakeholders, and vendors regarding OT security risks, proposed solutions, and critical issues that may affect operations.

• Contributes to enterprise cybersecurity initiatives by representing OT network security requirements in projects, acquisitions, facility changes, technology deployments, and operational improvement efforts.

• Guides, coaches, and mentors Engineer I/II team members and provides technical leadership on OT network security tasks, investigations, and project work.

• Maintains awareness of emerging OT, ICS, IoT, and network security threats, vulnerabilities, and industry best practices, and recommends improvements to strengthen the organization's security posture.

Qualifications:

Education:

• Bachelor's Degree in Computer Science, Information Technology or any other related discipline or equivalent related experience.

Preferred Certifications:

• Global Industrial Cyber Security Professional (GICSP)

• GIAC Response & Industrial Defense (GRID)

• ISA/IEC 62443 Cybersecurity Certificate or related ISA/IEC 62443 certifications

• Certification in Information Security Strategy Management (CISM)

• Certified Information Systems Security Professional (CISSP)

• CompTIA Security + Certification

• Cisco Certified Network Designations (CCNA, CCNP, CCIE)

Work Experience:

• 4+ years of directly-related or relevant experience, preferably in information security.

Behavioral Skills:

• Conflict Resolution

• Creativity & Innovation

• Decision Making

• Planning

• Presentation Skills

Technical Skills:

• Operational technology and industrial network security

• Network architecture, routing, switching, firewalling, VPN, IDS/IPS, proxies, and secure remote access

• OT network segmentation, Purdue Model architecture, zones and conduits, zero trust, and defense-in-depth

• Industrial cybersecurity frameworks and standards, including ISA/IEC 62443, NIST SP 800-82, NIST CSF, ISO 27001, PCI, and SOX where applicable

• Industrial protocols and environments such as Modbus, BACnet, OPC, Ethernet/IP, PROFINET, SCADA, PLCs, HMIs, and building automation systems

• Threat modeling, root cause analysis, vulnerability management, patch risk assessment, compensating controls, and exception management

• Identity and access management for privileged and remote access in OT environments

• Incident response, cyber operations, threat hunting, monitoring, and logging for hybrid IT/OT environments

• Cloud-connected OT and IoT/IIoT security considerations

• Security governance, compliance assessments, risk acceptance processes, and third-party risk reviews

• Business continuity, disaster recovery, and resilience considerations for operational environments

Tools Knowledge:

• Microsoft Office Suite

• Security Tools - SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti-virus, Firewalls, VPN IDS/IPS, AV, proxies, etc.

• OT and industrial security monitoring platforms such as Armis, Nozomi Networks, Claroty, Dragos, Microsoft Defender for IoT, or equivalent technologies

• Firewall and network platforms such as Palo Alto Networks, Fortinet, Cisco, Check Point, or equivalent technologies

• Ticketing, workflow, documentation, and collaboration tools

• Scripting or query languages such as Python, PowerShell, SQL, KQL, JavaScript, HTML/CSS, or equivalent tools used for automation, reporting, and analysis

We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members' ability to live with purpose every day. In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness. This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave. To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more. For details, visit https://www.virtualfairhub.com/cencora

Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.

The company's continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory.

Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email hrsc@cencora.com. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned