OT Networking Engineer

We are looking for an experienced IT/OT Networking Engineer to design, implement, secure, and operate networks across enterprise IT and industrial OT environments. You will work on plant-floor connectivity , SCADA/DCS/PLC networks , and Purdue Model–aligned architectures , ensuring operational reliability and compliance with IEC 62443, NIST CSF, and defense-in-depth principles.

Key Responsibilities

Network Design & Implementation

• Architect and deploy L2/L3 networks across IT–OT zones (Access/Distribution/Core) following the Purdue Model (Levels 0–5) .
• Configure VLANs, VRFs, ACLs, OSPF, BGP, Static Routing, NAT , micro/macro segmentation, and IT–OT DMZ solutions.
• Implement and manage firewalls: Palo Alto, Fortinet, Cisco ASA/FTD , App-ID, security profiles, and threat prevention.
• Build resilient connectivity for SCADA, PLCs, RTUs, HMIs, Historians, Industrial IoT gateways with redundancy, QoS, and TSN.
• Deploy secure remote access via VPN, jump servers, bastion hosts for OEMs/service partners.

Operations, Monitoring & Troubleshooting

• Use NMS and OT monitoring tools (SolarWinds, PRTG, Zabbix, Nozomi, Claroty ) for performance monitoring and threat detection.
• Troubleshoot L2/L3 issues, packet flows, ICS communication using Wireshark/tcpdump .
• Maintain HLD/LLD, network diagrams, IPAM, runbooks, and RACI documentation.
• Drive ITIL-based incident, problem, change management and RCA for network/plant outages.

OT & Industrial Protocols

• Support and secure Modbus/TCP, Profinet, EtherNet/IP, OPC UA, DNP3, BACnet, IEC 104/61850 .
• Implement protocol-aware filtering, segmentation, and allowlisting for ICS assets.
• Collaborate with plant operations, OEMs, SI partners for SCADA/DCS/PLC/RTU migrations and upgrades.

Compliance

• Apply IEC 62443 (zones/conduits, SLs, patching, access control, logging).
• Implement IDS/IPS, NAC (802.1X), secure configs, and firmware governance.
• Support audits, vulnerability assessments, NIST CSF, ISA-99, ISO 27001 OT controls.

Cloud & Edge (Nice-to-Have)

• Connect OT data securely to Azure/AWS/GCP , edge gateways, data lakes.
• Configure Azure ExpressRoute, AWS Direct Connect , SD-WAN policies, zero-trust architectures.

Required Qualifications

• Experience: 5–10 years in Network Engineering; 3+ years in OT/ICS environments (manufacturing, utilities, energy, pharma, O&G).
• Education: Bachelor’s in Engineering/Technology (ECE/EE/CS/IT) or equivalent.

Core Networking Skills

• L2/L3 switching & routing: STP/RSTP/MSTP, EtherChannel/LACP, VLAN, ACLs, HSRP/VRRP, OSPF, BGP, QoS .
• Hands-on with Cisco/Juniper/Aruba/HPE networking; Palo Alto/Fortinet/Cisco firewalls .
• DNS/DHCP/NTP/IPAM/syslog; packet tracing with Wireshark .

OT/ICS Skills

• Knowledge of Purdue Model , ICS/SCADA architecture, IT–OT DMZ, historian connectivity.
• Experience with Modbus, Profinet, EtherNet/IP, OPC UA, DNP3 & serial-to-IP transitions.

Operational Excellence

• ITIL-based incident/change/problem management.
• Experience with vendor/OEM coordination and plant shutdown activities.

Preferred Certifications

• Networking: CCNP, JNCIP, PCNSA/PCNSE, Fortinet NSE 4–7, Network+.
• OT/Security: GICSP, ISA/IEC 62443 certifications, CISSP/SSCP (ICS knowledge).
• Cloud/SD-WAN: Azure Network Engineer, AWS Advanced Networking, Viptela/Prisma/Fortinet SD-WAN.

Soft Skills

• Excellent stakeholder management with plant operations, OEMs, and IT/OT teams.
• Strong documentation, communication, and structured troubleshooting ability.
• Ownership mindset and willingness to support production-critical events.

Please note: These positions are not fully remote. Selected candidates will be required to work from an Infosys office near their current location.