OT Security Architect

A senior, forward-thinking OT Security Architect with deep technical roots in industrial cybersecurity and a strong system-level mindset. This role goes beyond implementation and focuses on designing, governing, and evolving secure OT architectures across complex industrial environments. The OT Security Architect understands legacy constraints, production realities, and business drivers, and translates them into scalable, secure, and operable architectures . They act as a technical authority for OT security, bridging engineering, IT, operations, and pre-sales teams.

• OT Security Architecture & Design
  • Design end-to-end OT security architectures, including:
    • Network segmentation and zoning (aligned with Purdue / IEC 62443)
    • Secure connectivity between OT, IT, DMZ, and external systems
    • Firewall placement, rule strategy, and defense-in-depth concepts
  • Define network topologies for industrial environments:
    • VLANs, IP addressing / re-numbering strategies
    • Inter-zone communication paths and trust boundaries
  • Design secure infrastructure layouts, including:
    • OT servers, virtual machines, and platform separation
    • Connectivity between applications, historians, MES, SCADA, and cloud/remote access solutions
  • Produce architecture diagrams, technical designs, and solution blueprints suitable for:
    • Customer validation
    • Internal delivery teams
    • Audits and long-term maintainability
• Technical Governance & Standards
  • Define OT security reference architectures, patterns, and best practices
  • Ensure architectural alignment with:
    • IEC 62443
    • Purdue model
    • Company and customer security policies
  • Review and validate OT security designs created by engineers or partners
  • Balance security, availability, and operational constraints in industrial environments
• Pre-Sales & Solution Advisory
  • Act as technical authority in pre-sales phases:
    • Support sales and account teams with architecture input
    • Advise on feasible and future-proof OT security solutions
  • Translate technical architectures into:
    • Clear scope definitions
    • Effort estimations
    • High-level budget indicators (equipment, licenses, engineering effort)
  • Help pre-sales teams avoid under- or over-engineering by grounding offers in realistic architectures
  • Participate in customer workshops and technical discussions to shape solution direction
• Risk & Security Strategy
  • Lead or support OT risk assessments from an architectural perspective
  • Define mitigation strategies that are:
    • Technically sound
    • Operationally realistic
    • Scalable over time
  • Advise customers on roadmaps for improving OT security maturity
• Collaboration & Leadership
  • Work cross-functionally with:
    • OT engineers
    • IT security teams
    • Automation engineers
    • Project managers
  • Act as a technical mentor for OT security engineers
  • Provide architectural guidance during key project phases (design, commissioning, audits)

• Deep expertise in OT security and industrial networking, including:
  • SCADA, PLCs, DCS, industrial protocols
• Strong knowledge of network segmentation and secure architecture principles
• Proven experience designing OT networks using the Purdue model
• Hands‑on background in at least one of:
  • OT firewalling
  • Automated OT network monitoring
  • OT network restructuring / re-addressing
• Solid understanding of:
  • Firewalls and rule design
  • Secure remote access patterns
  • DMZ concepts
• Experience with continuous monitoring (SNMP, NetFlow, or similar)
• Strong knowledge of Fortinet firewall architecture and configuration
• Experience with Active Directory (AD) in hybrid IT/OT environments
• Experience with Nozomi Networks (Guardian or similar) is a strong plus
• Cisco certification is a plus
• Palo Alto firewall experience is a plus
• Virtualization and server architecture knowledge (VMs, segregation, availability) is required at design level

• System‑level thinker: sees the whole architecture, not just devices
• Able to explain complex technical concepts to non‑security stakeholders
• Pragmatic: understands production constraints and legacy realities
• Comfortable influencing decisions without formal authority
• Clear communicator, structured thinker, documentation‑friendly
• Naturally collaborative across IT, OT, engineering, and business teams

• Spanish: native or near-native level (mandatory)
• English: professional working proficiency (mandatory)
• Preferred location: Barcelona or nearby

Mid‑Senior level

Full‑time

Information Technology

At AG Solution, we build intelligent solutions for the process industry, combining automation, process control, data management, and MES/MOM systems to help manufacturers reach operational excellence.

Now part of the Saphir Group, we are one of Europe’s leading Industry 4.0 partners, with more than 400 engineers and consultants working across Europe, the UK, and the US.

Driven by People. Powered by Technology.

Our success starts with our people. We invest in growth through continuous learning, mentorship, and our AG Academy, ensuring every colleague has the opportunity to develop their skills and career.

We believe that innovation happens when people feel trusted, connected, and inspired.

A Global Team with a Human Touch

With offices in over 15 cities worldwide, we bring together diverse expertise and perspectives — from Antwerp to Barcelona, Rotterdam to Lyon, and New York to Krakow.

At AG Solution, you’ll work on meaningful projects that drive efficiency, sustainability, and digital transformation for leading manufacturers worldwide.

Ready to shape the future of industry?

Explore our opportunities and grow with a team that’s redefining what’s possible.