OT Security Architect

A senior, forward‑thinking OT Security Architect with deep technical roots in industrial cybersecurity and a strong system‑level mindset. This role goes beyond implementation and focuses on designing, governing, and evolving secure OT architectures across complex industrial environments.

The OT Security Architect understands legacy constraints, production realities, and business drivers, and translates them into scalable, secure, and operable architectures. They act as a technical authority for OT security, bridging engineering, IT, operations, and pre‑sales teams.

OT Security Architecture & Design

• Design end‑to‑end OT security architectures, including:
• Network segmentation and zoning (aligned with Purdue / IEC 62443)
• Secure connectivity between OT, IT, DMZ, and external systems
• Firewall placement, rule strategy, and defense‑in‑depth concepts
• Define network topologies for industrial environments:
• Inter‑zone communication paths and trust boundaries
• OT servers, virtual machines, and platform separation
• Connectivity between applications, historians, MES, SCADA, and cloud/remote access solutions
• Produce architecture diagrams, technical designs, and solution blueprints suitable for internal delivery teams and audits, ensuring long‑term maintainability.

Technical Governance & Standards

• Define OT security reference architectures, patterns, and best practices.
• Ensure architectural alignment with IEC 62443 and company/cust\-er requirements.
• Review and validate OT security designs created by engineers or partners, balancing security, availability, and operational constraints.
• Act as technical authority in pre‑sales phases: support sales & account teams, advise on feasible and future‑proof OT security solutions, translate technical architectures into high‑level budget indicators and avoid under‑ or over‑engineering.
• Participate in customer workshops and technical discussions to shape solution direction.

Risk & Security Strategy

• Lead or support OT risk assessments from an architectural perspective.
• Define mitigation strategies that are technically sound and operationally realistic.
• Advise customers on roadmaps for improving OT security maturity.
• Work cross‑functionally with IT security teams and project managers.
• Act as a technical mentor for OT security engineers.

• Deep expertise in OT security and industrial networking, including:
• Strong knowledge of network segmentation and secure architecture principles.
• Proven experience designing OT networks using the Purdue model.
• Hands‑on background in at least one of:
• OT firewalling
• Automated OT network monitoring
• OT network restructuring / re‑addressing
• Solid understanding of firewalls, rule design, secure remote access patterns, DMZ concepts, and continuous monitoring (SNMP, NetFlow, or similar).
• Strong knowledge of Fortinet firewall architecture and configuration.
• Experience with Active Directory (AD) in hybrid IT/OT environments.
• Experience with Nozomi Networks (Guardian or similar) is a strong plus.
• Certifications: Cisco is a plus; Palo Alto firewall experience is a plus.
• Virtualization and server architecture knowledge (VMs, segregation, availability) is required at design level.

• System‑level thinker: sees the whole architecture, not just devices.
• Able to explain complex technical concepts to non‑security stakeholders.
• Pragmatic: understands production constraints and legacy realities.
• Comfortable influencing decisions without formal authority.
• Clear communicator, structured thinker, documentation‑friendly.
• Collaborative across IT, OT, engineering, and business teams.

• Spanish: native or near‑native level (mandatory).
• English: professional working proficiency (mandatory).
• Preferred location: Barcelona or nearby.

Join AG Solution Where Talent Shapes Industry 4.0. At AG Solution, we build intelligent solutions for the process industry, combining automation, process control, data management, and MES/MOM systems to help manufacturers reach operational excellence. Now part of the Saphir Group, we are one of Europe’s leading Industry 4.0 partners, with more than 400 engineers and consultants working across Europe, the UK, and the US. Driven by people and powered by technology, our success starts with our people. We invest in growth through continuous learning, mentorship, and our AG Academy, ensuring every colleague has the opportunity to develop their skills and career. We believe that innovation happens when people feel trusted, connected, and inspired.

Preferred location: Barcelona, Catalonia, Spain. Referrals increase your chances of interviewing at SOFYNE by 2x.