ICS Network Architect
ICS Network Architect
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Design and Architecture:
- Design and Implementation: Develop and implement network architectures for ICS environments including local area networks (LANs) wide area networks (WANs) and industrial Ethernet networks.
- Security Management: Implement robust security measures including firewalls VPNs and intrusion detection systems to protect ICS networks from cyber threats.
- Network Monitoring: Monitor network performance and conduct regular assessments to identify and resolve potential issues.
- Documentation: Maintain detailed documentation of network configurations designs and security protocols.
- Collaboration: Work closely with IT and OT (Operational Technology) teams to ensure seamless integration and operation network systems.
- Vendor Coordination: Coordinate with vendors to procure necessary networking equipment and software.
- Upgrades and Maintenance: Plan and execute network upgrades and maintenance activities to ensure optimal performance and security.
- Compliance: Ensure network designs and operations comply with industry standards and regulatory requirements.
Experience
- Minimum of 5 years of experience in network architecture with a focus on industrial control systems.
- Knowledge of network protocols including TCP/IP DNS DHCP and routing protocols (e.g. OSPF BGP).
- Experience in designing and implementing network security solutions in critical infrastructure especially in the electrical or energy sectors.
- Strong understanding of industrial control system protocols (e.g. Modbus DNP3 IEC 61850) and network segmentation strategies.
5. ICS/Substation experience. Be able to understand the terminology and experience in working at a control house at a substation for example.
Certification
- Relevant certifications such as CISSP CCNA or CCNP are preferred.
Technical Skills:
1. Understanding of compliance standards (e.g. PCI DSS NERC CIP ISO 27001). Familiarity with industry standards such as IEC 62443 NIST SP 800-82 and ISO/IEC 27001.
2. Knowledge of network segmentation DMZ architecture and zero-trust security models.
- Ability to analyze and troubleshoot complex security issues in ICS and OT environments.
Personal Attributes
Strong problem-solving skills and ability to work in a fast-paced collaborative environment.
Excellent communication skills both written and verbal to effectively interact with technical teams and stakeholders.
Ability to manage multiple projects simultaneously and prioritize effectively.
Top Priorities
1. Document and refine network topologies identifying communication paths between Data Center and Substations Intelligent Electronic Devices (IEDs) protective relays Remote Terminal Units (RTUs) and SCADA masters. Suggest improvements or upgrades for reliable and redundant communication.
2. Setting up IP addressing VLANs firewall rules and secure remote-access solutions that align with corporate and regulatory cybersecurity requirements. Verify communications on protocols such as DNP3 Modbus Goose or IEC 61850.
3. Responsibility includes managing the transition from serial to IP by installing configuring and testing serial-to-IP converters for legacy substation equipment-minimizing downtime and ensuring reliable communications.
4. Troubleshoot communication errors in real-time and work closely with SCADA engineers to validate data flow from field devices up to the central monitoring/control systems.
5. Possesses knowledge of Compliance (prefer NERC CIP Standards) including the creation and maintenance of supporting documentation and the implementation of best practices for network segmentation access control and patch management while collaborating with security teams to ensure full compliance with regulatory requirements.
6. Develop and maintain up-to-date network diagrams device configuration records and standard operating procedures. Provide input on engineering workflows to streamline substation upgrade or expansion projects.
WORKING CONDITIONS
This position is onsite with 4 days in the office and 1 days remote. May need to travel to different sites within the Tampa Electric Territory.
PHYSICAL DEMANDS/ REQUIREMENTS
Ability to lift 50-75 pounds
Ability to stand for long periods of time
Ability to work in a fast-paced environment
Occasional travel to remote sites may be required.
Employment Type
Full-time
