Manager Cybersecurity

Why This Role Exists
We build and operate large missioncritical software platforms that runin customer operational technology (OT) environments often integrated with cloud services and enterprise systems.

These platforms must remain secureacross trust boundariescloud enterprise IT and customer OT networkswhile operating in environments actively targeted by realworld adversaries.

This role exists to ensure those systems aresecure by design not by afterthefact controls.

As the Security Architect you will define defend and evolve thesecurity architecturethat allows modern cloudconnected applications to operate safely on customer OT networks. This is an architecture leadership role focused onsystem design threatdriven decisions and longterm risk reduction not operational execution.

What Youll Do

You are thesecurity architecture authorityfor application platforms deployed into OT environments under Autonomy and Automation.

You will:

• Own and evolvesecurity architecture patternsacross:

  • Authentication and authorization (human and machine)

  • API security and servicetoservice trust

  • Data protection and trust boundary enforcement

• Design architectures thatsafely bridge cloud services and customer OT networks

• Applymodern network and IAM patternsin environments that are not cloudnative

• Explicitly incorporatePurdue Model principles including zones conduits and segmentation into architecture decisions

• Define how applications securely communicate across:

  • Cloud Enterprise OT boundaries

  • Hightrust and lowtrust network zones

• Leadarchitecturelevel threat modeling with particular focus on:

  • Red network threats to OT environments

  • Lateral movement protocol abuse and weak segmentation

• Establishreference security architecturesfor large Javabased platforms operating on OT networks

• Providesecurity architecture signoffat design and release decision points

• Translate security requirements intoclear developerconsumable guardrails

• Influence platform and product roadmaps to removesystemic repeatable security risks

Overall accountability for security outcomes remains with the Security Engineering Manager;you own the technical security architecture decisions that shape those outcomes.

How Youll Work

This is anarchitecturefirst role focused on making correct security decisionsbefore systems are built and deployed.

You will work in environments that include:

• Cloud services integrated withonpremise and customermanaged OT networks

• Java application platforms (Spring / Spring Boot)

• Modern IAM architectures(OAuth2 OIDC service identities) adapted for constrained noncloudnative environments

• Public Key Infrastructure (PKI)used to establish identity and trust for:

  • Services and applications

  • Devices and workloads operating in OT environments

• Encrypted communicationsacross all trust boundaries including:

  • Cloud Enterprise OT

  • Zonetozone and conduit communications aligned to the Purdue Model

• Segmented networks designed to limit blast radius and resist lateral movement

You will design and review architectures that:

• Use PKI and certificates toauthenticate systems services and endpoints

• Enforceencryption in transitas a baseline even in legacy or constrained OT networks

• Explicitly mitigaterednetwork threats including credential theft protocol abuse and unauthorized eastwest movement

• Balance strong security controls with realworld customer and operational constraints

You will spend your timedesigning reviewing and influencing architecture not administering tooling rotating certificates or operating infrastructure.

Explicitly Out of Scope

This role doesnotinclude:

• Daytoday vulnerability management or ticket queues

• SOC incident response or oncall rotations

• Compliance audit execution or evidence collection

• Cloud infrastructure ownership or operations

• Handson CI/CD tooling administration

This role exists to makehard architecture decisions early not to clean up avoidable mistakes later.

What Were Looking For

You are likely a strong fit if you have:

• Strong understanding ofcloud security fundamentals(identity networking trust boundaries shared responsibility)

• Experience designing systems that runon customer OT networks not just enterprise IT or cloud

• Deep understanding ofmodern network and IAM patternsapplied outside pure cloud environments

• Working knowledge of thePurdue Model including zones conduits and segmentation strategies

• Experience securingnetwork communications in OT environments including:

  • Encrypted communications

  • Authentication of services and endpoints

  • Mitigation of lateral movement and protocol abuse

• Ability to reason clearly aboutrednetwork threatsto OT systems and design architectural mitigations

• Strong background inJava application development and application security

• Expertise in authentication and authorization architectures (OAuth2 OIDC identity federation)

• Experience defining API security patterns and servicetoservice trust models

• Advanced threat modeling skills atsystem and platform scale

• Confidence makingand defendingarchitecture decisions that impact multiple teams

Nice to Have

• Experience with regulated safetycritical or industrial systems

• Familiarity with zerotrust concepts applied in constrained networks

• Prior experience partnering closely with AppSec platform and product teams

Experience Profile

• 710 years in software engineering and security

• 35 years in a security architecture or senior security engineering role

• Demonstrated ownership of architecture decisions across multiple platforms or products