SOFT's client located in Manassas, VA is looking for an OT Network Architect for a long term contract assignment.
II.
JOB DESCRIPTIONArchitecture & Design
· Design and implement a segmented OT network architecture transitioning from flat Layer 2 networks to SD-WAN-enabled, zone-based architectures.
· Define network segmentation strategy (ISA/IEC 62443 zones and conduits model) to isolate critical OT assets and control east-west traffic.
· Engineer ring and/or resilient topologies across substations and core OT sites to ensure deterministic communication and fault tolerance.
· Develop SD-WAN design standards including:
o Underlay/overlay architecture
o Path selection policies (latency, jitter, packet loss)
o QoS for ICS protocols (e.g., DNP3, Modbus, IEC 61850)
Security & Compliance
· Develop and enforce OT-specific cybersecurity controls, including micro-segmentation, firewall zoning, and least-privilege access.
· Define and implement firewall policies to restrict inter-zone communication and prevent unauthorized access to OT systems.
· Conduct risk and vulnerability assessments aligned with OT threat models (ransomware, lateral movement, supply chain risks).
· Ensure compliance with NERC CIP standards and other applicable frameworks.
Implementation & Operations
· Lead deployment of SD-WAN solutions across OT sites, including integration with existing switching infrastructure (e.g., industrial-grade switches).
· Configure and maintain high availability mechanisms:
· Redundant paths and failover (active/active or active/standby)
· Rapid spanning tree / ERPS / MPLS-TP where applicable
· Support incident response and root cause analysis for OT network disruptions.
· Manage projects and deliver on time with periodic status reports to management.
III.BASIC QUALIFICATIONS
· 10+ years of experience in network design and architecture, preferably in OT environments.
· Experience with industrial protocols (e.g., Modbus, DNP3, OPC, Ethernet/IP).
· Familiarity with IT/OT convergence principles.
IV.DESIRED SKILLS
· Strong understanding of networking concepts, including routing, switching, and firewall configurations.
· Proficiency in network monitoring and management tools.
· Knowledge of cybersecurity best practices for OT networks.
· Experience with industrial control systems (ICS) and SCADA systems.
V.MINIMUM TECHNICAL EXPERIENCE
· Knowledge of design, configuration, installation, testing, and maintenance of local and wide area computer wired and wireless networks (Cisco Systems preferred).
· Knowledge of computer network characteristics, network operating system software, and network components
· Troubleshooting skills and the ability to diagnose/resolve network system problems.
· Ability to interpret and apply complex technical manuals and reference materials.
· Ability to assist with developing network security and related procedures; and performing network management activities.
VI.EDUCATION REQUIREMENTS
· Bachelor’s degree in computer science, computer networks, or a related field.
· Certification in related fields (CCNA, CCNP) required. Security and Cisco Certified Internetwork Expert (CCIE), and experience in Extreme network switches is a plus.