Network Segmentation Engineer - OT Cybersecurity

Looking for Network Segmentation Engineer - OT Cybersecurity

Location: Troy, Missouri, United States / Buffalo, West Virginia, United States (onsite)

Job Summary / Overview

The Network Segmentation Engineer OT Cybersecurity is responsible for designing, implementing, and managing micro-segmentation and identity-based access control strategies across enterprise and Operational Technology (OT) network environments. OT includes plant, factory, industrial, and manufacturing systems where segmentation directly affects safety, uptime, and business continuity. This role requires expert-level knowledge of software-defined access fabrics, network access control platforms, identity-based policy enforcement, and the ability to differentiate between campus-focused and data center-focused segmentation architectures to apply the right model to the right environment.

Key Responsibilities

• Design, deploy, and manage micro-segmentation using software-defined access, identity-based policy enforcement, and scalable group-based tagging across wired and wireless infrastructure.
• Implement and manage network access control platforms for authentication, authorization, device profiling, posture assessment, and dynamic policy assignment.
• Configure and manage network automation and orchestration platforms for fabric provisioning, policy management, assurance, and visibility.
• Define and enforce access policies that control lateral movement based on user identity, device type, location, and application context.
• Design segmentation architectures including fabric overlays, virtual networks, control plane protocols, and data plane encapsulation.
• Clearly differentiate and appropriately apply campus-focused software-defined access models versus data center-focused application-centric models based on environment and use case.
• Troubleshoot complex authentication, connectivity, and policy enforcement issues within segmented network environments.
• Partner with cybersecurity, OT, and infrastructure teams to extend segmentation into operational technology and manufacturing environments.
• Develop and maintain architecture diagrams, policy matrices, and operational documentation for segmentation environments.
• Support compliance and audit activities by demonstrating segmentation enforcement and access control effectiveness.

• Bachelor s degree in computer science, Information Technology, Network Engineering, Cybersecurity, or a related field, or equivalent experience.
• Expert-level experience with enterprise network access control platforms, including authentication policy design, device profiling, and group-based policy assignment.
• Expert-level experience with network automation and fabric orchestration platforms for provisioning, policy management, and assurance.
• Deep understanding of identity-based segmentation, including scalable group tagging, group-based access control lists, tag propagation methods, and policy matrices.
• Strong understanding of software-defined access fabric architecture, including overlay/underlay design, control plane protocols, data plane encapsulation, and fabric node roles.
• Ability to articulate the architectural and operational differences between campus-focused software-defined access and data center-focused application-centric segmentation.
• Experience with enterprise switching and wireless platforms in fabric-based deployments.
• Experience with 802.1X, MAC-based authentication, RADIUS, and TACACS+ in enterprise environments.
• Strong troubleshooting skills across complex, multi-domain network environments.
• Experience applying network segmentation aligned to Zero Trust principles.
• Willingness to travel to factories and operational sites.

Preferred Qualifications

• Experience segmenting OT, IoT, or industrial network environments using identity-based access control and device profiling.
• Advanced networking or security certifications at the professional or expert level.
• Familiarity with next-generation firewalls and their role in segmentation strategies.
• Familiarity with industrial cybersecurity standards such as IEC 62443 or NIST SP 800-82 as they relate to segmentation.
• Automotive or manufacturing industry experience preferred.
• Experience in large-scale, multi-site enterprise environments.