OT Infrastructure Architect

Our client is seeking an Infrastructure Architect in OT to design and implement resilient, secure, and scalable infrastructure that connects plant operations to enterprise services. The role will focus on developing a clear, company-wide access strategy for OT environments aligned with the Purdue model-an industry framework that separates industrial networks into layers, from equipment up through business systems.
You will define how Privileged Access Management (PAM) and Identity & Access Management (IAM) operate across those layers, including recommendations for deployment models (cloud, on-premises, or hybrid) and key guiding principles such as least privilege, role clarity, multi-factor verification, and controlled, time-bound access.
You will establish the target state for OT data centers (local at refineries, aggregated for midstream, or hybrid) and build a phased roadmap that strengthens security, simplifies user experience, and maintains appropriate separation between plant operations and enterprise IT.
You will bring a strong IT infrastructure background (Azure, networking, connectivity, security) and apply it to operational technology (OT) use cases across refining and midstream environments. While OT experience with technologies such as AVEVA/PI System, Honeywell, or DeltaV is a plus, it is not required. We value IT fundamentals, strong communication skills, and the ability to collaborate with operations, security, and engineering teams.

Architecture & Design

• Design and implement IT/OT infrastructure systems that support business and plant operations, including compute, storage, networking, identity, and integration patterns.
• Integrate on-premises data centers, edge/plant systems, and cloud platforms into a cohesive, secure, and observable architecture.

Security & Identity (Priority Initiatives)

• Lead workstreams for PAM and IAM in OT environments-aligning with enterprise standards while accommodating site-specific constraints.
• Contribute to the strategic roadmap for OT data centers, including modernization and hybrid/cloud migration approaches.

Delivery & Operations

• Lead technical teams through installation, configuration, and lifecycle maintenance; develop runbooks, standards, and repeatable delivery patterns.
• Monitor system performance, availability, and capacity; identify improvement opportunities and drive remediation efforts.

Risk & Compliance

• Assess infrastructure risks (availability, security, maintainability) and propose mitigation strategies; support audits and compliance documentation.

Documentation & Communication

• Produce clear architecture diagrams, standards, and operational procedures.
• Communicate complex technical considerations to non-technical stakeholders and facilitate alignment across differing viewpoints.

Collaboration

• Partner closely with OT architects, plant IT/OT teams, cybersecurity, network engineering, and application teams; build strong working relationships with site stakeholders.

Skills

PAM, IAM, Identity Access Management, Active Directory, Azure, Infrastructure, Architecture, OT, Privileged Access Management, Purdue Model, Identity Management, Cloud, Systems Architecture, Microsoft Azure, AWS, IT Infrastructure

Top Skills

PAM, IAM, Identity Access Management, Active Directory, Azure, Infrastructure, Architecture, OT, Privileged Access Management, Purdue Model, Identity Management

Additional Skills & Qualifications

Required

• Bachelor's degree in Computer Science, Information Technology, or related field (or equivalent experience).
• Several years of experience in IT infrastructure roles with a focus on system/infrastructure architecture.
• Cloud proficiency, ideally Microsoft Azure experience (landing zones, networking, identity, governance); AWS experience is also valued.
• (routing, VLANs, firewalls, VPNs, segmentation), along with hands-on experience in Windows/Linux, virtualization (e.g., VMware/Hyper-V), backup/DR, and monitoring.
• Demonstrated experience integrating platforms and leading technical teams through build/run phases.
• Excellent communication and stakeholder management skills-able to listen, interpret concerns, and offer pragmatic recommendations.

Nice to Have

• OT exposure: AVEVA PI System (historian/AF), Honeywell Experion, Emerson DeltaV, SCADA/DCS/PLC environments.
• Familiarity with OT networking and common industrial protocols (e.g., OPC UA, Modbus) and IT/OT segmentation patterns.
• Relevant certifications: Microsoft Certified-Azure Solutions Architect Expert, AWS Solutions Architect, or networking/security certifications.
• Experience with PAM/IAM solutions (CyberArk, BeyondTrust, Entra ID/Azure AD), role-based access controls, and identity governance.
• Experience in data-center modernization and hybrid/cloud models for OT workloads.

We reserve the right to pay above or below the posted wage based on factors unrelated to sex, race, or any other protected classification.
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. This temporary role may be eligible for the following:

• Medical, dental & vision
• 401(k)/Roth
• Insurance (Basic/Supplemental Life & AD&D)
• Short and long-term disability
• Health & Dependent Care Spending Accounts (HSA & DCFSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)

Job Type & Location
This is a Contract position based out of Denver, CO.
Pay and Benefits
The pay range for this position is $60.00 - $75.00/hr.
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following: Medical, dental & vision Critical Illness, Accident, and Hospital 401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available Life Insurance (Voluntary Life & AD&D for the employee and dependents) Short and long-term disability Health Spending Account (HSA) Transportation benefits Employee Assistance Program Time Off/Leave (PTO, Vacation or Sick Leave)
Workplace Type
This is a hybrid position in Denver,CO.
Application Deadline
This position is anticipated to close on Jan 29, 2026.
>About TEKsystems:
We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.

About TEKsystems and TEKsystems Global Services

We're a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We're a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We're strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We're building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.

The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.