OT Security Engineer (ICS/SCADA)

Job Title: OT Security Engineer (ICS/SCADA)

Location: Lahore / Hybrid / Remote

Type: Full‑time

Role summary

We are looking for an OT Security Engineer to design, implement, and maintain security controls for industrial control systems (ICS/SCADA) and other OT assets across our critical‑infrastructure and energy clients. You will work closely with plant/OT teams and our SOC to harden OT environments, enable effective monitoring, and meet sector regulations (e.g., NEPRA IT/OT).

Key responsibilities

• Design and improve secure architectures for OT environments, including IT/OT network segmentation, firewalls, DMZs, and secure remote access (VPNs/jump hosts).
• Harden ICS/SCADA components (PLCs, RTUs, HMIs, historians, engineering workstations) following vendor guidance and industry best practices.
• Build and maintain OT asset inventories and data‑flow diagrams; identify critical assets and trust boundaries.
• Deploy and integrate OT monitoring technologies (network sensors, OT IDS, log collection) with the SOC’s SIEM and OT monitoring platforms.
• Define and support OT patching and vulnerability management processes, including compensating controls where patching is constrained.
• Establish and test OT backup and recovery procedures for critical systems and configurations.
• Translate regulatory and client requirements (e.g., NEPRA IT/OT security regulations, IEC 62443, NIST 800‑82) into concrete OT controls and implementation plans.
• Provide engineering‑level input during incident response and post‑incident remediation activities.

Required skills and experience

• 5+ years of experience in OT/ICS/SCADA or industrial automation, with at least 3 years focused on security engineering.
• Strong understanding of ICS/SCADA architectures and protocols, and common vendor platforms (DCS/PLC/HMI systems).
• Hands‑on experience designing or operating segmented OT networks, firewalls, and secure remote access solutions.
• Practical experience hardening Windows‑based OT assets and ICS appliances, and managing changes in tightly controlled environments.
• Ability to produce clear network/architecture diagrams and implementation plans, and to collaborate with both plant engineers and security teams.

Nice‑to‑have

• Experience in power/utility, oil & gas, or other critical‑infrastructure sectors.
• Familiarity with NEPRA IT/OT security regulations, IEC 62443, NIST SP 800‑82, or NERC CIP.
• Exposure to OT monitoring tools (Nozomi, Claroty, Dragos, etc.) and SIEM platforms.
• Relevant certifications (e.g., GICSP, CISSP, IEC 62443‑certs, network/security certs).