Senior Information Security Engineer - OT/IoT & Operational Technology; OT Security
Listed on 2026-07-07
-
IT/Tech
Cybersecurity, Systems Engineer, Network Security
POSITION OVERVIEW
The Senior Information Security Engineer – OT/IoT Security is responsible for leading the design, implementation, and ongoing management of cybersecurity controls across QTS operational technology (OT), industrial control systems (ICS), and IoT environments.
This role focuses on protecting critical infrastructure systems supporting data center operations, including building management systems (BMS), electrical/mechanical control systems, environmental monitoring platforms, and connected operational devices.
The engineer ensures that OT/IoT security solutions align with QTS architectural standards, compliance requirements, and evolving threat models targeting industrial and cyber-physical systems. As risks evolve, this role is responsible for recommending enhancements that strengthen resilience across converged IT/OT environments.
While not a people management role, this position serves as a technical leader and subject matter expert, partnering closely with Security Architecture, Facility Operations, Engineering, and Technology teams to advance QTS’s security posture across operational environments.
RESPONSIBILITIESOther duties may be assigned.
OT / IC Security Engineering- Lead the design, deployment, and lifecycle management of security controls for OT, IC, and IoT environments.
- Secure critical data center infrastructure systems, including BMS, EPMS, DCIM, PLCs, SCADA components, and industrial network segments.
- Define and enforce network segmentation strategies between IT and OT environments (zones/conduits).
- Implement and maintain secure remote access solutions for vendors and operational support teams.
- Develop and maintain visibility across OT networks, including asset inventory, network flows, and anomalous behavior detection.
- Integrate OT telemetry into enterprise monitoring platforms (e.g., SIEM, SOAR) where appropriate.
- Partner with SOC teams to develop OT-specific detection use cases and incident playbooks.
- Establish and maintain OT vulnerability management practices, including asset profiling, passive scanning, and vendor coordination.
- Assess exploitability and operational risk for OT assets (e.g., controllers, embedded devices, facility systems).
- Define risk-based remediation strategies considering uptime, safety, and operational constraints.
- Support and lead OT-related incident investigations, containment, and recovery efforts.
- Develop OT-specific response plans aligned with safety and operational continuity requirements.
- Participate in tabletop and post-incident exercises with cross-functional teams.
- Lead OT/IoT security design reviews for new builds, retrofits, and expansion projects.
- Collaborate with facility engineering, construction, and vendors to embed security in design (“secure by design”).
- Drive security standards for third-party integrations, vendor systems, and supply chain risk.
- Implement controls aligned with frameworks such as NIST CSF, NIST 800-82, IEC 62443, CIS, SOC 2, PCI, and other applicable standards.
- Support audits and evidence collection related to OT/security controls.
- Serve as a trusted partner to Facility Operations, Engineering, and Technology teams.
- Lead technical discussions and influence security decisions across IT/OT convergence initiatives.
- Promote a culture of security aligned with QTS core values and servant leadership principles.
- 10+ years of experience in cybersecurity, with strong engineering background in network, systems, or OT security.
- Demonstrated experience securing industrial environments, IoT systems, or critical infrastructure.
- Experience with OT/IC technologies such as PLCs, SCADA, BMS/EPMS/DCIM, or industrial protocols (Modbus, BACnet, DNP3, etc.).
- Strong knowledge of OT network segmentation, secure architectures, and zero trust principles.
- Experience with vulnerability management and risk evaluation in constrained or uptime-sensitive environments.
- Ability to translate cybersecurity risk into business and operational impact.
- Proven track record…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).