Senior Network Security Engineer - OT

We are seeking a Senior Network Security Engineer (OT) to assist us in designing and implementing firewall and network access control (NAC) technology solutions across IT and OT networks. The Senior Network Security Engineer will contribute to delivering various technical products in collaboration with other engineers, architects, and operational support teams.

The Senior Network Security Engineer will be part of the team responsible for developing and supporting Elanco’s Network Security Platform, collaborating closely with technical service owners, architects, and the operations team to continuously raise the reliability bar for our services while guiding the adoption of Elanco’s network and security platform. The team provides direction for implementing modern technologies and a zero‑trust strategy throughout all stages of the service development life cycle.

• Partner with Info Sec and Network Architecture to define and evolve enterprise firewall, NAC, and segmentation architecture across corporate and manufacturing environments.
• Lead design, implementation, and lifecycle management of Palo Alto firewall policies, zone‑based segmentation, and security services, including secure north‑south and east‑west controls.
• Design and enforce segmentation strategies aligned to Purdue Model principles in manufacturing networks, balancing cybersecurity, availability, safety, and regulatory requirements.
• Apply security controls with awareness of industrial protocols such as Modbus/TCP, Ether Net/IP (CIP), PROFINET, OPC/OPC‑UA, DNP3, and BACnet, accounting for legacy systems and deterministic traffic flows.
• Own medium‑to‑high‑complexity firewall and NAC initiatives from design through operational handover, including structured documentation and runbooks.
• Design and implement Network Security Policy Management (NSPM) solutions to support rule lifecycle governance, risk analysis, attestation, and compliance validation.
• Drive policy lifecycle management across firewalls and NAC, including rule review, optimization, consolidation, and risk reduction.
• Conduct and influence network security design reviews in collaboration with Info Sec, Tech Ops, and site IT/OT stakeholders.
• Ensure all solutions are secure‑by‑design and compliant with IT Security, Privacy, Quality, and regulatory standards (including GxP where applicable).
• Continuously assess and improve the overall network security posture through threat‑informed adjustments and evaluate the capability of emerging capabilities.
• Provide senior‑level technical leadership, mentorship, and cross‑functional security consultancy.

• 5+ years of network security engineering experience, including hands‑on design and administration of Palo Alto Networks next‑generation firewalls.
• Experience with Palo Alto Panorama, logging infrastructure, Global Protect VPN, licensing, and related cloud‑delivered security services.
• Proven experience designing and implementing segmentation strategies in enterprise and manufacturing/OT‑heavy environments.
• Experience in engineering or administering a Network Access Control platform (e.g., Forescout Counter
  
  ACT), including visibility, classification, and enforcement workflows.
• Experience designing and implementing an NSPM solution for firewall rule governance, compliance validation, and lifecycle management.
• Understanding of industrial control system (ICS) environments and common OT protocols (Modbus, Ether Net/IP, PROFINET, OPC/UA, DNP3, BACnet).
• Experience maturing network security controls, procedures, and policy governance processes.
• Working knowledge of routing and switching fundamentals to support firewall integration (e.g., OSPF, Cisco switching).
• Understanding of Zero Trust principles, micro‑segmentation, application identity, and distributed enforcement models.
• Demonstrated ability to analyze large firewall rule sets and identify optimization, consolidation, and risk reduction opportunities.
• Strong written and verbal communication skills with experience producing high‑ and low‑level designs, diagrams, and operational documentation.

• Experience deploying and integrating Palo Alto VM‑Series…