×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer Network Security

Senior​/Principal SWE - OT Security Engineering

Job in New York, New York County, New York, 10261, USA
Listing for: AppGate Cybersecurity, Inc.
Full Time position
Listed on 2026-05-15
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer, Network Security
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below
Position: Senior/Staff/Principal SWE - OT Security Engineering
Location: New York

About App Gate

App Gate secures and protects an organization's most valuable assets with its high performance Zero Trust Network Access (ZTNA) solution. App Gate is the only direct‑routed ZTNA solution built for peak performance, superior protection and seamless interoperability. App Gate safeguards Fortune 500 enterprises worldwide. Learn more at

About the Role

We’re looking for an OT Security Engineer (Senior / Staff / Principal) who will design, build, and evolve the secure remote access capabilities at the heart of App Gate’s OT platform.

You’ll work directly with the CTO and OT Technical Product Manager to take secure remote access for OT from concept to production deployment in real industrial environments – electric utilities navigating NERC CIP requirements, manufacturers managing third‑party vendor access, and defense programs requiring CMMC‑compliant remote access controls.

We are open to candidates at the Senior level (hands‑on engineer with deep OT remote‑access experience) and Staff / Principal level (hands‑on technical leader who can own architecture and mentor as the team scales to 5–7 engineers).

Key Responsibilities

Your engineering work will directly enable next‑generation OT capabilities, including:

  • Secure Remote Access Platform: Identity‑bound, MFA‑protected access anchored at the OT DMZ / Purdue Level 3, with session brokering, just‑in‑time privilege, and policy enforcement designed for industrial environments.
  • Protocol‑Aware Policy Authoring: A Protocol Registry that maps OT protocol names (Modbus TCP, DNP3, IEC 61850, OPC‑UA, Ether Net/IP) to port and transport defaults, making policy authoring OT‑aware without changing the underlying enforcement model.
  • Evidence and Audit Baseline: Structured access logs capturing user identity, target, session start/end, and outcome – forwardable to Splunk, Kinesis, Datadog, etc. supporting NERC CIP, IEC 62443, NIST SP 800‑82, and CMMC audit requirements.
  • Session Governance: Enforced session recording, keystroke logging, step‑up authentication, and dual‑authorization approval workflows for regulated and defense environments.
  • Asset Context Ingestion (Phase 2+): API‑based integration with OT visibility platforms (Dragos, Nozomi, Claroty) normalized into policy‑ready attributes, without blocking access in the critical path.
  • Design and implement backend services across App Gate’s distributed architecture – Controller, Gateway, and Connector components – with a focus on OT‑safe deployment patterns.
  • Build and maintain REST and gRPC APIs supporting policy evaluation, access control, protocol registry management, and OT‑specific system integrations.
  • Apply Zero Trust principles to remote access for industrial assets, accounting for the safety, uptime, and determinism constraints of OT environments.
  • Integrate with industrial protocols and OT asset types – PLCs, RTUs, HMIs, historians – running Modbus, DNP3, OPC‑UA, Profinet, and Ether Net/IP.
  • Own features end‑to‑end
    , from architecture through production deployment in real customer environments.
  • (Staff / Principal) Define technical direction, lead architecture reviews, and support hiring as the OT engineering function scales.
Required Qualifications
  • Experience: Hands‑on background building or operating secure remote access systems – VPN, ZTNA, jump servers, privileged access, session brokers, or equivalent.
  • OT Domain Knowledge: Direct experience in or with OT / ICS environments – manufacturing, energy, utilities, oil and gas, water, transportation, or defense.
  • Technical Fundamentals:
  • Strong systems programming in Go, Rust, or a comparable language.
  • Solid networking (TCP/IP, TLS, firewalls) and identity (SAML, OIDC, PKI) fundamentals.
  • Familiarity with the Purdue Model and IT/OT DMZ design patterns.
  • Working knowledge of OT protocols:
    Modbus, DNP3, OPC‑UA, Ether Net/IP.
  • Mindset: High ownership, end‑to‑end accountability, comfortable in a small team where you solve problems before they become fires.
Preferred Qualifications
  • Experience with OT/SRA/PAM platforms:
    Claroty, Dragos, Nozomi, Xona, Cyolo, Dispel, SSH PrivX OT, Cyber Ark, or Beyond Trust.
  • Exposure to IEC 62443, NIST SP 800‑82, NERC CIP‑005/007, or CMMC.
  • Background…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search