ICS Network Architect

Job DescriptionJob Description

Design and Architecture:

Design and Implementation: Develop and implement network architectures for ICS environments, including local area networks (LANs), wide area networks (WANs), and industrial Ethernet networks.

Security Management: Implement robust security measures, including firewalls, VPNs, and intrusion detection systems, to protect ICS networks from cyber threats.

Network Monitoring: Monitor network performance and conduct regular assessments to identify and resolve potential issues.

Documentation: Maintain detailed documentation of network configurations, designs, and security protocols.

Collaboration: Work closely with IT and OT (Operational Technology) teams to ensure seamless integration and operation network systems.

Vendor Coordination: Coordinate with vendors to procure necessary networking equipment and software.

Upgrades and Maintenance: Plan and execute network upgrades and maintenance activities to ensure optimal performance and security.

Compliance: Ensure network designs and operations comply with industry standards and regulatory requirements.

Experience

1. Minimum of 5 years of experience in network architecture, with a focus on industrial control systems.

2. Knowledge of network protocols, including TCP/IP, DNS, DHCP, and routing protocols (e.g., OSPF, BGP).

3. Experience in designing and implementing network security solutions in critical infrastructure, especially in the electrical or energy sectors.

4. Strong understanding of industrial control system protocols (e.g., Modbus, DNP3, IEC 61850) and network segmentation strategies.

5. ICS/Substation experience. Be able to understand the terminology and experience in working at a control house at a substation for example.

Certification

1. Relevant certifications such as CISSP, CCNA, or CCNP are .

Technical Skills:

1. Understanding of compliance standards (e.g., PCI DSS, NERC CIP, ISO 27001). Familiarity with industry standards such as IEC 62443, NIST SP 800-82, and ISO/IEC 27001.

2. Knowledge of network segmentation, DMZ architecture, and zero-trust security models.

o Ability to analyze and troubleshoot complex security issues in ICS and OT environments.

Personal Attributes

Strong problem-solving skills and ability to work in a fast-paced, collaborative environment.

Excellent communication skills, both written and verbal, to effectively interact with technical teams and stakeholders.

Ability to manage multiple projects simultaneously and prioritize effectively.

Top Priorities

1. Document and refine network topologies, identifying communication paths between Data Center and Substations, Intelligent Electronic Devices (IEDs), protective relays, Remote Terminal Units (RTUs), and SCADA masters. Suggest improvements or upgrades for reliable and redundant communication.

2. Setting up IP addressing, VLANs, firewall rules, and secure remote-access solutions that align with corporate and regulatory cybersecurity requirements. Verify communications on protocols such as DNP3, Modbus, Goose or IEC 61850.

3. Responsibility includes managing the transition from serial to IP by installing, configuring, and testing serial-to-IP converters for legacy substation equipment-minimizing downtime and ensuring reliable communications.

4. Troubleshoot communication errors in real-time, and work closely with SCADA engineers to validate data flow from field devices up to the central monitoring/control systems.

5. Possesses knowledge of Compliance (prefer NERC CIP Standards), including the creation and maintenance of supporting documentation and the implementation of best practices for network segmentation, access control, and patch management, while collaborating with security teams to ensure full compliance with regulatory requirements.

6. Develop and maintain up-to-date network diagrams, device configuration records, and standard operating procedures. Provide input on engineering workflows to streamline substation upgrade or expansion projects.

WORKING CONDITIONS

This position is onsite with 4 days in the office and 1 days remote. May need to travel to different sites within the Tampa Electric Territory.

PHYSICAL DEMANDS/ REQUIREMENTS

Ability to lift 50-75 pounds

Ability to stand for long periods of time

Ability to work in a fast-paced environment

Occasional travel to remote sites may be required